CVE List - 2023 / September
Showing 1 - 100 of 2148 CVEs for September 2023 (Page 1 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-44349 | 2023-09-01 | NAVBLUE S.A.S N-Ops & Crew 22.5-rc.50 is vulnerable to Cross Site Scripting (XSS). |
| CVE-2022-46527 | 2023-09-01 | ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser. |
| CVE-2023-24674 | 2023-09-01 | Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter. |
| CVE-2023-24675 | 2023-09-01 | Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL. |
| CVE-2023-36076 | 2023-09-01 | SQL Injection vulnerability in smanga version 3.1.9 and earlier, allows remote attackers to execute arbitrary code and gain sensitive information via mediaId, mangaId, and userId parameters in php/history/add.php. |
| CVE-2023-36088 | 2023-09-01 | Server Side Request Forgery (SSRF) vulnerability in NebulaGraph Studio version 3.7.0, allows remote attackers to gain sensitive information. |
| CVE-2023-36100 | 2023-09-01 | An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. |
| CVE-2023-36187 | 2023-09-01 | Buffer Overflow vulnerability in NETGEAR R6400v2 before version 1.0.4.118, allows remote unauthenticated attackers to execute arbitrary code via crafted URL to httpd. |
| CVE-2023-36326 | 2023-09-01 | Integer Overflow vulnerability in RELIC before commit 34580d840469361ba9b5f001361cad659687b9ab, allows attackers to execute arbitrary code, cause a denial of service, and escalate privileges when calling realloc function in bn_grow function. |
| CVE-2023-36327 | 2023-09-01 | Integer Overflow vulnerability in RELIC before commit 421f2e91cf2ba42473d4d54daf24e295679e290e, allows attackers to execute arbitrary code and cause a denial of service in pos argument in bn_get_prime function. |
| CVE-2023-37826 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-37827 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-37828 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-37829 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-37830 | 2023-09-01 | A cross-site scripting (XSS) vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-39582 | 2023-09-01 | SQL Injection vulnerability in Chamilo LMS v.1.11 thru v.1.11.20 allows a remote privileged attacker to obtain sensitive information via the import sessions functions. |
| CVE-2023-39631 | 2023-09-01 | An issue in LanChain-ai Langchain v.0.0.245 allows a remote attacker to execute arbitrary code via the evaluate function in the numexpr library. |
| CVE-2023-39685 | 2023-09-01 | An issue in hjson-java up to v3.0.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted JSON string. |
| CVE-2023-39703 | 2023-09-01 | A cross site scripting (XSS) vulnerability in the Markdown Editor component of Typora v1.6.7 allows attackers to execute arbitrary code via uploading a crafted Markdown file. |
| CVE-2023-39710 | 2023-09-01 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |
| CVE-2023-39714 | 2023-09-01 | Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the... |
| CVE-2023-40239 | 2023-09-01 | Certain Lexmark devices (such as CS310) before 2023-08-25 allow XXE attacks, leading to information disclosure. The fixed firmware version is LW80.*.P246, i.e., '*' indicates that the full version specification varies... |
| CVE-2023-40771 | 2023-09-01 | SQL injection vulnerability in DataEase v.1.18.9 allows a remote attacker to obtain sensitive information via a crafted string outside of the blacklist function. |
| CVE-2023-40968 | 2023-09-01 | Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address. |
| CVE-2023-40969 | 2023-09-01 | Senayan Library Management Systems SLIMS 9 Bulian v9.6.1 is vulnerable to Server Side Request Forgery (SSRF) via admin/modules/bibliography/pop_p2p.php. |
| CVE-2023-40970 | 2023-09-01 | Senayan Library Management Systems SLIMS 9 Bulian v 9.6.1 is vulnerable to SQL Injection via admin/modules/circulation/loan_rules.php. |
