CVE List - 2023 / September
Showing 1601 - 1700 of 2148 CVEs for September 2023 (Page 17 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5156 | 2023-09-25 | Glibc: dos due to memory leak in getaddrinfo.c |
| CVE-2023-5158 | 2023-09-25 | Possible dos from guest to host invringh_kiov_advance in vhost driver at drivers/vhost/vringh.c |
| CVE-2023-4892 | 2023-09-25 | Teedy v1.11 - Stored cross-site scripting (XSS) |
| CVE-2023-4300 | 2023-09-25 | Import XML and RSS Feeds < 2.1.4 - Admin+ Arbitrary File Upload |
| CVE-2023-3226 | 2023-09-25 | Popup Builder < 4.2.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-4490 | 2023-09-25 | WP Job Portal < 2.0.6 - Unauthenticated SQLi |
| CVE-2023-4238 | 2023-09-25 | Prevent files / folders access < 2.5.2 - Admin+ Arbitrary File Upload |
| CVE-2023-4281 | 2023-09-25 | Activity Log < 2.8.8 - IP Spoofing |
| CVE-2023-4521 | 2023-09-25 | Import XML and RSS Feeds < 2.1.5 - Unauthenticated RCE |
| CVE-2023-4631 | 2023-09-25 | DoLogin Security < 3.7 - IP Spoofing |
| CVE-2023-4148 | 2023-09-25 | Ditty < 3.1.25 - Reflected XSS |
| CVE-2023-4502 | 2023-09-25 | Translate WordPress with GTranslate < 3.0.4 - Admin+ Stored XSS |
| CVE-2023-3547 | 2023-09-25 | All in One B2B for WooCommerce <= 1.0.3 - Multiple CSRF |
| CVE-2023-3664 | 2023-09-25 | FileOrganizer <= 1.0.2 - Admin+ Arbitrary File Access |
| CVE-2023-4549 | 2023-09-25 | DoLogin Security < 3.7 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2023-4476 | 2023-09-25 | Locatoraid Store Locator < 3.9.24 - Reflected XSS |
| CVE-2023-4156 | 2023-09-25 | Heap out of bound read in builtin.c |
| CVE-2023-41871 | 2023-09-25 | WordPress Poll Maker Plugin <= 4.7.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41868 | 2023-09-25 | WordPress Stagtools Plugin <= 2.3.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41867 | 2023-09-25 | WordPress AcyMailing SMTP Newsletter Plugin <= 8.6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41863 | 2023-09-25 | WordPress PeproDev CF7 Database Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40581 | 2023-09-25 | yt-dlp command injection when using `%q` in `--exec` on Windows |
| CVE-2023-42817 | 2023-09-25 | Cross-site Scripting (XSS) in pimcore admin-ui-classic-bundle translations |
| CVE-2023-43642 | 2023-09-25 | Missing upper bound check on chunk length in snappy-java |
| CVE-2023-43644 | 2023-09-25 | Improper authentication in the SOCKS5 inbound in sing-box |
| CVE-2022-4137 | 2023-09-25 | Keycloak: reflected xss attack |
| CVE-2022-4244 | 2023-09-25 | Codehaus-plexus: directory traversal |
| CVE-2022-4245 | 2023-09-25 | Codehaus-plexus: xml external entity (xxe) injection |
| CVE-2022-4318 | 2023-09-25 | Cri-o: /etc/passwd tampering privesc |
| CVE-2023-42753 | 2023-09-25 | Kernel: netfilter: potential slab-out-of-bound access due to integer underflow |
| CVE-2023-4258 | 2023-09-25 | bt: mesh: vulnerability in provisioning protocol implementation on provisionee side |
| CVE-2023-4259 | 2023-09-25 | Potential buffer overflow vulnerabilities in the Zephyr eS-WiFi driver |
| CVE-2021-38243 | 2023-09-26 | xunruicms up to v4.5.1 was discovered to contain a remote... |
| CVE-2023-35793 | 2023-09-26 | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing... |
| CVE-2023-41904 | 2023-09-26 | Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for... |
| CVE-2023-43154 | 2023-09-26 | In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose... |
| CVE-2023-43187 | 2023-09-26 | A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint... |
| CVE-2023-43216 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write... |
| CVE-2023-43222 | 2023-09-26 | SeaCMS v12.8 has an arbitrary code writing vulnerability in the... |
| CVE-2023-43232 | 2023-09-26 | A stored cross-site scripting (XSS) vulnerability in the Website column... |
| CVE-2023-43234 | 2023-09-26 | DedeBIZ v6.2.11 was discovered to contain multiple remote code execution... |
| CVE-2023-43263 | 2023-09-26 | A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows... |
| CVE-2023-43291 | 2023-09-26 | Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier... |
| CVE-2023-43331 | 2023-09-26 | A cross-site scripting (XSS) vulnerability in the Add User function... |
| CVE-2023-43381 | 2023-09-26 | SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote... |
| CVE-2023-43856 | 2023-09-26 | Dreamer CMS v4.1.3 was discovered to contain an arbitrary file... |
| CVE-2023-43857 | 2023-09-26 | Dreamer CMS v4.1.3 was discovered to contain a stored cross-site... |
| CVE-2023-44042 | 2023-09-26 | A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black... |
| CVE-2023-44043 | 2023-09-26 | A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black... |
| CVE-2023-44044 | 2023-09-26 | Super Store Finder v3.6 and below was discovered to contain... |
| CVE-2023-44169 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write... |
| CVE-2023-44170 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write... |
| CVE-2023-44171 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write... |
| CVE-2023-44172 | 2023-09-26 | SeaCMS V12.9 was discovered to contain an arbitrary file write... |
| CVE-2023-44216 | 2023-09-26 | PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU... |
| CVE-2023-41305 | 2023-09-26 | Vulnerability of 5G messages being sent without being encrypted in... |
| CVE-2023-41306 | 2023-09-26 | Vulnerability of mutex management in the bone voice ID trusted... |
| CVE-2023-41307 | 2023-09-26 | Memory overwriting vulnerability in the security module. Successful exploitation of... |
| CVE-2023-41308 | 2023-09-26 | Screenshot vulnerability in the input module. Successful exploitation of this... |
| CVE-2023-41309 | 2023-09-26 | Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of... |
| CVE-2023-41310 | 2023-09-26 | Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of... |
| CVE-2023-41311 | 2023-09-26 | Permission control vulnerability in the audio module. Successful exploitation of... |
| CVE-2023-41312 | 2023-09-26 | Permission control vulnerability in the audio module. Successful exploitation of... |
| CVE-2023-4565 | 2023-09-26 | Broadcast permission control vulnerability in the framework module. Successful exploitation... |
| CVE-2022-48606 | 2023-09-26 | Stability-related vulnerability in the binder background management and control module.... |
| CVE-2023-4506 | 2023-09-26 | The Active Directory Integration / LDAP Integration plugin for WordPress... |
| CVE-2023-4505 | 2023-09-26 | The Staff / Employee Business Directory for Active Directory plugin... |
| CVE-2023-5161 | 2023-09-26 | The Modal Window plugin for WordPress is vulnerable to Stored... |
| CVE-2023-5135 | 2023-09-26 | The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to... |
| CVE-2023-5162 | 2023-09-26 | The Options for Twenty Seventeen plugin for WordPress is vulnerable... |
| CVE-2023-2315 | 2023-09-26 | Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 |
| CVE-2023-5192 | 2023-09-26 | Excessive Data Query Operations in a Large Data Table in pimcore/demo |
| CVE-2023-41861 | 2023-09-26 | WordPress Restrict Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41860 | 2023-09-26 | WordPress Travel Map Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3767 | 2023-09-26 | OS command injection on EasyPHP Webserver |
| CVE-2023-40219 | 2023-09-26 | Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with... |
| CVE-2023-40532 | 2023-09-26 | Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21... |
| CVE-2023-41233 | 2023-09-26 | Cross-site scripting vulnerability in Item List page registration process of... |
| CVE-2023-41962 | 2023-09-26 | Cross-site scripting vulnerability in Credit Card Payment Setup page of... |
| CVE-2023-43484 | 2023-09-26 | Cross-site scripting vulnerability in Item List page of Welcart e-Commerce... |
| CVE-2023-43493 | 2023-09-26 | SQL injection vulnerability in Item List page of Welcart e-Commerce... |
| CVE-2023-43610 | 2023-09-26 | SQL injection vulnerability in Order Data Edit page of Welcart... |
| CVE-2023-43614 | 2023-09-26 | Cross-site scripting vulnerability in Order Data Edit page of Welcart... |
| CVE-2023-39375 | 2023-09-26 | SiberianCMS - CWE-274: Improper Handling of Insufficient Privileges |
| CVE-2023-39376 | 2023-09-26 | SiberianCMS - CWE-284: Improper Access Control Authorized user may disable a security feature over the network |
| CVE-2023-39377 | 2023-09-26 | SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method |
| CVE-2023-39378 | 2023-09-26 | SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user |
| CVE-2023-5197 | 2023-09-26 | Use-after-free in Linux kernel's netfilter: nf_tables component |
| CVE-2023-4065 | 2023-09-26 | Operator: plaintext password in operator log |
| CVE-2023-5157 | 2023-09-26 | Mariadb: node crashes with transport endpoint is not connected mysqld got signal 6 |
| CVE-2023-28055 | 2023-09-26 | Dell NetWorker, Version 19.7 has an improper authorization vulnerability in... |
| CVE-2023-43775 | 2023-09-26 | Security issue in SMP Gateway automation platform |
| CVE-2023-32541 | 2023-09-26 | A use-after-free vulnerability exists in the footerr functionality of Hancom... |
| CVE-2023-34043 | 2023-09-26 | VMware Aria Operations contains a local privilege escalation vulnerability. A... |
| CVE-2023-30959 | 2023-09-26 | Stored XSS via javascript URI in Apollo Change Requests comment |
| CVE-2023-30961 | 2023-09-26 | Palantir Gotham UI bug that could lead to incorrect data classification |
| CVE-2023-43646 | 2023-09-26 | Inefficient Regular Expression Complexity in get-func-name |
| CVE-2023-39347 | 2023-09-26 | Cilium NetworkPolicy bypass via pod labels |
| CVE-2023-4264 | 2023-09-26 | Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem |
| CVE-2023-42460 | 2023-09-26 | _abi_decode input not validated in complex expressions in Vyper |