CVE List - 2023 / July
Showing 1901 - 2000 of 2295 CVEs for July 2023 (Page 20 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-37361 | 2023-07-25 | REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. |
| CVE-2023-37677 | 2023-07-25 | Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. |
| CVE-2023-39128 | 2023-07-25 | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. |
| CVE-2023-39129 | 2023-07-25 | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. |
| CVE-2023-39130 | 2023-07-25 | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. |
| CVE-2023-38745 | 2023-07-25 | Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to... |
| CVE-2023-3873 | 2023-07-25 | Campcodes Beauty Salon Management System index.php sql injection |
| CVE-2023-3874 | 2023-07-25 | Campcodes Beauty Salon Management System admin-profile.php sql injection |
| CVE-2023-3875 | 2023-07-25 | Campcodes Beauty Salon Management System del_feedback.php sql injection |
| CVE-2023-23568 | 2023-07-25 | Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields. This issue affects Command Centre: vEL 8.90 prior to vEL8.90.1318 (MR1), vEL8.80... |
| CVE-2023-3876 | 2023-07-25 | Campcodes Beauty Salon Management System search-appointment.php sql injection |
| CVE-2023-3877 | 2023-07-25 | Campcodes Beauty Salon Management System add-services.php sql injection |
| CVE-2023-3878 | 2023-07-25 | Campcodes Beauty Salon Management System about-us.php sql injection |
| CVE-2023-3879 | 2023-07-25 | Campcodes Beauty Salon Management System del_category.php sql injection |
| CVE-2023-32639 | 2023-07-25 | Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. |
| CVE-2023-3880 | 2023-07-25 | Campcodes Beauty Salon Management System del_service.php sql injection |
| CVE-2023-3881 | 2023-07-25 | Campcodes Beauty Salon Management System forgot-password.php sql injection |
| CVE-2023-3882 | 2023-07-25 | Campcodes Beauty Salon Management System edit-accepted-appointment.php sql injection |
| CVE-2023-32637 | 2023-07-25 | GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Therefore, anyone who can upload files through the product may execute arbitrary... |
| CVE-2023-3883 | 2023-07-25 | Campcodes Beauty Salon Management System add-category.php cross site scripting |
| CVE-2023-3046 | 2023-07-25 | SQLi in Biltay Technlogys Scienta |
| CVE-2023-3884 | 2023-07-25 | Campcodes Beauty Salon Management System edit_product.php cross site scripting |
| CVE-2023-35067 | 2023-07-25 | Plaintext Storage of a Password in Infodrom Sofwares E-Invoice Approval System |
| CVE-2023-35078 | 2023-07-25 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. |
| CVE-2023-35066 | 2023-07-25 | SQLi in Infodrom Sofwares E-Invoice Approval System |
| CVE-2023-3885 | 2023-07-25 | Campcodes Beauty Salon Management System edit_category.php cross site scripting |
| CVE-2023-3886 | 2023-07-25 | Campcodes Beauty Salon Management System invoice.php cross site scripting |
| CVE-2023-34189 | 2023-07-25 | Apache InLong: General user can delete and update process |
| CVE-2023-34434 | 2023-07-25 | Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param |
| CVE-2023-35088 | 2023-07-25 | Apache InLong: SQL injection in audit endpoint |
| CVE-2023-3887 | 2023-07-25 | Campcodes Beauty Salon Management System search-appointment.php cross site scripting |
| CVE-2023-21405 | 2023-07-25 | Denial-of-Service vulnerability in Axis Network Door Controller's and Axis Network Intercom's OSDP communication |
| CVE-2023-21406 | 2023-07-25 | Heap-based buffer overflow in Axis A1001 Network Door Controller's OSDP communication |
| CVE-2023-3888 | 2023-07-25 | Campcodes Beauty Salon Management System admin-profile.php cross site scripting |
| CVE-2023-3890 | 2023-07-25 | Campcodes Beauty Salon Management System edit-accepted-appointment.php cross site scripting |
| CVE-2023-3897 | 2023-07-25 | Bypassing CAPTCHA & Enumerating Usernames via Password Reset Page |
| CVE-2023-2850 | 2023-07-25 | NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker. |
| CVE-2023-33925 | 2023-07-25 | WordPress WooCommerce Product Categories Selection Widget Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3637 | 2023-07-25 | Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277) |
| CVE-2023-3486 | 2023-07-25 | PaperCut NG Unauthenticated File Upload |
| CVE-2023-23833 | 2023-07-25 | WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35043 | 2023-07-25 | WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3548 | 2023-07-25 | IQ Wifi 6 |
| CVE-2023-34369 | 2023-07-25 | WordPress Login Configurator Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36501 | 2023-07-25 | WordPress teachPress Plugin <= 9.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36502 | 2023-07-25 | WordPress Balkon Theme <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34017 | 2023-07-25 | WordPress Five Star Restaurant Reservations Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36385 | 2023-07-25 | WordPress PostX – Gutenberg Blocks for Post Grid Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36503 | 2023-07-25 | WordPress MaxButtons Plugin <= 9.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37895 | 2023-07-25 | Apache Jackrabbit RMI access can lead to RCE |
