Lista CVE - 2023 / Aprile
Visualizzazione 1901 - 2000 di 2302 CVE per Aprile 2023 (Pagina 20 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-31061 | 2023-04-24 | Repetier Server through 1.4.10 does not have CSRF protection. |
| CVE-2023-31081 | 2023-04-24 | An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel... |
| CVE-2023-31084 | 2023-04-24 | An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel... |
| CVE-2023-22581 | 2023-04-24 | White Rabbit Switch - Unauthenticated remote code execution |
| CVE-2023-22577 | 2023-04-24 | White Rabbit Switch - Password Disclosure Vulnerability |
| CVE-2022-48476 | 2023-04-24 | In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource`... |
| CVE-2022-48477 | 2023-04-24 | In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module... |
| CVE-2023-1731 | 2023-04-24 | Improper Input Validation in Meinberg LTOS |
| CVE-2023-23892 | 2023-04-24 | WordPress M Chart Plugin <= 1.9.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-45084 | 2023-04-24 | WordPress Loginizer Plugin <= 1.7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47158 | 2023-04-24 | WordPress alfred24 Click & Collect Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-47598 | 2023-04-24 | WordPress WP Super Popup Plugin <= 1.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24818 | 2023-04-24 | RIOT-OS vulnerable to null pointer dereference during fragment forwarding |
| CVE-2023-24819 | 2023-04-24 | RIOT-OS vulnerable to Buffer Overflow during IPHC receive |
| CVE-2023-24820 | 2023-04-24 | RIOT-OS vulnerable to Integer Underflow during IPHC receive |
| CVE-2023-24821 | 2023-04-24 | RIOT-OS vulnerable to Integer Underflow during defragmentation |
| CVE-2023-24822 | 2023-04-24 | RIOT-OS vulnerable to Null Pointer dereference during IPHC encoding |
| CVE-2023-24823 | 2023-04-24 | RIOT-OS vulnerable to Packet Type Confusion during IPHC send |
| CVE-2023-27524 | 2023-04-24 | Apache Superset: Session validation vulnerability when using provided default SECRET_KEY |
| CVE-2023-30776 | 2023-04-24 | Apache Superset: Database connection password leak |
| CVE-2023-30622 | 2023-04-24 | Clusternet has potential risk which can be leveraged to make a cluster-level privilege escalation |
| CVE-2023-26494 | 2023-04-24 | lorawan-stack has open redirect vulnerability |
| CVE-2023-30544 | 2023-04-24 | Kiwi TCMS may allow user to update email address to unverified one |
| CVE-2023-30613 | 2023-04-24 | Kiwi TCMS unrestricted file upload vulnerability |
| CVE-2022-41612 | 2023-04-24 | WordPress Similar Posts Plugin <= 3.1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2012-10013 | 2023-04-24 | Kau-Boy Backend Localization Plugin backend_localization.php cross site scripting |
| CVE-2012-10014 | 2023-04-24 | Kau-Boy Backend Localization Plugin backend_localization.php localize_backend cross site scripting |
| CVE-2023-0420 | 2023-04-24 | Custom Post Type and Taxonomy GUI Manager <= 1.1 - Stored XSS via CSRF |
| CVE-2023-1420 | 2023-04-24 | Ajax Search Lite < 4.11.1, Pro < 4.26.2 - Reflected Cross-Site Scripting |
| CVE-2023-0899 | 2023-04-24 | Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated Stored XSS |
| CVE-2023-1020 | 2023-04-24 | Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi |
| CVE-2023-1129 | 2023-04-24 | WP FEvents Book <= 0.46 - Subscriber+ Arbitrary Booking Manipulation via IDOR |
| CVE-2023-0276 | 2023-04-24 | Weaver Xtreme Theme Support < 6.2.7 - Contributor+ Stored XSS |
| CVE-2023-1324 | 2023-04-24 | Easy Forms for MailChimp < 6.8.8 - Reflected XSS |
| CVE-2023-0388 | 2023-04-24 | Random Text <= 0.3.0 - Subscriber+ SQLi |
| CVE-2023-1126 | 2023-04-24 | WP FEvents Book <= 0.46 - Subscriber+ Stored XSS |
| CVE-2023-1624 | 2023-04-24 | WPCode Lite < 2.0.9 - Arbitrary Log File Deletion via CSRF |
| CVE-2023-0424 | 2023-04-24 | MS-Reviews <= 1.5 - Subscriber+ Stored XSS |
| CVE-2023-1435 | 2023-04-24 | Ajax Search Lite Pro < 4.26.2 - Multiple Reflected Cross-Site Scripting |
| CVE-2023-0418 | 2023-04-24 | Video Central for WordPress <= 1.3.0 - Contributor+ Stored XSS |
| CVE-2023-1623 | 2023-04-24 | Custom Post Type UI < 1.13.5 - Debug Info Sending via CSRF |
| CVE-2023-1414 | 2023-04-24 | WP VR < 8.3.0 - Subscriber+ Arbitrary Tour Update |
| CVE-2023-2257 | 2023-04-24 | Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop... |
| CVE-2023-29530 | 2023-04-24 | Laminas Diactoros vulnerable to HTTP Multiline Header Termination |
| CVE-2023-30626 | 2023-04-24 | Jellyfin vulnerable to directory traversal and file write causing arbitrary code execution |
| CVE-2023-30627 | 2023-04-24 | jellyfin-web has a stored cross-site scripting vulnerability in devices.js |
| CVE-2023-30623 | 2023-04-24 | Arbitrary command injection in embano1/wip |
| CVE-2023-30628 | 2023-04-24 | Kiwi TCMS has command injection vulnerability in changelog.yml CI workflow |
| CVE-2023-30629 | 2023-04-24 | Vyper's raw_call with outsize=0 and revert_on_failure=False returns incorrect success value |
