CVE List - 2023 / July
Showing 1401 - 1500 of 2295 CVEs for July 2023 (Page 15 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-3245 | 2023-07-17 | Floating Chat Widget < 3.1.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-3182 | 2023-07-17 | Membership Plugin - Restrict Content < 3.2.3 - Reflected XSS |
| CVE-2023-2330 | 2023-07-17 | Caldera Forms Google Sheets Connector < 1.3 - Access Code Update via CSRF |
| CVE-2023-0439 | 2023-07-17 | NEX-Forms < 8.4.4 - Authenticated Stored XSS |
| CVE-2023-2701 | 2023-07-17 | Gravity Forms < 2.7.5 - Reflected XSS |
| CVE-2023-2960 | 2023-07-17 | XSS in Oliva Expertise |
| CVE-2023-35089 | 2023-07-17 | WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2963 | 2023-07-17 | SQLi in Oliva Expertise |
| CVE-2023-35096 | 2023-07-17 | WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-35880 | 2023-07-17 | WordPress WooCommerce Brands Plugin <= 1.6.49 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31216 | 2023-07-17 | WordPress Ultimate Member Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2958 | 2023-07-17 | IDOR in ATS Pro |
| CVE-2023-36511 | 2023-07-17 | WordPress WooCommerce Order Barcodes Plugin <= 1.6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36513 | 2023-07-17 | WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36514 | 2023-07-17 | WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47172 | 2023-07-17 | WordPress WooLentor Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34005 | 2023-07-17 | WordPress Front End Users Plugin <= 3.2.24 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37968 | 2023-07-17 | WordPress Falang multilanguage Plugin <= 1.3.39 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37974 | 2023-07-17 | WordPress WP-FB-AutoConnect Plugin <= 4.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37985 | 2023-07-17 | WordPress Five Star Restaurant Menu Plugin <= 2.4.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-36424 | 2023-07-17 | WordPress Easy Appointments Plugin <= 3.11.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3577 | 2023-07-17 | Limited blind SSRF to localhost/intranet in interactive dialog implementation |
| CVE-2023-3581 | 2023-07-17 | WebSockets accept connections from HTTPS origin |
| CVE-2022-38062 | 2023-07-17 | WordPress Download Theme Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3582 | 2023-07-17 | Lack of channel membership check when linking a board to a channel |
| CVE-2023-3584 | 2023-07-17 | Member can create team with team override scheme |
| CVE-2023-3585 | 2023-07-17 | channel DoS by sharing a boards link |
| CVE-2023-3586 | 2023-07-17 | Disabling publicly-shared boards does not disable existing publicly available board links |
| CVE-2023-3587 | 2023-07-17 | Inconsistent state in UI after boards permission change by system admin |
| CVE-2023-3590 | 2023-07-17 | Deleted attachments in Boards remain accessible |
| CVE-2023-3591 | 2023-07-17 | Lack of previous password reset tokens on new token creation |
| CVE-2023-3613 | 2023-07-17 | Guest accounts invited and added to channels by Welcomebot plugin |
| CVE-2023-3614 | 2023-07-17 | Denial of Service via specially crafted gif image |
| CVE-2023-3615 | 2023-07-17 | Lack of server certificate validation in websockets connection |
| CVE-2023-3593 | 2023-07-17 | Server crash via a specially crafted markdown input |
| CVE-2023-37475 | 2023-07-17 | Attacker-controlled parameter can cause denial of service in hamba avro |
| CVE-2023-28767 | 2023-07-17 | The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W) series... |
| CVE-2023-33011 | 2023-07-17 | A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series... |
| CVE-2023-33012 | 2023-07-17 | A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2,... |
| CVE-2023-34138 | 2023-07-17 | A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch... |
| CVE-2023-34139 | 2023-07-17 | A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20... |
| CVE-2023-34140 | 2023-07-17 | A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series... |
| CVE-2023-34141 | 2023-07-17 | A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through... |
| CVE-2023-37461 | 2023-07-17 | Path traversal in metersphere |
| CVE-2023-37266 | 2023-07-17 | Weak json web token (JWT) secrets in CasaOS |
| CVE-2023-37265 | 2023-07-17 | Incorrect identification of source IP addresses in CasaOS |
| CVE-2023-37476 | 2023-07-17 | Zip slip in OpenRefine |
| CVE-2023-3724 | 2023-07-17 | TLS 1.3 client issue handling malicious server when not including a KSE and PSK extension |
| CVE-2023-37479 | 2023-07-17 | Improper sanitization of MXCSR and RFLAGS in OpenEnclave |
| CVE-2020-22159 | 2023-07-18 | EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system... |