| CVE-2023-40980 | 2023-09-01 | File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file. |
| CVE-2023-41364 | 2023-09-01 | In tine through 2023.01.14.325, the sort parameter of the /index.php endpoint allows SQL Injection. |
| CVE-2023-41627 | 2023-09-01 | O-RAN Software Community ric-plt-lib-rmr v4.9.0 does not validate the source of the routing tables it receives, potentially allowing attackers to send forged routing tables to the device. |
| CVE-2023-41628 | 2023-09-01 | An issue in O-RAN Software Community E2 G-Release allows attackers to cause a Denial of Service (DoS) by incorrectly initiating the messaging procedure between the E2Node and E2Term components. |
| CVE-2023-41633 | 2023-09-01 | Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/fileutil.c. |
| CVE-2023-28366 | 2023-09-01 | The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message... |
| CVE-2023-36328 | 2023-09-01 | Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS). |
| CVE-2023-4695 | 2023-09-01 | Use of Predictable Algorithm in Random Number Generator in pkp/pkp-lib |
| CVE-2023-4696 | 2023-09-01 | Improper Access Control in usememos/memos |
| CVE-2023-4698 | 2023-09-01 | Improper Input Validation in usememos/memos |
| CVE-2023-4697 | 2023-09-01 | Improper Privilege Management in usememos/memos |
| CVE-2023-4704 | 2023-09-01 | External Control of System or Configuration Setting in instantsoft/icms2 |
| CVE-2023-3915 | 2023-09-01 | Incorrect Execution-Assigned Permissions in GitLab |
| CVE-2023-3205 | 2023-09-01 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-1555 | 2023-09-01 | Missing Authorization in GitLab |
| CVE-2023-1279 | 2023-09-01 | URL Redirection to Untrusted Site in GitLab |
| CVE-2023-0120 | 2023-09-01 | Incorrect Authorization in GitLab |
| CVE-2022-4343 | 2023-09-01 | Exposure of Sensitive Information to an Unauthorized Actor in GitLab |
| CVE-2023-4647 | 2023-09-01 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-4378 | 2023-09-01 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-4018 | 2023-09-01 | Direct Request ('Forced Browsing') in GitLab |
| CVE-2023-3950 | 2023-09-01 | Cleartext Storage of Sensitive Information in GitLab |
| CVE-2023-3210 | 2023-09-01 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-25477 | 2023-09-01 | WordPress Video Gallery Plugin <= 1.3.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24412 | 2023-09-01 | WordPress Image Social Feed Plugin Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25042 | 2023-09-01 | WordPress oAuth Twitter Feed for Developers Plugin <= 2.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25044 | 2023-09-01 | WordPress Social Share Boost Plugin <= 4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25488 | 2023-09-01 | WordPress WP Default Feature Image Plugin <= 1.0.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37893 | 2023-09-01 | WordPress Coming Soon Chop Chop Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37986 | 2023-09-01 | WordPress YourMembership Single Sign On Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34011 | 2023-09-01 | WordPress ShopConstruct Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37994 | 2023-09-01 | WordPress Art Decoration Shortcode Plugin <= 1.5.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-22305 | 2023-09-01 | An improper certificate validation vulnerability [CWE-295] in FortiManager 7.0.1 and below, 6.4.6 and below; FortiAnalyzer 7.0.2 and below, 6.4.7 and below; FortiOS 6.2.x and 6.0.x; FortiSandbox 4.0.x, 3.2.x and 3.1.x... |
| CVE-2023-37997 | 2023-09-01 | WordPress Post List With Featured Image Plugin <= 1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23763 | 2023-09-01 | Information disclosure in GitHub Enterprise Server leading to private repository leakage |
