CVE List - 2023 / May
Showing 2201 - 2300 of 2420 CVEs for May 2023 (Page 23 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-30196 | 2023-05-30 | Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control... |
| CVE-2023-31184 | 2023-05-30 | ROZCOM client |
| CVE-2023-31185 | 2023-05-30 | ROZCOM server framework |
| CVE-2023-31186 | 2023-05-30 | Avaya IX Workforce Engagement - User Enumeration - CWE-204: Observable Response Discrepancy |
| CVE-2023-31187 | 2023-05-30 | Avaya IX Workforce Engagement - CWE-522: Insufficiently Protected Credentials |
| CVE-2023-32218 | 2023-05-30 | Avaya IX Workforce Engagement - CWE-601: URL Redirection to Untrusted Site ('Open Redirect') |
| CVE-2023-33245 | 2023-05-30 | Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow... |
| CVE-2023-33656 | 2023-05-30 | A memory leak vulnerability exists in NanoMQ 0.17.2. The vulnerability... |
| CVE-2023-33734 | 2023-05-30 | BlueCMS v1.6 was discovered to contain a SQL injection vulnerability... |
| CVE-2023-33740 | 2023-05-30 | Incorrect access control in luowice v3.5.18 allows attackers to access... |
| CVE-2023-33741 | 2023-05-30 | Macrovideo v380pro v1.4.97 shares the device id and password when... |
| CVE-2023-34151 | 2023-05-30 | A vulnerability was found in ImageMagick. This security flaw ouccers... |
| CVE-2023-34152 | 2023-05-30 | A vulnerability was found in ImageMagick. This security flaw cause... |
| CVE-2023-34153 | 2023-05-30 | A vulnerability was found in ImageMagick. This security flaw causes... |
| CVE-2023-34204 | 2023-05-30 | imapsync through 2.229 uses predictable paths under /tmp and /var/tmp... |
| CVE-2023-34205 | 2023-05-30 | In Moov signedxml through 1.0.0, parsing the raw XML (as... |
| CVE-2023-0779 | 2023-05-30 | net: shell: Improper input validation |
| CVE-2023-32691 | 2023-05-30 | ginuerzh/gost vulnerable to Timing Attack |
| CVE-2023-32692 | 2023-05-30 | Remote Code Execution Vulnerability in Validation Placeholders |
| CVE-2023-32698 | 2023-05-30 | nfpm vulnerable to Incorrect Default Permissions |
| CVE-2023-32685 | 2023-05-30 | Clipboard based cross-site scripting (blocked with default CSP) in Kanboard |
| CVE-2023-33175 | 2023-05-30 | ToUI allows user-specific variables to be shared between users |
| CVE-2023-33198 | 2023-05-30 | Incorrectly Specified Chat Message Destinations in tgstation-server and DreamMaker API |
| CVE-2023-33182 | 2023-05-30 | Nextcloud Contacts photos only sanitized if mime type is all lower case |
| CVE-2023-26130 | 2023-05-30 | Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to... |
| CVE-2023-33183 | 2023-05-30 | Error in calendar when booking an appointment reveals the full path of the website |
| CVE-2023-33193 | 2023-05-30 | Emby Server Proxy Header Spoofing Vulnerability |
| CVE-2023-2970 | 2023-05-30 | MindSpore json_helper.cc UpdateArray memory corruption |
| CVE-2023-33186 | 2023-05-30 | Cross-site scripting vulnerability in Zulip Server development branch via topic tooltip |
| CVE-2023-33189 | 2023-05-30 | Incorrect Authorization with specially crafted requests |
| CVE-2023-33191 | 2023-05-30 | kyverno seccomp control can be circumvented |
| CVE-2023-33955 | 2023-05-30 | Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited |
| CVE-2023-30601 | 2023-05-30 | Apache Cassandra: Privilege escalation when enabling FQL/Audit logs |
| CVE-2023-2256 | 2023-05-30 | Product Addons & Fields for WooCommerce < 32.0.7 - Reflected Cross-Site Scripting |
| CVE-2023-2470 | 2023-05-30 | Add to Feedly <= 1.2.11 - Admin+ Stored XSS |
| CVE-2023-0733 | 2023-05-30 | Newsletter Popup <= 1.2 - Unauthenticated Stored XSS |
| CVE-2023-1524 | 2023-05-30 | Download Manager < 3.2.71 - Broken Access Controls |
| CVE-2023-2518 | 2023-05-30 | Easy Forms for Mailchimp < 6.8.9 - Reflected XSS |
| CVE-2023-2113 | 2023-05-30 | Autoptimize < 3.1.7 - Admin+ Stored Cross-Site Scripting via Settings Import |
| CVE-2023-0329 | 2023-05-30 | Elementor Website Builder < 3.12.2 - Admin+ SQLi |
| CVE-2023-1938 | 2023-05-30 | WP Fatest Cache < 1.1.5 - Blind SSRF via CSRF |
| CVE-2023-2288 | 2023-05-30 | Otter - Gutenberg Blocks < 2.2.6 - Author+ PHAR Deserialization |
| CVE-2022-4676 | 2023-05-30 | OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-2287 | 2023-05-30 | Orbit Fox < 2.10.24 - Author+ Server-Side Request Forgery |
| CVE-2023-2117 | 2023-05-30 | Image Optimizer by 10web < 1.0.27 - Admin+ Path Traversal |
| CVE-2023-0443 | 2023-05-30 | AnyWhere Elementor < 1.2.8 - Freemius API Key Disclosure |
| CVE-2023-0766 | 2023-05-30 | Newsletter Popup <= 1.2 - Record Deletion via CSRF |
| CVE-2023-2223 | 2023-05-30 | Login Rebuilder < 2.8.1 - Admin+ Stored XSS |
| CVE-2023-2023 | 2023-05-30 | Custom 404 Pro < 3.7.3 - Reflected Cross-Site Scripting |
| CVE-2023-2296 | 2023-05-30 | Loginizer 1.7.8 - Reflected XSS |