| CVE-2020-23909 | 2023-07-18 | Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1. |
| CVE-2020-23910 | 2023-07-18 | Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c. |
| CVE-2020-23911 | 2023-07-18 | An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service. |
| CVE-2021-32256 | 2023-07-18 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c. |
| CVE-2021-33294 | 2023-07-18 | In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file. |
| CVE-2021-34119 | 2023-07-18 | A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file. |
| CVE-2021-34121 | 2023-07-18 | An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used... |
| CVE-2021-34123 | 2023-07-18 | An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file. |
| CVE-2021-37522 | 2023-07-18 | SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js. |
| CVE-2022-26563 | 2023-07-18 | An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization. |
| CVE-2022-33064 | 2023-07-18 | An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or... |
| CVE-2022-33065 | 2023-07-18 | Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified... |
| CVE-2022-41409 | 2023-07-18 | Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input. |
| CVE-2022-47085 | 2023-07-18 | An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs. |
| CVE-2023-30153 | 2023-07-18 | An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the... |
| CVE-2023-30383 | 2023-07-18 | TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS)... |
| CVE-2023-31441 | 2023-07-18 | In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to... |
| CVE-2023-33265 | 2023-07-18 | In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions... |
| CVE-2023-36669 | 2023-07-18 | Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3... |
| CVE-2023-36670 | 2023-07-18 | A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device. |
| CVE-2023-37139 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray(). |
| CVE-2023-37140 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). |
| CVE-2023-37141 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). |
| CVE-2023-37142 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). |
| CVE-2023-37143 | 2023-07-18 | ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). |
| CVE-2023-37758 | 2023-07-18 | D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi. |
| CVE-2023-37788 | 2023-07-18 | goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. |
| CVE-2023-38434 | 2023-07-18 | xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method. |
| CVE-2021-43072 | 2023-07-18 | A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below,... |
| CVE-2023-31998 | 2023-07-18 | A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices. |
| CVE-2020-36695 | 2023-07-18 | File and Directory Permission Vulnerability in Hitachi Command Suite |
| CVE-2022-4146 | 2023-07-18 | EL Injection Vulnerability in Hitachi Replication Manager |
| CVE-2023-3708 | 2023-07-18 | Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for... |
| CVE-2023-3709 | 2023-07-18 | The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to... |
| CVE-2023-34142 | 2023-07-18 | Cleartext Transmission Vulnerability in Hitachi Device Manager |
| CVE-2023-34143 | 2023-07-18 | Improper Validation of Certificate Vulnerability in Hitachi Device Manager |
| CVE-2023-3459 | 2023-07-18 | The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an... |
| CVE-2023-3713 | 2023-07-18 | The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This... |
| CVE-2023-3714 | 2023-07-18 | The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This... |
| CVE-2023-3403 | 2023-07-18 | The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This... |
| CVE-2015-10122 | 2023-07-18 | wp-donate Plugin donate-display.php sql injection |
| CVE-2023-2433 | 2023-07-18 | The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This... |
| CVE-2023-25482 | 2023-07-18 | WordPress WP Tiles Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25473 | 2023-07-18 | WordPress Flickr Justified Gallery Plugin <= 3.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-46857 | 2023-07-18 | WordPress SiteAlert (Formerly WP Health) Plugin <= 1.9.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45828 | 2023-07-18 | WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3743 | 2023-07-18 | SQL injection vulnerability in LeoTheme's Ap Page Builder |
| CVE-2023-25475 | 2023-07-18 | WordPress Smart YouTube PRO Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-37386 | 2023-07-18 | WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-47169 | 2023-07-18 | WordPress Visibility Logic for Elementor Plugin <= 2.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |