CVE List - 2023 / September
Showing 1801 - 1900 of 2148 CVEs for September 2023 (Page 19 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-41451 | 2023-09-27 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. |
| CVE-2023-41452 | 2023-09-27 | Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. |
| CVE-2023-41453 | 2023-09-27 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. |
| CVE-2023-43191 | 2023-09-27 | SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the... |
| CVE-2023-43192 | 2023-09-27 | SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. As a result, special characters in parameters... |
| CVE-2023-43233 | 2023-09-27 | A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title... |
| CVE-2023-43314 | 2023-09-27 | ** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted... |
| CVE-2023-43320 | 2023-09-27 | An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker... |
| CVE-2023-43828 | 2023-09-27 | A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. |
| CVE-2023-43830 | 2023-09-27 | A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum... |
| CVE-2023-44013 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function. |
| CVE-2023-44014 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters. |
| CVE-2023-44015 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function. |
| CVE-2023-44016 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. |
| CVE-2023-44017 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. |
| CVE-2023-44018 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function. |
| CVE-2023-44019 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function. |
| CVE-2023-44020 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. |
| CVE-2023-44021 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function. |
| CVE-2023-44022 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. |
| CVE-2023-44023 | 2023-09-27 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. |
| CVE-2023-44047 | 2023-09-27 | Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. |
| CVE-2023-44048 | 2023-09-27 | Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. |
| CVE-2023-44080 | 2023-09-27 | An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. |
| CVE-2023-4423 | 2023-09-27 | The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including,... |
| CVE-2023-28490 | 2023-09-27 | WordPress Mortgage Calculator Estatik Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28790 | 2023-09-27 | WordPress Simple Staff List Plugin <= 2.2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40604 | 2023-09-27 | WordPress Cookies by JM Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27617 | 2023-09-27 | WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27616 | 2023-09-27 | WordPress RSVPMarker Plugin <= 10.6.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40605 | 2023-09-27 | WordPress Typing Effect Plugin <= 1.3.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40330 | 2023-09-27 | WordPress GD Security Headers Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40663 | 2023-09-27 | WordPress WP VR Plugin <= 8.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40664 | 2023-09-27 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40665 | 2023-09-27 | WordPress Save as Image plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40668 | 2023-09-27 | WordPress Save as PDF plugin by Pdfcrowd Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40667 | 2023-09-27 | WordPress Simple URLs Plugin <= 117 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40676 | 2023-09-27 | WordPress Slimstat Analytics Plugin <= 5.0.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40669 | 2023-09-27 | WordPress Collapse-O-Matic Plugin <= 1.8.5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-43825 | 2023-09-27 | Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file... |
| CVE-2023-40675 | 2023-09-27 | WordPress Landing Page Builder Plugin <= 1.5.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40677 | 2023-09-27 | WordPress Vertical Marquee Plugin Plugin <= 7.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4934 | 2023-09-27 | IDOR in Usta AYBS |
| CVE-2023-25483 | 2023-09-27 | WordPress Easy Coming Soon Plugin <= 2.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27628 | 2023-09-27 | WordPress Sitekit Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27622 | 2023-09-27 | WordPress GuruWalk Affiliates Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4737 | 2023-09-27 | SQLi in Hedef Trackings Admin Panel |
| CVE-2023-30471 | 2023-09-27 | WordPress WP Search Analytics Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35071 | 2023-09-27 | SQLi in MRV Tech's Logging Administration Panel |
| CVE-2023-44121 | 2023-09-27 | LG ThinQ Service - Intent redirection with system privilege/LaunchAnyWhere |
| CVE-2023-30472 | 2023-09-27 | WordPress URL Shortener by MyThemeShop Plugin <= 1.0.17 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30493 | 2023-09-27 | WordPress Ultimate Addons for Contact Form 7 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40333 | 2023-09-27 | WordPress Bridge Core Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41235 | 2023-09-27 | WordPress Everest News Pro Theme <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41236 | 2023-09-27 | WordPress Happy Elementor Addons Pro Plugin <= 2.8.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41237 | 2023-09-27 | WordPress Arya Multipurpose Pro Theme <= 1.0.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41238 | 2023-09-27 | WordPress Social Media & Share Icons Plugin <= 2.8.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44152 | 2023-09-27 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. |
| CVE-2023-44153 | 2023-09-27 | Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. |
| CVE-2023-44154 | 2023-09-27 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-44155 | 2023-09-27 | Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-44157 | 2023-09-27 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. |
| CVE-2023-44158 | 2023-09-27 | Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-44160 | 2023-09-27 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-44161 | 2023-09-27 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-44205 | 2023-09-27 | Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-44156 | 2023-09-27 | Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-44159 | 2023-09-27 | Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-44206 | 2023-09-27 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-44207 | 2023-09-27 | Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. |
| CVE-2023-4003 | 2023-09-27 | One Identity Password Manager version 5.9.7.1 - Unauthenticated physical access privilege escalation |
| CVE-2023-42486 | 2023-09-27 | Fortect - CWE-428: Unquoted Search Path or Element |
| CVE-2023-42487 | 2023-09-27 | Soundminer – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') |
| CVE-2023-41241 | 2023-09-27 | WordPress SureCart Plugin <= 2.5.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41242 | 2023-09-27 | WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41653 | 2023-09-27 | WordPress Sermon'e – Sermons Online Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5221 | 2023-09-27 | ForU CMS index.php code injection |
| CVE-2023-5222 | 2023-09-27 | Viessmann Vitogate 300 Web Management Interface vitogate.cgi isValidUser hard-coded password |
| CVE-2023-0456 | 2023-09-27 | Apicast proxies the api call with incorrect jwt token to the api backend without proper authorization check |
| CVE-2023-0833 | 2023-09-27 | Red hat a-mq streams: component version with information disclosure flaw |
| CVE-2023-44122 | 2023-09-27 | LockScreenSettings - Theft arbitrary files with system privilege |
| CVE-2023-44123 | 2023-09-27 | Bluetooth - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking |
| CVE-2023-3223 | 2023-09-27 | Undertow: outofmemoryerror due to @multipartconfig handling |
| CVE-2023-44124 | 2023-09-27 | Screen recording - Theft of arbitrary files with system privilege |
| CVE-2023-44125 | 2023-09-27 | Personalized service - Theft and (over-)write of arbitrary files with system privilege via PendingIntent hijacking |
| CVE-2023-5223 | 2023-09-27 | HimitZH HOJ Topic sandbox |
| CVE-2023-44126 | 2023-09-27 | Call management - Implicit intents disclose telephony data such as phone numbers, call states, contacts |
| CVE-2023-44127 | 2023-09-27 | Call management - Implicit activity intents disclose contact details and phone numbers |
| CVE-2023-44128 | 2023-09-27 | LGInstallService - Deletion of arbitrary files with system privilege |
| CVE-2023-44129 | 2023-09-27 | Messaging - Gaining access to arbitrary content providers via QClipIntentReceiverActivity |
| CVE-2023-5168 | 2023-09-27 | A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects... |
| CVE-2023-5169 | 2023-09-27 | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects... |
| CVE-2023-5171 | 2023-09-27 | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects... |
| CVE-2023-5174 | 2023-09-27 | If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. *This... |
| CVE-2023-5176 | 2023-09-27 | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2023-5170 | 2023-09-27 | In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used... |
| CVE-2023-5172 | 2023-09-27 | A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox <... |
| CVE-2023-5173 | 2023-09-27 | In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to... |
| CVE-2023-5175 | 2023-09-27 | During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This... |
| CVE-2023-40044 | 2023-09-27 | WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability |