Lista CVE - 2023 / Aprile
Visualizzazione 501 - 600 di 2302 CVE per Aprile 2023 (Pagina 6 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-25215 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25216 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25217 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the formWifiBasicSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25218 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the form_fast_setting_wifi_set function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25219 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-25220 | 2023-04-07 | Tenda AC5 US_AC5V1.0RTL_V15.03.06.28 was discovered to contain a stack overflow via the add_white_node function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-26817 | 2023-04-07 | codefever before 2023.2.7-commit-b1c2e7f was discovered to contain a remote code execution (RCE) vulnerability via the component /controllers/api/user.php. |
| CVE-2023-26820 | 2023-04-07 | siteproxy v1.0 was discovered to contain a path traversal vulnerability via the component index.js. |
| CVE-2023-26848 | 2023-04-07 | TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the org parameter at setting/delStaticDhcpRules. |
| CVE-2023-26978 | 2023-04-07 | TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the pppoeAcName parameter at /setting/setWanIeCfg. |
| CVE-2023-27012 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the setSchedWifi function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27013 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27014 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_46AC38 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27015 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_4A75C0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27016 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27017 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45DC58 function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27018 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_45EC1C function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27019 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the sub_458FBC function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27020 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27021 | 2023-04-07 | Tenda AC10 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via the formSetFirewallCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via... |
| CVE-2023-27033 | 2023-04-07 | Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent(). |
| CVE-2023-27180 | 2023-04-07 | GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. |
| CVE-2023-27801 | 2023-04-07 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-27802 | 2023-04-07 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditvsList parameter at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-27803 | 2023-04-07 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-27804 | 2023-04-07 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-27805 | 2023-04-07 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the EditSTList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-27806 | 2023-04-07 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-27807 | 2023-04-07 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the Delstlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-27808 | 2023-04-07 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-27810 | 2023-04-07 | H3C Magic R100 R100V100R005.bin was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a... |
| CVE-2023-29478 | 2023-04-07 | BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing restricted write access to almost anywhere on the filesystem. This includes the Minecraft mods folder, which results in code... |
| CVE-2023-28051 | 2023-04-07 | Dell Power Manager, versions 3.10 and prior, contains an Improper Access Control vulnerability. A low-privileged attacker could potentially exploit this vulnerability to elevate privileges on the system. |
| CVE-2023-1937 | 2023-04-07 | zhenfeng13 My-Blog userInfo cross-site request forgery |
| CVE-2023-25061 | 2023-04-07 | WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25059 | 2023-04-07 | WordPress avalex Plugin <= 3.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24402 | 2023-04-07 | WordPress WP Booking System Plugin <= 2.0.18 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-24398 | 2023-04-07 | WordPress EZP Coming Soon Page Plugin <= 1.0.7.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25046 | 2023-04-07 | WordPress Podlove Podcast Publisher Plugin <= 3.8.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25023 | 2023-04-07 | WordPress WebinarIgnition Plugin <= 2.14.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25022 | 2023-04-07 | WordPress Watu Quiz Plugin <= 3.3.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25027 | 2023-04-07 | WordPress Chained Quiz Plugin <= 1.3.2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25024 | 2023-04-07 | WordPress Icegram Collect plugin <= 1.3.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25031 | 2023-04-07 | WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25020 | 2023-04-07 | WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25049 | 2023-04-07 | WordPress eCommerce Product Catalog Plugin <= 3.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25041 | 2023-04-07 | WordPress Monolit Theme <= 2.0.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29236 | 2023-04-07 | WordPress Outdoor Theme <= 3.9.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28993 | 2023-04-07 | WordPress Albo Pretorio Online Plugin <= 4.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23885 | 2023-04-07 | WordPress Quick Contact Form Plugin <= 8.0.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23994 | 2023-04-07 | WordPress Auto Hide Admin Bar Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25716 | 2023-04-07 | WordPress Announce from the Dashboard Plugin <= 1.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25464 | 2023-04-07 | WordPress Twitch Player Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1726 | 2023-04-07 | XSS in Proliz OBS |
| CVE-2023-25711 | 2023-04-07 | WordPress WPGlobus Translate Options Plugin <= 2.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25712 | 2023-04-07 | WordPress Opt-Out for Google Analytics Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25705 | 2023-04-07 | WordPress WP Prayer Plugin <= 1.9.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25702 | 2023-04-07 | WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25713 | 2023-04-07 | WordPress Quick Paypal Payments Plugin <= 5.7.25 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-34333 | 2023-04-07 | IBM Sterling Order Management information disclosure |
| CVE-2023-29094 | 2023-04-07 | WordPress Product page shipping calculator for WooCommerce Plugin <= 1.3.20 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-33959 | 2023-04-07 | IBM Sterling Order Management privilege escalation |
| CVE-2023-27876 | 2023-04-07 | IBM TRIRIGA Application Platform XML external entity injection |
| CVE-2022-43914 | 2023-04-07 | IBM TRIRIGA Application Platform cross-site scripting |
| CVE-2022-43928 | 2023-04-07 | IBM Db2 Mirror for i information disclosure |
| CVE-2023-23799 | 2023-04-07 | WordPress Easy Panorama Plugin <= 1.1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-25442 | 2023-04-07 | WordPress Zeno Font Resizer Plugin <= 1.7.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27620 | 2023-04-07 | WordPress Robo Gallery Plugin <= 3.2.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28792 | 2023-04-07 | WordPress Continuous Image Carousel With Lightbox Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28781 | 2023-04-07 | WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28789 | 2023-04-07 | WordPress Contact Forms by Cimatti Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29172 | 2023-04-07 | WordPress PropertyHive Plugin <= 1.5.46 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29171 | 2023-04-07 | WordPress Magic Post Thumbnail Plugin <= 4.1.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29170 | 2023-04-07 | WordPress Product Enquiry for WooCommerce Plugin <= 2.2.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29388 | 2023-04-07 | WordPress Product Catalog Simple Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28707 | 2023-04-07 | Airflow Apache Drill Provider Arbitrary File Read Vulnerability |
| CVE-2023-28706 | 2023-04-07 | Apache Airflow Hive Provider Beeline Remote Command Execution |
| CVE-2023-28710 | 2023-04-07 | Apache Airflow Spark Provider Arbitrary File Read via JDBC |
| CVE-2023-1909 | 2023-04-07 | PHPGurukul BP Monitoring Management System User Profile Update profile.php sql injection |
| CVE-2023-1940 | 2023-04-07 | SourceCodester Simple and Beautiful Shopping Cart System delete_user_query.php sql injection |
| CVE-2023-1941 | 2023-04-07 | SourceCodester Simple and Beautiful Shopping Cart System login.php sql injection |
| CVE-2023-1942 | 2023-04-07 | SourceCodester Online Computer and Laptop Store Avatar unrestricted upload |
| CVE-2023-23761 | 2023-04-07 | Improper authentication vulnerability in GitHub Enterprise Server leading to modification of secret gists |
| CVE-2023-23762 | 2023-04-07 | Incorrect comparison vulnerability in GitHub Enterprise Server leading to commit smuggling |
| CVE-2023-1801 | 2023-04-07 | The SMB protocol decoder in tcpdump version 4.99.3 can perform an out-of-bounds write when decoding a crafted network packet. |
| CVE-2023-1946 | 2023-04-07 | SourceCodester Survey Application System Add New cross site scripting |
| CVE-2023-1947 | 2023-04-07 | taoCMS admin.php code injection |
| CVE-2023-24626 | 2023-04-08 | socket.c in GNU Screen through 4.9.0, when installed setuid or setgid (the default on platforms such as Arch Linux and FreeBSD), allows local users to send a privileged SIGHUP signal... |
| CVE-2023-30450 | 2023-04-08 | rpk in Redpanda before 23.1.2 mishandles the redpanda.rpc_server_tls field, leading to (for example) situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and... |
| CVE-2023-1948 | 2023-04-08 | PHPGurukul BP Monitoring Management System Add New Family Member add-family-member.php cross site scripting |
| CVE-2023-1949 | 2023-04-08 | PHPGurukul BP Monitoring Management System Change Password change-password.php sql injection |
| CVE-2023-1950 | 2023-04-08 | PHPGurukul BP Monitoring Management System Password Recovery password-recovery.php sql injection |
| CVE-2023-1951 | 2023-04-08 | SourceCodester Online Computer and Laptop Store brand.php delete_brand sql injection |
| CVE-2023-1952 | 2023-04-08 | SourceCodester Online Computer and Laptop Store Product Search ?p=products sql injection |
| CVE-2013-10023 | 2023-04-08 | Editorial Calendar Plugin edcal.php edcal_filter_where sql injection |
| CVE-2015-10098 | 2023-04-08 | Broken Link Checker Plugin ui_get_action_links cross site scripting |
| CVE-2023-1953 | 2023-04-08 | SourceCodester Online Computer and Laptop Store index.php sql injection |
| CVE-2023-1954 | 2023-04-08 | SourceCodester Online Computer and Laptop Store manage.php save_inventory sql injection |
| CVE-2023-1955 | 2023-04-08 | SourceCodester Online Computer and Laptop Store User Registration login.php sql injection |
| CVE-2023-1956 | 2023-04-08 | SourceCodester Online Computer and Laptop Store Image path traversal |