CVE List - 2023 / September
Showing 2001 - 2100 of 2148 CVEs for September 2023 (Page 21 of 22)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-43740 | 2023-09-28 | Online Book Store Project v1.0 - Insecure File Upload |
| CVE-2023-5185 | 2023-09-28 | Gym Management System Project v1.0 - Insecure File Upload |
| CVE-2023-44173 | 2023-09-28 | Online Movie Ticket Booking System v1.0 - Reflected Cross-Site Scripting (XSS) |
| CVE-2023-43013 | 2023-09-28 | Asset Management System v1.0 - Unauthenticated SQL Injection (SQLi) |
| CVE-2023-43014 | 2023-09-28 | Asset Management System v1.0 - Authenticated SQL Injection (SQLi) |
| CVE-2023-44174 | 2023-09-28 | Online Movie Ticket Booking System v1.0 - Stored Cross-Site Scripting (XSS) |
| CVE-2023-43739 | 2023-09-28 | Online Book Store Project v1.0 - Unauthenticated SQL Injection (SQLi) |
| CVE-2023-44163 | 2023-09-28 | Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-44164 | 2023-09-28 | Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-44166 | 2023-09-28 | Online Movie Ticket Booking System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-43662 | 2023-09-28 | Arbitrary file read vulnerability in Shoko Server |
| CVE-2023-43654 | 2023-09-28 | TorchServe Server-Side Request Forgery |
| CVE-2023-3775 | 2023-09-28 | Vault Enterprise's Sentinel RGP Policies Allowed For Cross-Namespace Denial of Service |
| CVE-2023-5077 | 2023-09-28 | Vault's Google Cloud Secrets Engine Removed Existing IAM Conditions When Creating / Updating Rolesets |
| CVE-2022-35908 | 2023-09-29 | Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize... |
| CVE-2023-43909 | 2023-09-29 | Hospital Management System thru commit 4770d was discovered to contain... |
| CVE-2023-43944 | 2023-09-29 | A Stored Cross Site Scripting (XSS) vulnerability was found in... |
| CVE-2023-44270 | 2023-09-29 | An issue was discovered in PostCSS before 8.4.31. The vulnerability... |
| CVE-2023-44464 | 2023-09-29 | pretix before 2023.7.2 allows Pillow to parse EPS files. |
| CVE-2023-44466 | 2023-09-29 | An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel... |
| CVE-2023-44469 | 2023-09-29 | A Server-Side Request Forgery issue in the OpenID Connect Issuer... |
| CVE-2023-26146 | 2023-09-29 | All versions of the package ithewei/libhv are vulnerable to Cross-site... |
| CVE-2023-26148 | 2023-09-29 | All versions of the package ithewei/libhv are vulnerable to CRLF... |
| CVE-2023-26147 | 2023-09-29 | All versions of the package ithewei/libhv are vulnerable to HTTP... |
| CVE-2023-30591 | 2023-09-29 | NodeBB Pre-Authentication Denial-of-Service |
| CVE-2023-4532 | 2023-09-29 | Incorrect Authorization in GitLab |
| CVE-2023-3979 | 2023-09-29 | Incorrect Authorization in GitLab |
| CVE-2023-3906 | 2023-09-29 | Improper Validation of Specified Type of Input in GitLab |
| CVE-2023-3914 | 2023-09-29 | Incorrect User Management in GitLab |
| CVE-2023-3917 | 2023-09-29 | Improper Validation of Specified Type of Input in GitLab |
| CVE-2023-3920 | 2023-09-29 | Incorrect Authorization in GitLab |
| CVE-2023-3115 | 2023-09-29 | Incorrect User Management in GitLab |
| CVE-2023-2233 | 2023-09-29 | Missing Authorization in GitLab |
| CVE-2023-0989 | 2023-09-29 | Improper Ownership Management in GitLab |
| CVE-2023-5198 | 2023-09-29 | Incorrect Authorization in GitLab |
| CVE-2023-32477 | 2023-09-29 | Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain... |
| CVE-2023-3922 | 2023-09-29 | URL Redirection to Untrusted Site ('Open Redirect') in GitLab |
| CVE-2023-3413 | 2023-09-29 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-5159 | 2023-09-29 | A User Manager role with user edit permissions could manage/update bots |
| CVE-2023-5196 | 2023-09-29 | DoS via Channel Notification Properties |
| CVE-2023-5193 | 2023-09-29 | System Role with manage posts permission can read posts of Direct Messages |
| CVE-2023-5195 | 2023-09-29 | A team member can soft delete other teams that they are not part of |
| CVE-2023-5194 | 2023-09-29 | A system/user manager can demote / deactivate another manager |
| CVE-2023-5257 | 2023-09-29 | WhiteHSBG JNDIExploit HTTPServer.java handleFileRequest path traversal |
| CVE-2023-5258 | 2023-09-29 | OpenRapid RapidCMS addgood.php sql injection |
| CVE-2023-5259 | 2023-09-29 | ForU CMS cms_admin.php denial of service |
| CVE-2023-5288 | 2023-09-29 | A remote unauthorized attacker may connect to the SIM1012, interact... |
| CVE-2023-5260 | 2023-09-29 | SourceCodester Simple Membership System group_validator.php sql injection |
| CVE-2023-5261 | 2023-09-29 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-41655 | 2023-09-29 | WordPress authLdap Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41657 | 2023-09-29 | WordPress HollerBox Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5262 | 2023-09-29 | OpenRapid RapidCMS uploadicon.php isImg unrestricted upload |
| CVE-2023-41658 | 2023-09-29 | WordPress Photo Gallery Slideshow & Masonry Tiled Gallery Plugin <= 1.0.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41661 | 2023-09-29 | WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41662 | 2023-09-29 | WordPress WP-dTree Plugin <= 4.4.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41663 | 2023-09-29 | WordPress WP Bannerize Pro Plugin <= 1.6.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41666 | 2023-09-29 | WordPress Stock Quotes List Plugin <= 2.9.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41687 | 2023-09-29 | WordPress Goods Catalog Plugin <= 2.4.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-41691 | 2023-09-29 | WordPress WooCommerce PensoPay Plugin <= 6.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5289 | 2023-09-29 | Allocation of Resources Without Limits or Throttling in ikus060/rdiffweb |
| CVE-2023-39308 | 2023-09-29 | WordPress User Feedback Plugin <= 1.0.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5263 | 2023-09-29 | ZZZCMS Database Backup File save.php restore permission |
| CVE-2023-5264 | 2023-09-29 | huakecms cms_content.php sql injection |
| CVE-2023-5265 | 2023-09-29 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-5266 | 2023-09-29 | DedeBIZ tags_main.php sql injection |
| CVE-2023-5267 | 2023-09-29 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-5268 | 2023-09-29 | DedeBIZ makehtml_taglist_action.php sql injection |
| CVE-2023-5269 | 2023-09-29 | SourceCodester Best Courier Management System GET Parameter parcel_list.php sql injection |
| CVE-2023-5270 | 2023-09-29 | SourceCodester Best Courier Management System view_parcel.php sql injection |
| CVE-2023-5271 | 2023-09-29 | SourceCodester Best Courier Management System edit_parcel.php sql injection |
| CVE-2023-39410 | 2023-09-29 | Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK |
| CVE-2023-5272 | 2023-09-29 | SourceCodester Best Courier Management System GET Parameter edit_parcel.php sql injection |
| CVE-2023-5273 | 2023-09-29 | SourceCodester Best Courier Management System manage_parcel_status.php cross site scripting |
| CVE-2023-3024 | 2023-09-29 | Bluetooth LE segmented 'prepare write response' packet may lead to out-of-bounds memory access |
| CVE-2023-5276 | 2023-09-29 | SourceCodester Engineers Online Portal downloadable_student.php sql injection |
| CVE-2023-26218 | 2023-09-29 | TIBCO Nimbus Reflected Cross-site Scripting (XSS) vulnerabilities |
| CVE-2023-5277 | 2023-09-29 | SourceCodester Engineers Online Portal student_avatar.php unrestricted upload |
| CVE-2023-5278 | 2023-09-29 | SourceCodester Engineers Online Portal login.php sql injection |
| CVE-2023-5279 | 2023-09-29 | SourceCodester Engineers Online Portal my_classmates.php sql injection |
| CVE-2023-5280 | 2023-09-29 | SourceCodester Engineers Online Portal my_students.php sql injection |
| CVE-2023-5281 | 2023-09-29 | SourceCodester Engineers Online Portal remove_inbox_message.php sql injection |
| CVE-2023-5282 | 2023-09-29 | SourceCodester Engineers Online Portal seed_message_student.php sql injection |
| CVE-2023-5283 | 2023-09-29 | SourceCodester Engineers Online Portal teacher_signup.php sql injection |
| CVE-2023-5284 | 2023-09-29 | SourceCodester Engineers Online Portal upload_save_student.php unrestricted upload |
| CVE-2023-5285 | 2023-09-29 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-43655 | 2023-09-29 | Remote Code Execution via web-accessible composer.phar |
| CVE-2023-5286 | 2023-09-29 | SourceCodester Expense Tracker App Category add_category.php cross site scripting |
| CVE-2023-5287 | 2023-09-29 | BEECMS cross site scripting |
| CVE-2023-5293 | 2023-09-29 | ECshop leancloud.php sql injection |
| CVE-2023-5294 | 2023-09-29 | ECshop order.php sql injection |
| CVE-2023-5296 | 2023-09-29 | Xinhu RockOA Password password recovery |
| CVE-2023-5297 | 2023-09-29 | Xinhu RockOA start backup |
| CVE-2023-44488 | 2023-09-30 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a... |
| CVE-2023-5227 | 2023-09-30 | Unrestricted Upload of File with Dangerous Type in thorsten/phpmyfaq |
| CVE-2023-5319 | 2023-09-30 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-5316 | 2023-09-30 | Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq |
| CVE-2023-5318 | 2023-09-30 | Use of Hard-coded Credentials in microweber/microweber |
| CVE-2023-5317 | 2023-09-30 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-5320 | 2023-09-30 | Cross-site Scripting (XSS) - DOM in thorsten/phpmyfaq |
| CVE-2023-43702 | 2023-09-30 | Os Commerce 4.12.56860 - Cross Site Scripting Reflected (XSS) |