CVE List - 2023 / September
Showing 1601 - 1700 of 2148 CVEs for September 2023 (Page 17 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5158 | 2023-09-25 | Possible dos from guest to host invringh_kiov_advance in vhost driver at drivers/vhost/vringh.c |
| CVE-2023-4892 | 2023-09-25 | Teedy v1.11 - Stored cross-site scripting (XSS) |
| CVE-2023-4300 | 2023-09-25 | Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload |
| CVE-2023-3226 | 2023-09-25 | Popup Builder < 4.2.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-4490 | 2023-09-25 | WP Job Portal < 2.0.6 - Unauthenticated SQLi |
| CVE-2023-4238 | 2023-09-25 | Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload |
| CVE-2023-4281 | 2023-09-25 | Activity Log < 2.8.8 - IP Spoofing |
| CVE-2023-4521 | 2023-09-25 | Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE |
| CVE-2023-4631 | 2023-09-25 | DoLogin Security < 3.7 - IP Spoofing |
| CVE-2023-4148 | 2023-09-25 | Ditty < 3.1.25 - Reflected XSS |
| CVE-2023-4502 | 2023-09-25 | Translate WordPress with GTranslate < 3.0.4 - Admin+ Stored XSS |
| CVE-2023-3547 | 2023-09-25 | All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF |
| CVE-2023-3664 | 2023-09-25 | FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access |
| CVE-2023-4549 | 2023-09-25 | DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2023-4476 | 2023-09-25 | Locatoraid Store Locator < 3.9.24 - Reflected XSS |
| CVE-2023-4156 | 2023-09-25 | Heap out of bound read in builtin.c |
| CVE-2023-41871 | 2023-09-25 | WordPress Poll Maker Plugin <= 4.7.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41868 | 2023-09-25 | WordPress Stagtools Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41867 | 2023-09-25 | WordPress AcyMailing SMTP Newsletter Plugin <= 8.6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41863 | 2023-09-25 | WordPress PeproDev CF7 Database Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40581 | 2023-09-25 | yt-dlp command injection when using `%q` in `--exec` on Windows |
| CVE-2023-42817 | 2023-09-25 | Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations |
| CVE-2023-43642 | 2023-09-25 | Missing upper bound check on chunk length in snappy-java |
| CVE-2023-43644 | 2023-09-25 | Improper authentication in the SOCKS5 inbound in sing-box |
| CVE-2022-4137 | 2023-09-25 | Keycloak: reflected xss attack |
| CVE-2022-4244 | 2023-09-25 | Codehaus-plexus: directory traversal |
| CVE-2022-4245 | 2023-09-25 | Codehaus-plexus: xml external entity (xxe) injection |
| CVE-2022-4318 | 2023-09-25 | Cri-o: /etc/passwd tampering privesc |
| CVE-2023-42753 | 2023-09-25 | Kernel: netfilter: potential slab-out-of-bound access due to integer underflow |
| CVE-2023-4258 | 2023-09-25 | bt: mesh: vulnerability in provisioning protocol implementation on provisionee side |
| CVE-2023-4259 | 2023-09-25 | Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver |
| CVE-2023-35793 | 2023-09-26 | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks. |
| CVE-2023-41904 | 2023-09-26 | Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. |
| CVE-2023-43154 | 2023-09-26 | In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover... |
| CVE-2023-43187 | 2023-09-26 | A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. |
| CVE-2023-43216 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. |
| CVE-2023-43222 | 2023-09-26 | SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. |
| CVE-2023-43232 | 2023-09-26 | A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into... |
| CVE-2023-43234 | 2023-09-26 | DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. |
| CVE-2023-43263 | 2023-09-26 | A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. |
| CVE-2023-43291 | 2023-09-26 | Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. |
| CVE-2023-43331 | 2023-09-26 | A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the... |
| CVE-2023-43381 | 2023-09-26 | SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php |
| CVE-2023-43856 | 2023-09-26 | Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. |
| CVE-2023-43857 | 2023-09-26 | Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. |
| CVE-2023-44042 | 2023-09-26 | A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website... |
| CVE-2023-44043 | 2023-09-26 | A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website... |
| CVE-2023-44044 | 2023-09-26 | Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. |
| CVE-2023-44169 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. |
| CVE-2023-44170 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. |
| CVE-2023-44171 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. |
| CVE-2023-44172 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. |
| CVE-2023-44216 | 2023-09-26 | PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a... |
| CVE-2021-38243 | 2023-09-26 | xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request. |
| CVE-2023-41305 | 2023-09-26 | Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-41306 | 2023-09-26 | Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable. |
| CVE-2023-41307 | 2023-09-26 | Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-41308 | 2023-09-26 | Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. |
| CVE-2023-41309 | 2023-09-26 | Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-41310 | 2023-09-26 | Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background. |
| CVE-2023-41311 | 2023-09-26 | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. |
| CVE-2023-41312 | 2023-09-26 | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically. |
| CVE-2023-4565 | 2023-09-26 | Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable. |
| CVE-2022-48606 | 2023-09-26 | Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability. |
| CVE-2023-4506 | 2023-09-26 | The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing... |
| CVE-2023-4505 | 2023-09-26 | The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation... |
| CVE-2023-5161 | 2023-09-26 | The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on... |
| CVE-2023-5135 | 2023-09-26 | The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output... |
| CVE-2023-5162 | 2023-09-26 | The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and... |
| CVE-2023-2315 | 2023-09-26 | Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 |
| CVE-2023-5192 | 2023-09-26 | Excessive Data Query Operations in a Large Data Table in pimcore/demo |
| CVE-2023-41861 | 2023-09-26 | WordPress Restrict Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41860 | 2023-09-26 | WordPress Travel Map Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3767 | 2023-09-26 | OS command injection on EasyPHP Webserver |
| CVE-2023-40219 | 2023-09-26 | Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. |
| CVE-2023-40532 | 2023-09-26 | Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. |
| CVE-2023-41233 | 2023-09-26 | Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2023-41962 | 2023-09-26 | Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. |
| CVE-2023-43484 | 2023-09-26 | Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2023-43493 | 2023-09-26 | SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. |
| CVE-2023-43610 | 2023-09-26 | SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database... |
| CVE-2023-43614 | 2023-09-26 | Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. |
| CVE-2023-39375 | 2023-09-26 | SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges |
| CVE-2023-39376 | 2023-09-26 | SiberianCMS - CWE-284: Improper Access Control Authorized user may disable a security feature over the network |
| CVE-2023-39377 | 2023-09-26 | SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method |
| CVE-2023-39378 | 2023-09-26 | SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user |
| CVE-2023-5197 | 2023-09-26 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2023-4065 | 2023-09-26 | Operator: plaintext password in operator log |
| CVE-2023-5157 | 2023-09-26 | Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6 |
| CVE-2023-28055 | 2023-09-26 | Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to... |
| CVE-2023-43775 | 2023-09-26 | Security issue in SMP Gateway automation platform |
| CVE-2023-32541 | 2023-09-26 | A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user... |
| CVE-2023-34043 | 2023-09-26 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. |
| CVE-2023-30959 | 2023-09-26 | Stored XSS via javascript URI in Apollo Change Requests comment |
| CVE-2023-30961 | 2023-09-26 | Palantir Gotham UI bug that could lead to incorrect data classification |
| CVE-2023-43646 | 2023-09-26 | Inefficient Regular Expression Complexity in get-func-name |
| CVE-2023-39347 | 2023-09-26 | Cilium NetworkPolicy bypass via pod labels |
| CVE-2023-4264 | 2023-09-26 | Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem |
| CVE-2023-42460 | 2023-09-26 | _abi_decode input not validated in complex expressions in Vyper |
| CVE-2023-4260 | 2023-09-26 | Potential off-by-one buffer overflow vulnerability in the Zephyr FS subsystem |