| CVE-2022-42335 | 2023-04-25 | x86 shadow paging arbitrary pointer dereference In environments where host... |
| CVE-2023-2269 | 2023-04-25 | A denial of service problem was found, due to a... |
| CVE-2023-30402 | 2023-04-25 | YASM v1.3.0 was discovered to contain a heap overflow via... |
| CVE-2012-5872 | 2023-04-25 | ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in... |
| CVE-2012-5873 | 2023-04-25 | ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the... |
| CVE-2022-23721 | 2023-04-25 | PingID integration for Windows login duplicate username collision. |
| CVE-2022-31244 | 2023-04-25 | Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for... |
| CVE-2022-40482 | 2023-04-25 | The authentication method in Laravel 8.x through 9.x before 9.32.0... |
| CVE-2022-40722 | 2023-04-25 | Misconfiguration of RSA padding for offline MFA in the PingID Adapter for PingFederate. |
| CVE-2022-40723 | 2023-04-25 | Configuration-based MFA Bypass in PingID RADIUS PCV. |
| CVE-2022-40724 | 2023-04-25 | Cross-Site Request Forgery on PingFederate Local Identity Profiles Endpoint. |
| CVE-2022-40725 | 2023-04-25 | PingID Desktop PIN attempt lockout bypass. |
| CVE-2022-45291 | 2023-04-25 | PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts)... |
| CVE-2023-20869 | 2023-04-25 | VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based... |
| CVE-2023-20870 | 2023-04-25 | VMware Workstation and Fusion contain an out-of-bounds read vulnerability that... |
| CVE-2023-20871 | 2023-04-25 | VMware Fusion contains a local privilege escalation vulnerability. A malicious... |
| CVE-2023-20872 | 2023-04-25 | VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in... |
| CVE-2023-23837 | 2023-04-25 | No Exception Handling Vulnerability: Database Performance Analyzer (DPA) 2023.1 |
| CVE-2023-23838 | 2023-04-25 | Directory traversal and file enumeration vulnerability: Database Performance Analyzer (DPA) 2023.1 |
| CVE-2023-23839 | 2023-04-25 | SolarWinds Platform Exposure of Sensitive Information Vulnerability |
| CVE-2023-24512 | 2023-04-25 | On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. |
| CVE-2023-25313 | 2023-04-25 | OS injection vulnerability in World Wide Broadcast Network AVideo version... |
| CVE-2023-25314 | 2023-04-25 | Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network... |
| CVE-2023-25346 | 2023-04-25 | A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows... |
| CVE-2023-25347 | 2023-04-25 | A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows... |
| CVE-2023-25348 | 2023-04-25 | ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability... |
| CVE-2023-26057 | 2023-04-25 | An XXE issue was discovered in Nokia NetAct before 22... |
| CVE-2023-26058 | 2023-04-25 | An XXE issue was discovered in Nokia NetAct before 22... |
| CVE-2023-26098 | 2023-04-25 | An issue was discovered in the Open Document feature in... |
| CVE-2023-26560 | 2023-04-25 | Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated... |
| CVE-2023-26735 | 2023-04-25 | blackbox_exporter v0.23.0 was discovered to contain an access control issue... |
| CVE-2023-26839 | 2023-04-25 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows... |
| CVE-2023-26840 | 2023-04-25 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows... |
| CVE-2023-26841 | 2023-04-25 | A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows... |
| CVE-2023-26843 | 2023-04-25 | A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows... |
| CVE-2023-27105 | 2023-04-25 | A vulnerability in the Wi-Fi file transfer module of Shanling... |
| CVE-2023-27843 | 2023-04-25 | SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before... |
| CVE-2023-28771 | 2023-04-25 | Improper error message handling in Zyxel ZyWALL/USG series firmware versions... |
| CVE-2023-29552 | 2023-04-25 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated,... |
| CVE-2023-29779 | 2023-04-25 | Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS)... |
| CVE-2023-30106 | 2023-04-25 | Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to... |
| CVE-2023-30111 | 2023-04-25 | Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross... |
| CVE-2023-30177 | 2023-04-25 | CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker... |
| CVE-2023-30404 | 2023-04-25 | Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a... |
| CVE-2023-30417 | 2023-04-25 | A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2... |
| CVE-2023-30549 | 2023-04-25 | Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer |
| CVE-2023-31223 | 2023-04-25 | Dradis before 4.8.0 allows persistent XSS by authenticated author users,... |
| CVE-2023-22665 | 2023-04-25 | Apache Jena: Exposure of arbitrary execution in script engine expressions. |
| CVE-2022-45837 | 2023-04-25 | WordPress 微信机器人高级版 Plugin <= 6.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25710 | 2023-04-25 | WordPress Click to Call or Chat Buttons Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27619 | 2023-04-25 | WordPress Regina Lite Theme <= 2.0.7 is vulnerable to Cross Site Scripting (XSS) |