| CVE-2023-2111 | 2023-05-30 | HollerBox < 2.1.4 - Admin+ SQL Injection |
| CVE-2022-45853 | 2023-05-30 | The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version... |
| CVE-2023-2973 | 2023-05-30 | SourceCodester Students Online Internship Timesheet Syste cross site scripting |
| CVE-2023-33234 | 2023-05-30 | Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration |
| CVE-2023-2650 | 2023-05-30 | Possible DoS translating ASN.1 object identifiers |
| CVE-2023-2978 | 2023-05-30 | Abstrium Pydio Cells Change Subscription authorization |
| CVE-2023-2979 | 2023-05-30 | Abstrium Pydio Cells User Creation access control |
| CVE-2023-2980 | 2023-05-30 | Abstrium Pydio Cells User Creation resource injection |
| CVE-2023-2981 | 2023-05-30 | Abstrium Pydio Cells Chat cross site scripting |
| CVE-2023-20884 | 2023-05-30 | VMware Workspace ONE Access and VMware Identity Manager contain an... |
| CVE-2023-24568 | 2023-05-30 | Dell NetWorker, contains an Improper Validation of Certificate with Host... |
| CVE-2023-28079 | 2023-05-30 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure... |
| CVE-2023-28080 | 2023-05-30 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL... |
| CVE-2023-32448 | 2023-05-30 | PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License... |
| CVE-2023-24817 | 2023-05-30 | RIOT-OS vulnerable to Out of Bounds write in routing with SRH |
| CVE-2023-24825 | 2023-05-30 | RIOT-OS vulnerable to NULL pointer dereference in gnrc_pktbuf_mark |
| CVE-2023-24826 | 2023-05-30 | Usage of Uninitialized Timer during forwarding of Fragments with SFR |
| CVE-2023-23755 | 2023-05-30 | [20230502] - Core - Bruteforce prevention within the mfa screen |
| CVE-2023-23754 | 2023-05-30 | [20230501] - Core - Open Redirect and XSS within the mfa select |
| CVE-2022-4240 | 2023-05-30 | Unauthenticated API allowing an attacker to obtain the information about network resources |
| CVE-2023-33973 | 2023-05-30 | RIOT-OS vulnerable to NULL pointer dereference during NHC encoding |
| CVE-2022-43485 | 2023-05-30 | Insecure random number used for generating keys for signing Jwt tokens |
| CVE-2022-46361 | 2023-05-30 | Physical access to the WDM enables use of USB device to gain access to the WDM |
| CVE-2023-33974 | 2023-05-30 | RIOT-OS vulnerable to Race Condition in SFR Timeout |
| CVE-2023-33975 | 2023-05-30 | RIOT-OS vulnerable to Out of Bounds Write in _rbuf_add |
| CVE-2023-32684 | 2023-05-30 | In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file |
| CVE-2023-32689 | 2023-05-30 | Parse Server vulnerable to phishing attack vulnerability that involves uploading malicious HTML file |
| CVE-2023-2968 | 2023-05-30 | Undefined variable usage in npm package "proxy" leads to remote denial of service |
| CVE-2023-32696 | 2023-05-30 | Excessive permissions for ckan user |
| CVE-2023-1711 | 2023-05-30 | A vulnerability exists in a FOXMAN-UN and UNEM logging component,... |
| CVE-2023-32699 | 2023-05-30 | MeterSphere denial of service vulnerability |
| CVE-2023-33177 | 2023-05-30 | Xibo CMS vulnerable to Remote Code Execution through Zip Slip |
| CVE-2023-33178 | 2023-05-30 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS dataset filter |
| CVE-2023-33179 | 2023-05-30 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS nameFilter |
| CVE-2023-33180 | 2023-05-30 | Sensitive Information Disclosure abusing SQL Injection in Xibo CMS display map |
| CVE-2023-33181 | 2023-05-30 | Sensitive Information Disclosure abusing Stack Trace in Xibo CMS |
| CVE-2023-32342 | 2023-05-30 | IBM GSKit information disclosure |
| CVE-2023-2929 | 2023-05-30 | Out of bounds write in Swiftshader in Google Chrome prior... |
| CVE-2023-2930 | 2023-05-30 | Use after free in Extensions in Google Chrome prior to... |
| CVE-2023-2931 | 2023-05-30 | Use after free in PDF in Google Chrome prior to... |
| CVE-2023-2932 | 2023-05-30 | Use after free in PDF in Google Chrome prior to... |
| CVE-2023-2933 | 2023-05-30 | Use after free in PDF in Google Chrome prior to... |
| CVE-2023-2934 | 2023-05-30 | Out of bounds memory access in Mojo in Google Chrome... |
| CVE-2023-2935 | 2023-05-30 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90... |
| CVE-2023-2936 | 2023-05-30 | Type Confusion in V8 in Google Chrome prior to 114.0.5735.90... |
| CVE-2023-2937 | 2023-05-30 | Inappropriate implementation in Picture In Picture in Google Chrome prior... |
| CVE-2023-2938 | 2023-05-30 | Inappropriate implementation in Picture In Picture in Google Chrome prior... |
| CVE-2023-2939 | 2023-05-30 | Insufficient data validation in Installer in Google Chrome on Windows... |
| CVE-2023-2940 | 2023-05-30 | Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90... |
| CVE-2023-2941 | 2023-05-30 | Inappropriate implementation in Extensions API in Google Chrome prior to... |