CVE List - 2023 / July
Showing 401 - 500 of 2295 CVEs for July 2023 (Page 5 of 23)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-36456 | 2023-07-06 | Authentik lacks Proxy IP headers validation |
| CVE-2023-36459 | 2023-07-06 | Mastodon vulnerable to Cross-site Scripting through oEmbed preview cards |
| CVE-2023-3529 | 2023-07-06 | Rotem Dynamics Rotem CRM OTP URI Interface information exposure |
| CVE-2023-36460 | 2023-07-06 | Mastodon vulnerable to arbitrary file creation through media attachments |
| CVE-2023-36461 | 2023-07-06 | Mastodon vulnerable to Denial of Service through slow HTTP responses |
| CVE-2023-36462 | 2023-07-06 | Mastodon's verified profile links can be formatted in a misleading way |
| CVE-2023-3531 | 2023-07-06 | Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass |
| CVE-2023-35934 | 2023-07-06 | yt-dlp File Downloader cookie leak |
| CVE-2023-36829 | 2023-07-06 | Sentry CORS misconfiguration vulnerability |
| CVE-2023-20899 | 2023-07-06 | VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management. |
| CVE-2023-36859 | 2023-07-06 | PiiGAB M-Bus Code Injection |
| CVE-2023-33868 | 2023-07-06 | PiiGAB M-Bus Improper Restriction of Excessive Authentication Attempts |
| CVE-2023-31277 | 2023-07-06 | PiiGAB M-Bus Unprotected Transport of Credentials |
| CVE-2023-35987 | 2023-07-06 | PiiGAB M-Bus Use of Hard-coded Credentials |
| CVE-2023-35765 | 2023-07-06 | PiiGAB M-Bus Plaintext Storage of a Password |
| CVE-2023-32652 | 2023-07-06 | PiiGAB M-Bus Cross-site Scripting |
| CVE-2023-34995 | 2023-07-06 | PiiGAB M-Bus Weak Password Requirements |
| CVE-2023-34433 | 2023-07-06 | PiiGAB M-Bus Use of Password Hash With Insufficient Computational Effort |
| CVE-2023-35120 | 2023-07-06 | PiiGAB M-Bus Cross-Site Request Forgery |
| CVE-2023-25201 | 2023-07-07 | Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload. |
| CVE-2023-27845 | 2023-07-07 | SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components. |
| CVE-2023-29998 | 2023-07-07 | A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description... |
| CVE-2023-33664 | 2023-07-07 | ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. |
| CVE-2023-34197 | 2023-07-07 | Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to... |
| CVE-2023-36201 | 2023-07-07 | An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. |
| CVE-2023-36256 | 2023-07-07 | The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will... |
| CVE-2023-36992 | 2023-07-07 | PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. |
| CVE-2023-36993 | 2023-07-07 | The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over... |
| CVE-2023-36994 | 2023-07-07 | In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. |
| CVE-2023-37061 | 2023-07-07 | Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section. |
| CVE-2023-37062 | 2023-07-07 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition. |
| CVE-2023-37063 | 2023-07-07 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section. |
| CVE-2023-37064 | 2023-07-07 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section. |
| CVE-2023-37065 | 2023-07-07 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section. |
| CVE-2023-37066 | 2023-07-07 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel. |
| CVE-2023-37067 | 2023-07-07 | Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section. |
| CVE-2023-37144 | 2023-07-07 | Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. |
| CVE-2023-37145 | 2023-07-07 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. |
| CVE-2023-37146 | 2023-07-07 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. |
| CVE-2023-37148 | 2023-07-07 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. |
| CVE-2023-37149 | 2023-07-07 | TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. |
| CVE-2023-37170 | 2023-07-07 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. |
| CVE-2023-37171 | 2023-07-07 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. |
| CVE-2023-37172 | 2023-07-07 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. |
| CVE-2023-37173 | 2023-07-07 | TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. |
| CVE-2023-37308 | 2023-07-07 | Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field. |
| CVE-2023-35890 | 2023-07-07 | IBM WebSphere Application Server information disclosure |
| CVE-2023-3532 | 2023-07-07 | Cross-site Scripting (XSS) - Stored in outline/outline |
| CVE-2023-32183 | 2023-07-07 | Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root This issue affects openSUSE Tumbleweed. |
| CVE-2023-33008 | 2023-07-07 | Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale |
| CVE-2020-8934 | 2023-07-07 | Site Kit by Google plugin for WordPress |
| CVE-2023-3534 | 2023-07-07 | SourceCodester Shopping Website check_availability.php sql injection |
| CVE-2023-3535 | 2023-07-07 | SimplePHPscripts FAQ Script PHP URL Parameter preview.php cross site scripting |
| CVE-2023-3536 | 2023-07-07 | SimplePHPscripts Funeral Script PHP URL Parameter preview.php cross site scripting |
| CVE-2023-3537 | 2023-07-07 | SimplePHPscripts News Script PHP Pro URL Parameter preview.php cross site scripting |
| CVE-2023-3538 | 2023-07-07 | SimplePHPscripts Photo Gallery PHP URL Parameter preview.php cross site scripting |
| CVE-2023-3539 | 2023-07-07 | SimplePHPscripts Simple Forum PHP URL Parameter preview.php cross site scripting |
| CVE-2023-3540 | 2023-07-07 | SimplePHPscripts NewsLetter Script PHP URL Parameter preview.php cross site scripting |
| CVE-2023-3541 | 2023-07-07 | ThinuTech ThinuCMS author_posts.php cross site scripting |
| CVE-2023-3542 | 2023-07-07 | ThinuTech ThinuCMS contact.php cross site scripting |
| CVE-2023-37264 | 2023-07-07 | Pipelines do not validate child UIDs |
| CVE-2023-3543 | 2023-07-07 | GZ Scripts Availability Booking Calendar PHP HTTP POST Request load.php cross site scripting |
| CVE-2023-3544 | 2023-07-07 | GZ Scripts Time Slot Booking Calendar PHP load.php cross site scripting |
| CVE-2021-33798 | 2023-07-07 | A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file. |
| CVE-2021-33796 | 2023-07-07 | In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service. |
| CVE-2021-39014 | 2023-07-07 | IBM Cloud Object Storage System cross-site scripting |
| CVE-2021-32494 | 2023-07-07 | Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service. |
| CVE-2021-32495 | 2023-07-07 | Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service. |
| CVE-2023-20133 | 2023-07-07 | A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.... |
| CVE-2023-20180 | 2023-07-07 | A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability... |
| CVE-2022-4361 | 2023-07-07 | Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts... |
| CVE-2023-37261 | 2023-07-07 | OpenComputers's SSRF to cloud service metadata services and local IPv6 addresses not blocked by default |
| CVE-2023-37262 | 2023-07-07 | CC: Tweaked SSRF to Cloud Services Metadata Services not Blocked by Default |
| CVE-2023-37269 | 2023-07-07 | Winter CMS vulnerable to stored XSS through privileged upload of SVG file |
| CVE-2023-37270 | 2023-07-07 | Piwigo SQL Injection vulnerability in "User-Agent" |
| CVE-2023-32000 | 2023-07-07 | A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit... |
| CVE-2023-3551 | 2023-07-08 | Code Injection in nilsteampassnet/teampass |
| CVE-2023-3552 | 2023-07-08 | Improper Encoding or Escaping of Output in nilsteampassnet/teampass |
| CVE-2023-3553 | 2023-07-08 | Exposure of Sensitive Information to an Unauthorized Actor in nilsteampassnet/teampass |
| CVE-2023-3554 | 2023-07-08 | GZ Scripts GZ Forum Script preview.php cross site scripting |
| CVE-2023-3555 | 2023-07-08 | GZ Scripts PHP Vacation Rental Script preview.php cross site scripting |
| CVE-2023-3556 | 2023-07-08 | GZ Scripts Car Listing Script PHP preview.php cross site scripting |
| CVE-2023-3565 | 2023-07-08 | Cross-site Scripting (XSS) - Generic in nilsteampassnet/teampass |
| CVE-2023-3557 | 2023-07-08 | GZ Scripts Property Listing Script preview.php cross site scripting |
| CVE-2023-3558 | 2023-07-08 | GZ Scripts Event Booking Calendar load.php cross site scripting |
| CVE-2023-3559 | 2023-07-08 | GZ Scripts PHP GZ Appointment Scheduling Script load.php cross site scripting |
| CVE-2023-3560 | 2023-07-08 | GZ Scripts Ticket Booking Script load.php cross site scripting |
| CVE-2023-3561 | 2023-07-08 | GZ Scripts PHP GZ Hotel Booking Script load.php cross site scripting |
| CVE-2023-3562 | 2023-07-08 | GZ Scripts PHP CRM Platform index.php cross site scripting |
| CVE-2023-3563 | 2023-07-08 | GZ Scripts GZ E Learning Platform URL Parameter cross site scripting |
| CVE-2023-3564 | 2023-07-08 | GZ Scripts GZ Multi Hotel Booking System index.php cross site scripting |
| CVE-2023-3566 | 2023-07-08 | wallabag Profile Config config allocation of resources |
| CVE-2023-30447 | 2023-07-08 | IBM Db2 denial of service |
| CVE-2023-30446 | 2023-07-08 | IBM Db2 denial of service |
| CVE-2023-30448 | 2023-07-08 | IBM Db2 denial of service |
| CVE-2023-30445 | 2023-07-08 | IBM Db2 denial of service |
| CVE-2023-30449 | 2023-07-08 | IBM Db2 denial of service |
| CVE-2023-27869 | 2023-07-08 | IBM Db2 code execution |
| CVE-2023-27867 | 2023-07-08 | IBM Db2 code execution |
| CVE-2023-27868 | 2023-07-08 | IBM Db2 code execution |