CVE List - 2023 / July
Showing 1 - 100 of 2295 CVEs for July 2023 (Page 1 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2020-36736 | 2023-07-01 | The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or... |
| CVE-2021-4384 | 2023-07-01 | The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect... |
| CVE-2020-36737 | 2023-07-01 | The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce... |
| CVE-2020-36738 | 2023-07-01 | The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect... |
| CVE-2020-36739 | 2023-07-01 | The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due... |
| CVE-2021-4385 | 2023-07-01 | The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation... |
| CVE-2021-4386 | 2023-07-01 | The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on... |
| CVE-2021-4387 | 2023-07-01 | The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4393 | 2023-07-01 | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. This is due to missing or incorrect... |
| CVE-2020-36740 | 2023-07-01 | The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation... |
| CVE-2021-4389 | 2023-07-01 | The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4390 | 2023-07-01 | The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. This is due to missing or incorrect nonce validation... |
| CVE-2020-36741 | 2023-07-01 | The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment()... |
| CVE-2021-4391 | 2023-07-01 | The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce... |
| CVE-2021-4392 | 2023-07-01 | The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect... |
| CVE-2020-36742 | 2023-07-01 | The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on... |
| CVE-2020-36743 | 2023-07-01 | The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on... |
| CVE-2021-4394 | 2023-07-01 | The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields()... |
| CVE-2020-36744 | 2023-07-01 | The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions()... |
| CVE-2020-36745 | 2023-07-01 | The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on... |
| CVE-2021-4388 | 2023-07-01 | The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. This is due to missing capability checks on the opalestate_set_feature_property() and... |
| CVE-2023-26136 | 2023-07-01 | Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner... |
| CVE-2021-4395 | 2023-07-01 | The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. This is due to missing or incorrect nonce... |
| CVE-2020-36746 | 2023-07-01 | The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4396 | 2023-07-01 | The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the save_rc_post_meta()... |
| CVE-2021-4397 | 2023-07-01 | The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on... |
| CVE-2021-4398 | 2023-07-01 | The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4399 | 2023-07-01 | The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the user_data_synchronization_initiater(),... |
| CVE-2021-4400 | 2023-07-01 | The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4401 | 2023-07-01 | The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the... |
| CVE-2020-36747 | 2023-07-01 | The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on... |
| CVE-2021-4402 | 2023-07-01 | The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the... |
| CVE-2020-36748 | 2023-07-01 | The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export()... |
| CVE-2021-4403 | 2023-07-01 | The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4404 | 2023-07-01 | The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. This is due to missing or incorrect nonce validation... |
| CVE-2021-4405 | 2023-07-01 | The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epio_send_autosuggest_allowed()... |
| CVE-2020-36749 | 2023-07-01 | The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the... |
| CVE-2020-22151 | 2023-07-03 | Permissions vulnerability in Fuel-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted zip file to the assests parameter of the upload function. |
| CVE-2020-22152 | 2023-07-03 | Cross Site Scripting vulnerability in daylight studio FUEL- CMS v.1.4.6 allows a remote attacker to execute arbitrary code via the page title, meta description and meta keywords of the pages... |
| CVE-2020-22153 | 2023-07-03 | File Upload vulnerability in FUEL-CMS v.1.4.6 allows a remote attacker to execute arbitrary code via a crafted .php file to the upload parameter in the navigation function. |
| CVE-2020-22597 | 2023-07-03 | An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter. |
| CVE-2023-22906 | 2023-07-03 | Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. |
| CVE-2023-26258 | 2023-07-03 | Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session... |
| CVE-2023-26509 | 2023-07-03 | AnyDesk 7.0.8 allows remote Denial of Service. |
| CVE-2023-36162 | 2023-07-03 | Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php. |
| CVE-2023-36183 | 2023-07-03 | Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function. |
| CVE-2023-36222 | 2023-07-03 | Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the comment parameter in the article... |
| CVE-2023-36223 | 2023-07-03 | Cross Site Scripting vulnerability in mlogclub bbs-go v. 3.5.5. and before allows a remote attacker to execute arbitrary code via a crafted payload to the announcements parameter in the settings... |
| CVE-2023-36258 | 2023-07-03 | An issue in LangChain before 0.0.236 allows an attacker to execute arbitrary code because Python code with os.system, exec, or eval can be used. |
| CVE-2023-36291 | 2023-07-03 | Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file. |
| CVE-2023-36377 | 2023-07-03 | Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files. |
| CVE-2023-37378 | 2023-07-03 | Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. |
| CVE-2023-36053 | 2023-07-03 | In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very... |
| CVE-2023-3438 | 2023-07-03 | An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to insert arbitrary code... |
| CVE-2023-3313 | 2023-07-03 | An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for the purpose... |
| CVE-2023-3314 | 2023-07-03 | A vulnerability arises out of a failure to comprehensively sanitize the processing of a zip file(s). Incomplete neutralization of external commands used to control the process execution of the .zip... |
| CVE-2023-35797 | 2023-07-03 | Apache Airflow Hive Provider Beeline RCE with Principal |
| CVE-2023-36816 | 2023-07-03 | Cross-Site Scripting (XSS) at Account creation in 2FAuth |
| CVE-2023-34451 | 2023-07-03 | CometBFT may duplicate transactions in the mempool's data structures |
| CVE-2023-34450 | 2023-07-03 | CometBFT PeerState JSON serialization deadlock |
| CVE-2023-36814 | 2023-07-03 | zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module |
| CVE-2023-3497 | 2023-07-03 | Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access... |
| CVE-2023-36815 | 2023-07-03 | Sealos billing system permission control defect |
| CVE-2023-36817 | 2023-07-03 | The King's Temple Church website Leaked Stripe API Key in Public Code Repository |
| CVE-2023-36819 | 2023-07-03 | Knowage-Server vulnerable to Path traversal in download functionalities |
| CVE-2023-36608 | 2023-07-03 | The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. |
| CVE-2023-36609 | 2023-07-03 | The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration scripts. An attacker could set up a local OpenVPN server and push a malicious script... |
| CVE-2023-36610 | 2023-07-03 | The affected TBox RTUs generate software security tokens using insufficient entropy. The random seed used to generate the software tokens is not initialized correctly, and other parts of the token... |
| CVE-2023-36611 | 2023-07-03 | The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with “user” privileges to access files requiring higher privileges... |
| CVE-2023-3395 | 2023-07-03 | All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. An attacker with access to system files could open a file to load the document into... |
| CVE-2023-2727 | 2023-07-03 | Bypassing policies imposed by the ImagePolicyWebhook admission plugin |
| CVE-2023-2728 | 2023-07-03 | Bypassing enforce mountable secrets policy imposed by the ServiceAccount admission plugin |
| CVE-2023-30990 | 2023-07-03 | IBM i command execution |
| CVE-2023-25516 | 2023-07-03 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and... |
| CVE-2023-25517 | 2023-07-03 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which... |
| CVE-2023-25521 | 2023-07-03 | NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not performed. A... |
| CVE-2023-25522 | 2023-07-03 | NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. A successful exploit of this vulnerability... |
| CVE-2023-25523 | 2023-07-03 | NVIDIA CUDA toolkit for Linux and Windows contains a vulnerability in the nvdisasm binary file, where an attacker may cause a NULL pointer dereference by providing a user with a... |
| CVE-2023-20754 | 2023-07-04 | In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20755 | 2023-07-04 | In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20753 | 2023-07-04 | In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20756 | 2023-07-04 | In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction... |
| CVE-2023-20757 | 2023-07-04 | In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20758 | 2023-07-04 | In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is... |
| CVE-2023-20759 | 2023-07-04 | In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is... |
| CVE-2023-20760 | 2023-07-04 | In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20761 | 2023-07-04 | In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20766 | 2023-07-04 | In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20767 | 2023-07-04 | In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20768 | 2023-07-04 | In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is... |
| CVE-2023-20771 | 2023-07-04 | In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not... |
| CVE-2023-20772 | 2023-07-04 | In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2023-20773 | 2023-07-04 | In vow, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2023-20774 | 2023-07-04 | In display, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20775 | 2023-07-04 | In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User... |
| CVE-2023-20689 | 2023-07-04 | In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2023-20690 | 2023-07-04 | In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2023-20691 | 2023-07-04 | In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2023-20692 | 2023-07-04 | In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |
| CVE-2023-20693 | 2023-07-04 | In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is... |