CVE List - 2023 / July
Showing 1401 - 1500 of 2295 CVEs for July 2023 (Page 15 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-3179 | 2023-07-17 | POST SMTP Mailer < 2.5.7 - Account Takeover via CSRF |
| CVE-2023-3245 | 2023-07-17 | Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-3182 | 2023-07-17 | Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS |
| CVE-2023-2330 | 2023-07-17 | Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF |
| CVE-2023-0439 | 2023-07-17 | NEX-Forms < 8.4.4 - Authenticated Stored XSS |
| CVE-2023-2701 | 2023-07-17 | Gravity Forms < 2.7.5 - Reflected XSS |
| CVE-2023-2960 | 2023-07-17 | XSS in Oliva Expertise |
| CVE-2023-35089 | 2023-07-17 | WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2963 | 2023-07-17 | SQLi in Oliva Expertise |
| CVE-2023-35096 | 2023-07-17 | WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35880 | 2023-07-17 | WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31216 | 2023-07-17 | WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2958 | 2023-07-17 | IDOR in ATS Pro |
| CVE-2023-36511 | 2023-07-17 | WordPress WooCommerce Order Barcodes Plugin <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36513 | 2023-07-17 | WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36514 | 2023-07-17 | WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47172 | 2023-07-17 | WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34005 | 2023-07-17 | WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37968 | 2023-07-17 | WordPress Falang multilanguage Plugin <= 1.3.39 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37974 | 2023-07-17 | WordPress WP-FB-AutoConnect Plugin <= 4.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37985 | 2023-07-17 | WordPress Five Star Restaurant Menu Plugin <= 2.4.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-36424 | 2023-07-17 | WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3577 | 2023-07-17 | Limited blind SSRF to localhost/intranet in interactive dialog implementation |
| CVE-2023-3581 | 2023-07-17 | WebSockets accept connections from HTTPS origin |
| CVE-2022-38062 | 2023-07-17 | WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3582 | 2023-07-17 | Lack of channel membership check when linking a board to a channel |
| CVE-2023-3584 | 2023-07-17 | Member can create team with team override scheme |
| CVE-2023-3585 | 2023-07-17 | channel DoS by sharing a boards link |
| CVE-2023-3586 | 2023-07-17 | Disabling publicly-shared boards does not disable existing publicly available board links |
| CVE-2023-3587 | 2023-07-17 | Inconsistent state in UI after boards permission change by system admin |
| CVE-2023-3590 | 2023-07-17 | Deleted attachments in Boards remain accessible |
| CVE-2023-3591 | 2023-07-17 | Lack of previous password reset tokens on new token creation |
| CVE-2023-3613 | 2023-07-17 | Guest accounts invited and added to channels by Welcomebot plugin |
| CVE-2023-3614 | 2023-07-17 | Denial of Service via specially crafted gif image |
| CVE-2023-3615 | 2023-07-17 | Lack of server certificate validation in websockets connection |
| CVE-2023-3593 | 2023-07-17 | Server crash via a specially crafted markdown input |
| CVE-2023-37475 | 2023-07-17 | Attacker-controlled parameter can cause denial of service in hamba avro |
| CVE-2023-28767 | 2023-07-17 | The configuration parser fails to sanitize user-controlled input in the... |
| CVE-2023-33011 | 2023-07-17 | A format string vulnerability in the Zyxel ATP series firmware... |
| CVE-2023-33012 | 2023-07-17 | A command injection vulnerability in the configuration parser of the... |
| CVE-2023-34138 | 2023-07-17 | A command injection vulnerability in the hotspot management feature of... |
| CVE-2023-34139 | 2023-07-17 | A command injection vulnerability in the Free Time WiFi hotspot... |
| CVE-2023-34140 | 2023-07-17 | A buffer overflow vulnerability in the Zyxel ATP series firmware... |
| CVE-2023-34141 | 2023-07-17 | A command injection vulnerability in the access point (AP) management... |
| CVE-2023-37461 | 2023-07-17 | Path traversal in metersphere |
| CVE-2023-37266 | 2023-07-17 | Weak json web token (JWT) secrets in CasaOS |
| CVE-2023-37265 | 2023-07-17 | Incorrect identification of source IP addresses in CasaOS |
| CVE-2023-37476 | 2023-07-17 | Zip slip in OpenRefine |
| CVE-2023-3724 | 2023-07-17 | TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension |
| CVE-2023-37479 | 2023-07-17 | Improper sanitization of MXCSR and RFLAGS in OpenEnclave |
| CVE-2020-22159 | 2023-07-18 | EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG... |
| CVE-2020-23909 | 2023-07-18 | Heap-based buffer over-read in function png_convert_4 in file pngex.cc in... |
| CVE-2020-23910 | 2023-07-18 | Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function... |
| CVE-2020-23911 | 2023-07-18 | An issue was discovered in asn1c through v0.9.28. A NULL... |
| CVE-2021-32256 | 2023-07-18 | An issue was discovered in GNU libiberty, as distributed in... |
| CVE-2021-33294 | 2023-07-18 | In elfutils 0.183, an infinite loop was found in the... |
| CVE-2021-34119 | 2023-07-18 | A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph... |
| CVE-2021-34121 | 2023-07-18 | An Out of Bounds flaw was discovered in htmodoc 1.9.12... |
| CVE-2021-34123 | 2023-07-18 | An issue was discovered on atasm, version 1.09. A stack-buffer-overflow... |
| CVE-2021-37522 | 2023-07-18 | SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers... |
| CVE-2022-26563 | 2023-07-18 | An issue was discovered in Tildeslash Monit before 5.31.0, allows... |
| CVE-2022-33064 | 2023-07-18 | An off-by-one error in function wav_read_header in src/wav.c in Libsndfile... |
| CVE-2022-33065 | 2023-07-18 | Multiple signed integers overflow in function au_read_header in src/au.c and... |
| CVE-2022-41409 | 2023-07-18 | Integer overflow vulnerability in pcre2test before 10.41 allows attackers to... |
| CVE-2022-47085 | 2023-07-18 | An issue was discovered in ostree before 2022.7 allows attackers... |
| CVE-2023-30153 | 2023-07-18 | An SQL injection vulnerability in the Payplug (payplug) module for... |
| CVE-2023-30383 | 2023-07-18 | TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and... |
| CVE-2023-31441 | 2023-07-18 | In NATO Communications and Information Agency anet (aka Advisor Network)... |
| CVE-2023-33265 | 2023-07-18 | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through... |
| CVE-2023-36669 | 2023-07-18 | Missing Authentication for a Critical Function within the Kratos NGC... |
| CVE-2023-36670 | 2023-07-18 | A remotely exploitable command injection vulnerability was found on the... |
| CVE-2023-37139 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a stack... |
| CVE-2023-37140 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a segmentation... |
| CVE-2023-37141 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a segmentation... |
| CVE-2023-37142 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a segmentation... |
| CVE-2023-37143 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a segmentation... |
| CVE-2023-37758 | 2023-07-18 | D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow... |
| CVE-2023-37788 | 2023-07-18 | goproxy v1.1 was discovered to contain an issue which can... |
| CVE-2023-38434 | 2023-07-18 | xHTTP 72f812d has a double free in close_connection in xhttp.c... |
| CVE-2021-43072 | 2023-07-18 | A buffer copy without checking size of input ('classic buffer... |
| CVE-2023-31998 | 2023-07-18 | A heap overflow vulnerability found in EdgeRouters and Aircubes allows... |
| CVE-2020-36695 | 2023-07-18 | File and Directory Permission Vulnerability in Hitachi Command Suite |
| CVE-2022-4146 | 2023-07-18 | EL Injection Vulnerability in Hitachi Replication Manager |
| CVE-2023-3708 | 2023-07-18 | Several themes for WordPress by DeoThemes are vulnerable to Reflected... |
| CVE-2023-3709 | 2023-07-18 | The Royal Elementor Addons plugin for WordPress is vulnerable to... |
| CVE-2023-34142 | 2023-07-18 | Cleartext Transmission Vulnerability in Hitachi Device Manager |
| CVE-2023-34143 | 2023-07-18 | Improper Validation of Certificate Vulnerability in Hitachi Device Manager |
| CVE-2023-3459 | 2023-07-18 | The Export and Import Users and Customers plugin for WordPress... |
| CVE-2023-3713 | 2023-07-18 | The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification... |
| CVE-2023-3714 | 2023-07-18 | The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification... |
| CVE-2023-3403 | 2023-07-18 | The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification... |
| CVE-2015-10122 | 2023-07-18 | wp-donate Plugin donate-display.php sql injection |
| CVE-2023-2433 | 2023-07-18 | The YARPP plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2023-25482 | 2023-07-18 | WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25473 | 2023-07-18 | WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46857 | 2023-07-18 | WordPress SiteAlert (Formerly WP Health) Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45828 | 2023-07-18 | WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3743 | 2023-07-18 | SQL injection vulnerability in LeoTheme's Ap Page Builder |
| CVE-2023-25475 | 2023-07-18 | WordPress Smart YouTube PRO Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37386 | 2023-07-18 | WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |