CVE List - 2023 / July
Showing 1901 - 2000 of 2295 CVEs for July 2023 (Page 20 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-34798 | 2023-07-25 | An arbitrary file upload vulnerability in eoffice before v9.5 allows... |
| CVE-2023-37361 | 2023-07-25 | REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via... |
| CVE-2023-37677 | 2023-07-25 | Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to... |
| CVE-2023-38745 | 2023-07-25 | Pandoc before 3.1.6 allows arbitrary file write: this can be... |
| CVE-2023-39128 | 2023-07-25 | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack... |
| CVE-2023-39129 | 2023-07-25 | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap... |
| CVE-2023-39130 | 2023-07-25 | GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap... |
| CVE-2023-3873 | 2023-07-25 | Campcodes Beauty Salon Management System index.php sql injection |
| CVE-2023-3874 | 2023-07-25 | Campcodes Beauty Salon Management System admin-profile.php sql injection |
| CVE-2023-3875 | 2023-07-25 | Campcodes Beauty Salon Management System del_feedback.php sql injection |
| CVE-2023-23568 | 2023-07-25 | Improper privilege validation in Command Centre Server allows authenticated unprivileged... |
| CVE-2023-3876 | 2023-07-25 | Campcodes Beauty Salon Management System search-appointment.php sql injection |
| CVE-2023-3877 | 2023-07-25 | Campcodes Beauty Salon Management System add-services.php sql injection |
| CVE-2023-3878 | 2023-07-25 | Campcodes Beauty Salon Management System about-us.php sql injection |
| CVE-2023-3879 | 2023-07-25 | Campcodes Beauty Salon Management System del_category.php sql injection |
| CVE-2023-32639 | 2023-07-25 | Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity... |
| CVE-2023-3880 | 2023-07-25 | Campcodes Beauty Salon Management System del_service.php sql injection |
| CVE-2023-3881 | 2023-07-25 | Campcodes Beauty Salon Management System forgot-password.php sql injection |
| CVE-2023-3882 | 2023-07-25 | Campcodes Beauty Salon Management System edit-accepted-appointment.php sql injection |
| CVE-2023-32637 | 2023-07-25 | GBrowse accepts files with any formats uploaded and places them... |
| CVE-2023-3883 | 2023-07-25 | Campcodes Beauty Salon Management System add-category.php cross site scripting |
| CVE-2023-3046 | 2023-07-25 | SQLi in Biltay Technlogys Scienta |
| CVE-2023-3884 | 2023-07-25 | Campcodes Beauty Salon Management System edit_product.php cross site scripting |
| CVE-2023-35067 | 2023-07-25 | Plaintext Storage of a Password in Infodrom Sofwares E-Invoice Approval System |
| CVE-2023-35078 | 2023-07-25 | An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users... |
| CVE-2023-35066 | 2023-07-25 | SQLi in Infodrom Sofwares E-Invoice Approval System |
| CVE-2023-3885 | 2023-07-25 | Campcodes Beauty Salon Management System edit_category.php cross site scripting |
| CVE-2023-3886 | 2023-07-25 | Campcodes Beauty Salon Management System invoice.php cross site scripting |
| CVE-2023-34189 | 2023-07-25 | Apache InLong: General user can delete and update process |
| CVE-2023-34434 | 2023-07-25 | Apache InLong: JDBC URL bypassing by allowLoadLocalInfileInPath param |
| CVE-2023-35088 | 2023-07-25 | Apache InLong: SQL injection in audit endpoint |
| CVE-2023-3887 | 2023-07-25 | Campcodes Beauty Salon Management System search-appointment.php cross site scripting |
| CVE-2023-21405 | 2023-07-25 | Denial-of-Service vulnerability in Axis Network Door Controller's and Axis Network Intercom's OSDP communication |
| CVE-2023-21406 | 2023-07-25 | Heap-based buffer overflow in Axis A1001 Network Door Controller's OSDP communication |
| CVE-2023-3888 | 2023-07-25 | Campcodes Beauty Salon Management System admin-profile.php cross site scripting |
| CVE-2023-3890 | 2023-07-25 | Campcodes Beauty Salon Management System edit-accepted-appointment.php cross site scripting |
| CVE-2023-3897 | 2023-07-25 | Bypassing CAPTCHA & Enumerating Usernames via Password Reset Page |
| CVE-2023-2850 | 2023-07-25 | NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due... |
| CVE-2023-33925 | 2023-07-25 | WordPress WooCommerce Product Categories Selection Widget Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3637 | 2023-07-25 | Openstack-neutron: unrestricted creation of security groups (fix for cve-2022-3277) |
| CVE-2023-3486 | 2023-07-25 | PaperCut NG Unauthenticated File Upload |
| CVE-2023-23833 | 2023-07-25 | WordPress Drop Shadow Boxes Plugin <= 1.7.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35043 | 2023-07-25 | WordPress Recent Posts Slider Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3548 | 2023-07-25 | IQ Wifi 6 |
| CVE-2023-34369 | 2023-07-25 | WordPress Login Configurator Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36501 | 2023-07-25 | WordPress teachPress Plugin <= 9.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36502 | 2023-07-25 | WordPress Balkon Theme <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34017 | 2023-07-25 | WordPress Five Star Restaurant Reservations Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36385 | 2023-07-25 | WordPress PostX – Gutenberg Blocks for Post Grid Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36503 | 2023-07-25 | WordPress MaxButtons Plugin <= 9.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37895 | 2023-07-25 | Apache Jackrabbit RMI access can lead to RCE |
| CVE-2023-39173 | 2023-07-25 | In JetBrains TeamCity before 2023.05.2 a token with limited permissions... |
| CVE-2023-39174 | 2023-07-25 | In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible... |
| CVE-2023-39175 | 2023-07-25 | In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration... |
| CVE-2023-34093 | 2023-07-25 | Strapi allows actors to make all attributes on a content-type public without noticing it |
| CVE-2023-38435 | 2023-07-25 | Apache Felix Healthcheck Webconsole Plugin: XSS in healthcheck webconsole plugin |
| CVE-2023-3772 | 2023-07-25 | Kernel: xfrm: null pointer dereference in xfrm_update_ae_params() |
| CVE-2023-3773 | 2023-07-25 | Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr |
| CVE-2023-2626 | 2023-07-25 | Authentication Bypass in OpenThread Boarder Router devices |
| CVE-2023-34235 | 2023-07-25 | Leaking sensitive user information still possible by filtering on private with prefix fields |
| CVE-2023-35929 | 2023-07-25 | Tuleap Cross-site Scripting vulnerability in the card field of the agile dashboard apps |
| CVE-2023-35941 | 2023-07-25 | Envoy vulnerable to OAuth2 credentials exploit with permanent validity |
| CVE-2023-35942 | 2023-07-25 | Envoy's gRPC access log crash caused by the listener draining |
| CVE-2023-35943 | 2023-07-25 | Envoy vulnerable to CORS filter segfault when origin header is removed |
| CVE-2023-35980 | 2023-07-25 | Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol |
| CVE-2023-35981 | 2023-07-25 | Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol |
| CVE-2023-35982 | 2023-07-25 | Unauthenticated Buffer Overflow Vulnerabilities in Services Accessed by the PAPI Protocol |
| CVE-2023-35944 | 2023-07-25 | Envoy vulnerable to incorrect handling of HTTP requests and responses with mixed case schemes |
| CVE-2023-36806 | 2023-07-25 | Contao cross site scripting vulnerability via input unit widget |
| CVE-2023-36826 | 2023-07-25 | Sentry vulnerable to improper authorization on debug and artifact file downloads |
| CVE-2023-37257 | 2023-07-25 | The DataEase panel and dataset have a stored XSS vulnerability |
| CVE-2023-3944 | 2023-07-25 | phpscriptpoint Lawyer page.php cross site scripting |
| CVE-2023-37258 | 2023-07-25 | DataEase has a SQL injection vulnerability that can bypass blacklists |
| CVE-2023-37460 | 2023-07-25 | Plexus Archiver vulnerable to Arbitrary File Creation in AbstractUnArchiver |
| CVE-2023-37902 | 2023-07-25 | Vyper's ecrecover can return undefined data if signature does not verify |
| CVE-2023-37907 | 2023-07-25 | Cryptomator's MSI installer allows local privilege escalation |
| CVE-2023-37919 | 2023-07-25 | Cal.com not expiring old sessions after enabling 2FA |
| CVE-2023-37920 | 2023-07-25 | Certifi's removal of e-Tugra root certificate |
| CVE-2023-38493 | 2023-07-25 | Paths contain matrix variables bypass decorators |
| CVE-2023-38499 | 2023-07-25 | typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution |
| CVE-2023-38500 | 2023-07-25 | By-passing Cross-Site Scripting Protection in HTML Sanitizer |
| CVE-2023-38496 | 2023-07-25 | Apptainer's ineffective privileges drop when requesting container network |
| CVE-2023-38501 | 2023-07-25 | copyparty vulnerable to reflected cross-site scripting via k304 parameter |
| CVE-2023-38502 | 2023-07-25 | TDengine Database Denial-of-Service |
| CVE-2023-3945 | 2023-07-25 | phpscriptpoint Lawyer search.php cross site scripting |
| CVE-2023-38503 | 2023-07-25 | Directus has Incorrect Permission Checking for GraphQL Subscriptions |
| CVE-2022-31455 | 2023-07-26 | * A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows... |
| CVE-2022-31456 | 2023-07-26 | A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers... |
| CVE-2022-43710 | 2023-07-26 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until... |
| CVE-2022-43711 | 2023-07-26 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until... |
| CVE-2022-43712 | 2023-07-26 | POST requests to /web/mvc in GX Software XperienCentral version 10.36.0... |
| CVE-2022-43713 | 2023-07-26 | Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until... |
| CVE-2023-26859 | 2023-07-26 | SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before... |
| CVE-2023-26911 | 2023-07-26 | ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an... |
| CVE-2023-30367 | 2023-07-26 | Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that... |
| CVE-2023-30577 | 2023-07-26 | AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles... |
| CVE-2023-31465 | 2023-07-26 | An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28.... |
| CVE-2023-31466 | 2023-07-26 | An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On... |
| CVE-2023-33802 | 2023-07-26 | A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to... |
| CVE-2023-37049 | 2023-07-26 | emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\template.php. |