| CVE-2023-39173 | 2023-07-25 | In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access |
| CVE-2023-39174 | 2023-07-25 | In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers |
| CVE-2023-39175 | 2023-07-25 | In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible |
| CVE-2023-34093 | 2023-07-25 | Strapi allows actors to make all attributes on a content-type public without noticing it |
| CVE-2023-38435 | 2023-07-25 | Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin |
| CVE-2023-3772 | 2023-07-25 | Kernel: xfrm: null pointer dereference in xfrm_update_ae_params() |
| CVE-2023-3773 | 2023-07-25 | Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr |
| CVE-2023-2626 | 2023-07-25 | Authentication Bypass in OpenThread Boarder Router devices |
| CVE-2023-34235 | 2023-07-25 | Leaking sensitive user information still possible by filtering on private with prefix fields |
| CVE-2023-35929 | 2023-07-25 | Tuleap Cross-site Scripting vulnerability in the card field of the agile dashboard apps |
| CVE-2023-35941 | 2023-07-25 | Envoy vulnerable to OAuth2 credentials exploit with permanent validity |
| CVE-2023-35942 | 2023-07-25 | Envoy's gRPC access log crash caused by the listener draining |
| CVE-2023-35943 | 2023-07-25 | Envoy vulnerable to CORS filter segfault when origin header is removed |
| CVE-2023-35980 | 2023-07-25 | Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol |
| CVE-2023-35981 | 2023-07-25 | Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol |
| CVE-2023-35982 | 2023-07-25 | Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol |
| CVE-2023-35944 | 2023-07-25 | Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes |
| CVE-2023-36806 | 2023-07-25 | Contao cross site scripting vulnerability via input unit widget |
| CVE-2023-36826 | 2023-07-25 | Sentry vulnerable to improper authorization on debug and artifact file downloads |
| CVE-2023-37257 | 2023-07-25 | The DataEase panel and dataset have a stored XSS vulnerability |
| CVE-2023-3944 | 2023-07-25 | phpscriptpoint Lawyer page.php cross site scripting |
| CVE-2023-37258 | 2023-07-25 | DataEase has a SQL injection vulnerability that can bypass blacklists |
| CVE-2023-37460 | 2023-07-25 | Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver |
| CVE-2023-37902 | 2023-07-25 | Vyper's ecrecover can return undefined data if signature does not verify |
| CVE-2023-37907 | 2023-07-25 | Cryptomator's MSI installer allows local privilege escalation |
| CVE-2023-37919 | 2023-07-25 | Cal.com not expiring old sessions after enabling 2FA |
| CVE-2023-37920 | 2023-07-25 | Certifi's removal of e-Tugra root certificate |
| CVE-2023-38493 | 2023-07-25 | Paths contain matrix variables bypass decorators |
| CVE-2023-38499 | 2023-07-25 | typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution |
| CVE-2023-38500 | 2023-07-25 | By-passing Cross-Site Scripting Protection in HTML Sanitizer |
| CVE-2023-38496 | 2023-07-25 | Apptainer's ineffective privileges drop when requesting container network |
| CVE-2023-38501 | 2023-07-25 | copyparty vulnerable to reflected cross-site scripting via k304 parameter |
| CVE-2023-38502 | 2023-07-25 | TDengine Database Denial-of-Service |
| CVE-2023-3945 | 2023-07-25 | phpscriptpoint Lawyer search.php cross site scripting |
| CVE-2023-38503 | 2023-07-25 | Directus has Incorrect Permission Checking for GraphQL Subscriptions |
| CVE-2022-31455 | 2023-07-26 | * A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box. |
| CVE-2022-31456 | 2023-07-26 | A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter. |
| CVE-2022-43710 | 2023-07-26 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of... |
| CVE-2022-43711 | 2023-07-26 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src. |
| CVE-2022-43712 | 2023-07-26 | POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass... |
| CVE-2022-43713 | 2023-07-26 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed. |
| CVE-2023-26859 | 2023-07-26 | SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component. |
| CVE-2023-26911 | 2023-07-26 | ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. |
| CVE-2023-30367 | 2023-07-26 | Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored... |
| CVE-2023-31465 | 2023-07-26 | An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed... |
| CVE-2023-31466 | 2023-07-26 | An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source... |
| CVE-2023-33802 | 2023-07-26 | A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file. |
| CVE-2023-37049 | 2023-07-26 | emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. |
| CVE-2023-37623 | 2023-07-26 | Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm. |
| CVE-2023-37624 | 2023-07-26 | Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to... |