CVE List - 2023 / May
Showing 2301 - 2400 of 2420 CVEs for May 2023 (Page 24 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-33962 | 2023-05-30 | JStachio XSS vulnerability: Unescaped single quotes |
| CVE-2023-2612 | 2023-05-30 | shiftfs lock unbalance in Ubuntu-specific kernels |
| CVE-2012-10015 | 2023-05-30 | BestWebSoft Twitter Plugin Settings Page twitter.php twttr_settings_page cross-site request forgery |
| CVE-2021-31233 | 2023-05-31 | SQL Injection vulnerability found in Fighting Cock Information System v.1.0 allows a remote attacker to obtain sensitive information via the edit_breed.php parameter. |
| CVE-2021-45039 | 2023-05-31 | Multiple models of the Uniview IP Camera (e.g., IPC_G6103 B6103.16.10.B25.201218, IPC_G61, IPC21, IPC23, IPC32, IPC36, IPC62, and IPC_HCMN) offer an undocumented UDP service on port 7788 that allows a remote... |
| CVE-2022-48502 | 2023-05-31 | An issue was discovered in the Linux kernel before 6.2. The ntfs3 subsystem does not properly check for correctness during disk reads, leading to an out-of-bounds read in ntfs_set_ea in... |
| CVE-2023-23562 | 2023-05-31 | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control that allows an authenticated user can update global parameters. |
| CVE-2023-26842 | 2023-05-31 | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. |
| CVE-2023-29747 | 2023-05-31 | Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to... |
| CVE-2023-2998 | 2023-05-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-2999 | 2023-05-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-3006 | 2023-05-31 | A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Spectre-BHB is similar to Spectre v2, except that malicious... |
| CVE-2023-3009 | 2023-05-31 | Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass |
| CVE-2023-3012 | 2023-05-31 | NULL Pointer Dereference in gpac/gpac |
| CVE-2023-3013 | 2023-05-31 | Unchecked Return Value in gpac/gpac |
| CVE-2023-30197 | 2023-05-31 | Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path traversal attack. |
| CVE-2023-3020 | 2023-05-31 | Cross-site Scripting (XSS) - Reflected in mkucej/i-librarian-free |
| CVE-2023-3021 | 2023-05-31 | Cross-site Scripting (XSS) - Stored in mkucej/i-librarian-free |
| CVE-2023-30285 | 2023-05-31 | An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser. |
| CVE-2023-31548 | 2023-05-31 | A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| CVE-2023-32217 | 2023-05-31 | SailPoint IdentityIQ Unsafe use of Reflection Vulnerability |
| CVE-2023-33287 | 2023-05-31 | A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload injected into... |
| CVE-2023-33485 | 2023-05-31 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. |
| CVE-2023-33486 | 2023-05-31 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter. |
| CVE-2023-33487 | 2023-05-31 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands through the "ip" parameter. |
| CVE-2023-33507 | 2023-05-31 | KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read. |
| CVE-2023-33508 | 2023-05-31 | KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). |
| CVE-2023-33509 | 2023-05-31 | KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection. |
| CVE-2023-33627 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. |
| CVE-2023-33628 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. |
| CVE-2023-33629 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. |
| CVE-2023-33630 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EditvsList interface at /goform/aspForm. |
| CVE-2023-33631 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm. |
| CVE-2023-33632 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. |
| CVE-2023-33633 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. |
| CVE-2023-33634 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. |
| CVE-2023-33635 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. |
| CVE-2023-33636 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. |
| CVE-2023-33637 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. |
| CVE-2023-33638 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. |
| CVE-2023-33639 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. |
| CVE-2023-33640 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. |
| CVE-2023-33641 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. |
| CVE-2023-33642 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. |
| CVE-2023-33643 | 2023-05-31 | H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. |
| CVE-2023-33718 | 2023-05-31 | mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp |
| CVE-2023-33722 | 2023-05-31 | EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter. |
| CVE-2023-33730 | 2023-05-31 | Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user in plain text format. |
| CVE-2023-33732 | 2023-05-31 | Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType,... |
| CVE-2023-33735 | 2023-05-31 | D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. |
| CVE-2023-33736 | 2023-05-31 | A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter. |
| CVE-2023-34257 | 2023-05-31 | An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified (and, by default, authentication is not required). Some configuration fields related to SNMP (e.g.,... |
| CVE-2023-34258 | 2023-05-31 | An issue was discovered in BMC Patrol before 22.1.00. The agent's configuration can be remotely queried. This configuration contains the Patrol account password, encrypted with a default AES key. This... |
| CVE-2023-34256 | 2023-05-31 | An issue was discovered in the Linux kernel before 6.3.3. There is an out-of-bounds read in crc16 in lib/crc16.c when called from fs/ext4/super.c because ext4_group_desc_csum does not properly check an... |
| CVE-2023-2549 | 2023-05-31 | The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation... |
| CVE-2023-2436 | 2023-05-31 | The Blog-in-Blog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blog_in_blog' shortcode in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping... |
| CVE-2023-2547 | 2023-05-31 | The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up... |
| CVE-2023-2987 | 2023-05-31 | The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0.... |
| CVE-2023-2545 | 2023-05-31 | The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up... |
| CVE-2023-2435 | 2023-05-31 | The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.1 via a shortcode attribute. This allows editor-level, and above, attackers to include... |
| CVE-2014-125103 | 2023-05-31 | BestWebSoft Twitter Plugin twitter.php twttr_settings_page cross site scripting |
| CVE-2015-10107 | 2023-05-31 | Simplr Registration Form Plus+ Plugin cross site scripting |
| CVE-2023-1661 | 2023-05-31 | The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 0.4.1... |
| CVE-2023-2434 | 2023-05-31 | The Nested Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'reset' function in versions up to, and including, 3.2.3.... |
| CVE-2023-2836 | 2023-05-31 | The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output... |
| CVE-2023-2304 | 2023-05-31 | The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping... |
| CVE-2023-25539 | 2023-05-31 | Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands... |
| CVE-2023-26131 | 2023-05-31 | All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the themes.NoPage(filename, theme) function due to improper user input sanitization. Exploiting... |
| CVE-2023-3003 | 2023-05-31 | SourceCodester Train Station Ticketing System GET Parameter manage_prices.php sql injection |
| CVE-2023-2749 | 2023-05-31 | A Gain Information vulnerability was found on Download Center. |
| CVE-2023-3004 | 2023-05-31 | SourceCodester Simple Chat System POST Parameter sql injection |
| CVE-2023-3005 | 2023-05-31 | SourceCodester Local Service Search Engine Management System POST Parameter cross site scripting |
| CVE-2023-2909 | 2023-05-31 | A Directory traversal vulnerability was found on EZ Sync service of ADM |
| CVE-2023-3007 | 2023-05-31 | ningzichun Student Management System Password Reset resetPassword.php password recovery |
| CVE-2023-3008 | 2023-05-31 | ningzichun Student Management System login.php sql injection |
| CVE-2023-34218 | 2023-05-31 | In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible |
| CVE-2023-34219 | 2023-05-31 | In JetBrains TeamCity before 2023.05 improper permission checks allowed users without appropriate permissions to edit Build Configuration settings via REST API |
| CVE-2023-34220 | 2023-05-31 | In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible |
| CVE-2023-34221 | 2023-05-31 | In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible |
| CVE-2023-34222 | 2023-05-31 | In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible |
| CVE-2023-34223 | 2023-05-31 | In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases |
| CVE-2023-34224 | 2023-05-31 | In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible |
| CVE-2023-34225 | 2023-05-31 | In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible |
| CVE-2023-34226 | 2023-05-31 | In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible |
| CVE-2023-34227 | 2023-05-31 | In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks |
| CVE-2023-34228 | 2023-05-31 | In JetBrains TeamCity before 2023.05 authentication checks were missing – 2FA was not checked for some sensitive account actions |
| CVE-2023-34229 | 2023-05-31 | In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible |
| CVE-2023-3014 | 2023-05-31 | BeipyVideoResolution admincore.php cross site scripting |
| CVE-2023-3015 | 2023-05-31 | yiwent Vip Video Analysis title.php server-side request forgery |
| CVE-2023-3016 | 2023-05-31 | yiwent Vip Video Analysis admincore.php cross site scripting |
| CVE-2023-2758 | 2023-05-31 | Contec CONPROSYS HMI System (CHS) v3.5.2 Denial of Service |
| CVE-2023-3017 | 2023-05-31 | SourceCodester Lost and Found Information System Manage User Page cross site scripting |
| CVE-2023-3018 | 2023-05-31 | SourceCodester Lost and Found Information System access control |
| CVE-2023-33964 | 2023-05-31 | mx-chain-go does not treat invalid transaction with wrong username correctly |
| CVE-2023-33966 | 2023-05-31 | Deno missing "--allow-net" permission check for built-in Node modules |
| CVE-2023-33967 | 2023-05-31 | EaseProbe vulnerable to SQL injection when using MySQL/PostgreSQL data checking |
| CVE-2023-33971 | 2023-05-31 | Formcreator vulnerable to stored XSS from ##FULLFORM## |
| CVE-2023-33979 | 2023-05-31 | gpt_academic's Configuration File vulnerable to File Information Disclosure |
| CVE-2022-35743 | 2023-05-31 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability |
| CVE-2022-35744 | 2023-05-31 | Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability |