CVE List - 2023 / August
Showing 901 - 1000 of 2479 CVEs for August 2023 (Page 10 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-4277 | 2023-08-10 | The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This... |
| CVE-2023-4276 | 2023-08-10 | The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abpr_profileShortcode' function.... |
| CVE-2023-31209 | 2023-08-10 | Command injection via active checks and REST API |
| CVE-2023-26309 | 2023-08-10 | A remote code execution vulnerability in the webview component |
| CVE-2023-24389 | 2023-08-10 | WordPress Social Proof (Testimonial) Slider Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23826 | 2023-08-10 | WordPress Add Posts to Pages Plugin <= 1.4.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-27861 | 2023-08-10 | WordPress Ninja Popups Plugin <= 4.7.5 is vulnerable to Open Redirection |
| CVE-2022-44629 | 2023-08-10 | WordPress Catalyst Connect Zoho CRM Client Portal Plugin <= 2.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23798 | 2023-08-10 | WordPress Layer Slider Plugin <= 1.1.9.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24009 | 2023-08-10 | WordPress Upfrontwp Theme <= 1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26311 | 2023-08-10 | A remote code execution vulnerability in the webview component of OPPO Store app. |
| CVE-2023-23871 | 2023-08-10 | WordPress Button Plugin <= 1.1.23 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37988 | 2023-08-10 | WordPress Contact Form Generator Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4282 | 2023-08-10 | The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and including,... |
| CVE-2023-4283 | 2023-08-10 | The EmbedPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embedpress_calendar' shortcode in versions up to, and including, 3.8.2 due to insufficient input sanitization and output escaping... |
| CVE-2023-34374 | 2023-08-10 | WordPress AnsPress – Question and answer Plugin <= 4.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23900 | 2023-08-10 | WordPress Easy Forms for Mailchimp Plugin <= 6.8.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30481 | 2023-08-10 | WordPress AGP Font Awesome Collection Plugin <= 3.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36530 | 2023-08-10 | WordPress SP Project & Document Manager Plugin <= 4.67 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23828 | 2023-08-10 | WordPress WP Category Post List Widget Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24391 | 2023-08-10 | WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24393 | 2023-08-10 | WordPress Animated Number Counters Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39314 | 2023-08-10 | WordPress Leyka Plugin <= 3.30.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37983 | 2023-08-10 | WordPress Art Direction Plugin <= 0.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28779 | 2023-08-10 | WordPress Terms descriptions Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37388 | 2023-08-10 | WordPress Simple Light Weight Social Share (Tweet, Like, Share and Linkedin) Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38243 | 2023-08-10 | ZDI-CAN-21252: Adobe Acrobat Reader DC JBIG2 File Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2023-38234 | 2023-08-10 | ZDI-CAN-21359: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2023-38224 | 2023-08-10 | ZDI-CAN-21122: Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-38241 | 2023-08-10 | ZDI-CAN-21246: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38230 | 2023-08-10 | ZDI-CAN-21318: Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2023-38239 | 2023-08-10 | ZDI-CAN-21242: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38240 | 2023-08-10 | ZDI-CAN-21245: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38242 | 2023-08-10 | ZDI-CAN-21387: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38237 | 2023-08-10 | ZDI-CAN-21244: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38247 | 2023-08-10 | ZDI-CAN-21449: Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38244 | 2023-08-10 | ZDI-CAN-21371: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38248 | 2023-08-10 | ZDI-CAN-21494: Adobe Acrobat Reader DC PDF Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38232 | 2023-08-10 | ZDI-CAN-21357: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38235 | 2023-08-10 | ZDI-CAN-21356: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38236 | 2023-08-10 | ZDI-CAN-21247: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38238 | 2023-08-10 | ZDI-CAN-21243: Adobe Acrobat Reader DC Font Parsing Use-After-Free Information Disclosure Vulnerability |
| CVE-2023-38245 | 2023-08-10 | Adobe Acrobat Reader DC ActiveX Control (AxAcroPDFLib.AxAcroPDF) src NTLMv2 SSO Hash Theft Vulnerability |
| CVE-2023-38223 | 2023-08-10 | ZDI-CAN-21063: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2023-38227 | 2023-08-10 | ZDI-CAN-21241: Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-38222 | 2023-08-10 | ZDI-CAN-21103: Adobe Acrobat Reader DC AcroForm spawnPageFromTemplate Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-38233 | 2023-08-10 | ZDI-CAN-21337: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-38229 | 2023-08-10 | ZDI-CAN-21310: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-38225 | 2023-08-10 | ZDI-CAN-21118: Adobe Acrobat Reader DC AcroForm Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-29303 | 2023-08-10 | ZDI-CAN-20970: Adobe Acrobat Reader DC AcroForm Annotation Use-After-Free Information Disclosure Vulnerability |
| CVE-2023-38231 | 2023-08-10 | ZDI-CAN-21334: Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-38228 | 2023-08-10 | ZDI-CAN-21317: Adobe Acrobat Reader DC Font Parsing Use-After-Free Remote Code Execution Vulnerability |
| CVE-2023-38226 | 2023-08-10 | ZDI-CAN-21240: Adobe Acrobat Reader DC Font Parsing Uninitialized Variable Remote Code Execution Vulnerability |
| CVE-2023-29299 | 2023-08-10 | Adobe Acrobat Reader Untrusted Search Path Application denial-of-service |
| CVE-2023-29320 | 2023-08-10 | ZDI-CAN-20712: Adobe Acrobat Blacklist Bypass Design flaw |
| CVE-2023-38246 | 2023-08-10 | Adobe Acrobat Reader DC ActiveX Control (AxAcroPDFLib.AxAcroPDF) stack-based stale pointer vulnerability |
| CVE-2023-38397 | 2023-08-10 | WordPress Gestion-Pymes Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38210 | 2023-08-10 | Other | Uncontrolled Resource Consumption (CWE-400) |
| CVE-2023-39952 | 2023-08-10 | Advanced permissions not respected when copying entire group folders |
| CVE-2023-39953 | 2023-08-10 | Issuer not verified from obtained token in user_oidc |
| CVE-2023-39954 | 2023-08-10 | user_oidc app stores client secret unencrypted in database |
| CVE-2023-39955 | 2023-08-10 | Notes attachment render HTML in preview mode |
| CVE-2023-39957 | 2023-08-10 | Path traversal allows tricking the Talk Android app into writing files into it's root directory |
| CVE-2023-39958 | 2023-08-10 | Missing brute force protection on password reset token OAuth2 API controller |
| CVE-2023-39959 | 2023-08-10 | Existence of calendars and address books can be checked by unauthenticated users |
| CVE-2023-39961 | 2023-08-10 | Text does not respect "Allow download" permissions |
| CVE-2023-39962 | 2023-08-10 | Users can delete external storage mount points |
| CVE-2023-39963 | 2023-08-10 | Missing password confirmation when creating app passwords |
| CVE-2023-39964 | 2023-08-10 | 1Panel O&M management panel has a background arbitrary file reading vulnerability |
| CVE-2023-39965 | 2023-08-10 | 1Panel Unauthorized access in Backend |
| CVE-2023-39966 | 2023-08-10 | 1Panel arbitrary file write vulnerability exists in the background |
| CVE-2023-23342 | 2023-08-10 | HCL Nomad for web is affected by cryptographic validation of local data access that can be circumvented |
| CVE-2023-38034 | 2023-08-10 | A command injection vulnerability in the DHCP Client function of all UniFi Access Points and Switches, excluding the Switch Flex Mini, could allow a Remote Code Execution (RCE). Affected Products:... |
| CVE-2023-35085 | 2023-08-10 | An integer overflow vulnerability in all UniFi Access Points and Switches, excluding the Switch Flex Mini, with SNMP Monitoring and default settings enabled could allow a Remote Code Execution (RCE).... |
| CVE-2023-32567 | 2023-08-10 | Ivanti Avalanche decodeToMap XML External Entity Processing. Fixed in version 6.4.1.236 |
| CVE-2023-32566 | 2023-08-10 | An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. |
| CVE-2023-32565 | 2023-08-10 | An attacker can send a specially crafted request which could lead to leakage of sensitive data or potentially a resource-based DoS attack. Fixed in version 6.4.1. |
| CVE-2023-32564 | 2023-08-10 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.4.1 and below that could allow an attacker to achieve a remove code execution. |
| CVE-2023-32563 | 2023-08-10 | An unauthenticated attacker could achieve the code execution through a RemoteControl server. |
| CVE-2023-32562 | 2023-08-10 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. Fixed in version... |
| CVE-2023-32561 | 2023-08-10 | A previously generated artifact by an administrator could be accessed by an attacker. The contents of this artifact could lead to authentication bypass. Fixed in version 6.4.1. |
| CVE-2023-32560 | 2023-08-10 | An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution. Thanks to a Researcher at Tenable for... |
| CVE-2023-28129 | 2023-08-10 | DSM 2022.2 SU2 and all prior versions allows a local low privileged account to execute arbitrary OS commands as the DSM software installation user. |
| CVE-2023-40014 | 2023-08-10 | OpenZeppelin Contracts's ERC2771Context with custom forwarder may lead to zero-valued _msgSender |
| CVE-2023-35179 | 2023-08-10 | 2FA/MFA Bypass Vulnerability in Serv-U 15.4 |
| CVE-2020-19952 | 2023-08-11 | Cross Site Scripting (XSS) vulnerability in Rendering Engine in jbt Markdown Editor thru commit 2252418c27dffbb35147acd8ed324822b8919477, allows remote attackers to execute arbirary code via crafted payload or opening malicious .md file. |
| CVE-2020-20523 | 2023-08-11 | Cross Site Scripting (XSS) vulnerability in adm_user parameter in Gila CMS version 1.11.3, allows remote attackers to execute arbitrary code during the Gila CMS installation. |
| CVE-2020-23595 | 2023-08-11 | Cross Site Request Forgery (CSRF) vulnerability in yzmcms version 5.6, allows remote attackers to escalate privileges and gain sensitive information sitemodel/add.html endpoint. |
| CVE-2020-24075 | 2023-08-11 | Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium before 3.0.4, allows remote attackers to execute arbitrary code. |
| CVE-2020-24187 | 2023-08-11 | An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to cause a denial of service (DoS) (Null Pointer Dereference). |
| CVE-2020-24221 | 2023-08-11 | An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). |
| CVE-2020-24222 | 2023-08-11 | Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN. |
| CVE-2020-24804 | 2023-08-11 | Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain sensitive information via audit logs. |
| CVE-2020-24872 | 2023-08-11 | Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code. |
| CVE-2020-24904 | 2023-08-11 | An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link. |
| CVE-2020-24922 | 2023-08-11 | Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file. |
| CVE-2020-24950 | 2023-08-11 | SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. |
| CVE-2020-25915 | 2023-08-11 | Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows attackers to execute arbitrary code via crafted user_login. |
| CVE-2020-27449 | 2023-08-11 | Cross Site Scripting (XSS) vulnerability in Query Report feature in Zoho ManageEngine Password Manager Pro version 11001, allows remote attackers to execute arbitrary code and steal cookies via crafted JavaScript... |
| CVE-2020-27514 | 2023-08-11 | Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS). |