| CVE-2023-4720 | 2023-09-01 | Floating Point Comparison with Incorrect Operator in gpac/gpac |
| CVE-2023-4721 | 2023-09-01 | Out-of-bounds Read in gpac/gpac |
| CVE-2023-4722 | 2023-09-01 | Integer Overflow or Wraparound in gpac/gpac |
| CVE-2022-3407 | 2023-09-01 | I some cases, when the device is USB-tethered to a host PC, and the device is sharing its mobile network connection with the host PC, if the user originates a... |
| CVE-2023-4707 | 2023-09-01 | Infosoftbd Clcknshop all cross site scripting |
| CVE-2023-4708 | 2023-09-01 | Infosoftbd Clcknshop GET Parameter all sql injection |
| CVE-2023-41051 | 2023-09-01 | Default functions in VolatileMemory trait lack bounds checks in vm-memory |
| CVE-2023-4709 | 2023-09-01 | TOTVS RM Portal Login.aspx cross site scripting |
| CVE-2023-1523 | 2023-09-01 | Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside... |
| CVE-2023-4710 | 2023-09-01 | TOTVS RM Portal cross site scripting |
| CVE-2023-4711 | 2023-09-01 | D-Link DAR-8000-10 decodmail.php os command injection |
| CVE-2023-4712 | 2023-09-01 | Xintian Smart Table Integrated Management System AddUpdateRole.aspx sql injection |
| CVE-2023-41049 | 2023-09-01 | Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client |
| CVE-2023-41046 | 2023-09-01 | Velocity execution without script rights in Xwiki platform |
| CVE-2023-4713 | 2023-09-01 | IBOS OA addcomment addComment sql injection |
| CVE-2023-4714 | 2023-09-01 | PlayTube Redirect information disclosure |
| CVE-2023-3297 | 2023-09-01 | In Ubuntu's accountsservice an unprivileged local attacker can trigger a use-after-free vulnerability in accountsservice by sending a D-Bus message to the accounts-daemon process. |
| CVE-2023-4718 | 2023-09-02 | The Font Awesome 4 Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fa' and 'fa-stack' shortcodes in versions up to, and including, 4.7.0 due to insufficient... |
| CVE-2023-39979 | 2023-09-02 | MXsecurity Authentication Bypass |
| CVE-2023-39980 | 2023-09-02 | MXsecurity Authenticated Information Disclosure Due to SQL Injection |
| CVE-2023-39981 | 2023-09-02 | MXsecurity Device Information Disclosure |
| CVE-2023-39982 | 2023-09-02 | MXsecurity Hardcoded Credential |
| CVE-2023-39983 | 2023-09-02 | MXsecurity Register Database Pollution |
| CVE-2023-4734 | 2023-09-02 | Integer Overflow or Wraparound in vim/vim |
| CVE-2023-4735 | 2023-09-02 | Out-of-bounds Write in vim/vim |
| CVE-2023-4736 | 2023-09-02 | Untrusted Search Path in vim/vim |
| CVE-2023-4738 | 2023-09-02 | Heap-based Buffer Overflow in vim/vim |
| CVE-2023-38521 | 2023-09-03 | WordPress Exifography Plugin <= 1.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38387 | 2023-09-03 | WordPress Elastic Email Sender Plugin <= 1.2.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38518 | 2023-09-03 | WordPress Borderless Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38517 | 2023-09-03 | WordPress WRC Pricing Tables Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38516 | 2023-09-03 | WordPress Audio Player with Playlist Ultimate Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38482 | 2023-09-03 | WordPress Post Affiliate Pro Plugin <= 1.25.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-38476 | 2023-09-03 | WordPress Client Portal : SuiteDash Direct Login Plugin <= 1.7.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-37220 | 2023-09-03 | Synel Terminals - CWE-494: Download of Code Without Integrity Check |
| CVE-2023-37221 | 2023-09-03 | 7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). |
| CVE-2023-37222 | 2023-09-03 | Farsight Tech Nordic AB ProVide |
| CVE-2023-3703 | 2023-09-03 | Proscend Advice ICR Series routers fw version 1.76 |
| CVE-2023-39369 | 2023-09-03 | StarTrinity Softswitch version 2023-02-16 - multiple Reflected XSS (CWE-79) |