Lista CVE - 2023 / Maggio
Visualizzazione 1301 - 1400 di 2420 CVE per Maggio 2023 (Pagina 14 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-1549 | 2023-05-15 | Ad Inserter < 2.7.27 - Admin+ PHP Object Injection |
| CVE-2023-0600 | 2023-05-15 | WP Visitor Statistics (Real Time Traffic) < 6.9 - Unauthenticated SQLi |
| CVE-2023-0762 | 2023-05-15 | Clock In Portal <= 2.1 - Designation Deletion via CSRF |
| CVE-2023-1915 | 2023-05-15 | Thumbnail carousel slider < 1.1.10 - Reflected XSS |
| CVE-2023-0892 | 2023-05-15 | BizLibrary <= 1.1 - Admin+ Stored XSS |
| CVE-2023-2180 | 2023-05-15 | KIWIZ Invoices Certification & PDF System <= 2.1.3 - Unauthenticated Arbitrary File Download |
| CVE-2023-2179 | 2023-05-15 | WooCommerce Order Status Change Notifier <= 1.1.0 - Subscriber+ Arbitrary Order Status Update |
| CVE-2023-1596 | 2023-05-15 | tagDiv Composer < 4.0 - Reflected Cross-site Scripting |
| CVE-2023-0763 | 2023-05-15 | Clock In Portal <= 2.1 - Holidays Deletion via CSRF |
| CVE-2023-0520 | 2023-05-15 | RapidExpCart <= 1.0 - Stored XSS via CSRF |
| CVE-2023-0812 | 2023-05-15 | Active Directory Integration / LDAP Integration < 4.1.1 - Unauthenticated Data Disclosure |
| CVE-2023-0490 | 2023-05-15 | f(x) TOC <= 1.1.0 - Contributor+ Stored XSS |
| CVE-2023-0644 | 2023-05-15 | PushAssist <= 3.0.8 - Reflected Cross-Site Scripting |
| CVE-2023-1890 | 2023-05-15 | Tablesome < 1.0.9 - Reflected XSS |
| CVE-2023-2009 | 2023-05-15 | Pretty Url <= 1.5.4 - Admin+ Stored XSS in plugin settings |
| CVE-2023-1019 | 2023-05-15 | Help Desk WP <= 1.2.0 - Editor+ Stored XSS |
| CVE-2023-0761 | 2023-05-15 | Clock In Portal <= 2.1 - Staff Deletion via CSRF |
| CVE-2022-4774 | 2023-05-15 | Bit Form < 1.9 - RCE via Unauthenticated Arbitrary File Upload |
| CVE-2023-1839 | 2023-05-15 | Product Addons & Fields for WooCommerce < 32.0.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-1835 | 2023-05-15 | Ninja Forms < 3.6.22 - Reflected XSS |
| CVE-2023-0233 | 2023-05-15 | ActiveCampaign < 8.1.12 - Contributor+ Stored XSS |
| CVE-2023-32313 | 2023-05-15 | Inspect method manipulation in vm2 |
| CVE-2023-32314 | 2023-05-15 | Sandbox Escape |
| CVE-2023-32309 | 2023-05-15 | Arbitrary file inclusion with the pymdowm-snippets extension |
| CVE-2023-32308 | 2023-05-15 | SQL Injection Vulnerability in anuko timetracker |
| CVE-2023-32068 | 2023-05-15 | URL Redirection to Untrusted Site in XWiki |
| CVE-2023-31145 | 2023-05-15 | Reflected XSS vulnerability in CollaboraOnline |
| CVE-2023-31131 | 2023-05-15 | Arbitrary File Write when Extracting Tarballs in greenplum-db |
| CVE-2021-27131 | 2023-05-16 | Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is... |
| CVE-2023-25394 | 2023-05-16 | Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. The Updater privileged script attempts to update Videostream every 5 hours. |
| CVE-2023-2730 | 2023-05-16 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-27742 | 2023-05-16 | IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login. |
| CVE-2023-29927 | 2023-05-16 | Versions of Sage 300 through 2022 implement role-based access controls that are only enforced client-side. Low-privileged Sage users, particularly those on a workstation setup in the "Windows Peer-to-Peer Network" or... |
| CVE-2023-29961 | 2023-05-16 | D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup, |
| CVE-2023-30189 | 2023-05-16 | Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook(). |
| CVE-2023-30281 | 2023-05-16 | Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the module which... |
| CVE-2023-30452 | 2023-05-16 | The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter. |
| CVE-2023-31519 | 2023-05-16 | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php. |
| CVE-2023-31544 | 2023-05-16 | A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload... |
| CVE-2023-31572 | 2023-05-16 | An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. |
| CVE-2023-31576 | 2023-05-16 | An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. |
| CVE-2023-31587 | 2023-05-16 | Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. |
| CVE-2023-31677 | 2023-05-16 | Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter. |
| CVE-2023-31678 | 2023-05-16 | Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended. |
| CVE-2023-31679 | 2023-05-16 | Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter. |
| CVE-2023-31848 | 2023-05-16 | davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). |
| CVE-2023-31856 | 2023-05-16 | A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http packet. |
| CVE-2023-31857 | 2023-05-16 | Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. |
| CVE-2023-31890 | 2023-05-16 | An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. |
| CVE-2023-2708 | 2023-05-16 | The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output... |
| CVE-2023-2710 | 2023-05-16 | The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input... |
| CVE-2023-2161 | 2023-05-16 | A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to... |
| CVE-2023-32955 | 2023-05-16 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows man-in-the-middle attackers... |
| CVE-2023-32956 | 2023-05-16 | Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows remote attackers to... |
| CVE-2023-23673 | 2023-05-16 | WordPress I Recommend This Plugin <= 3.8.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23676 | 2023-05-16 | WordPress File Gallery Plugin <= 1.8.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2499 | 2023-05-16 | The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. This is due to insufficient verification on the user being supplied during a... |
| CVE-2023-2548 | 2023-05-16 | The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. This is due to the plugin providing user-controlled access to objects,... |
| CVE-2023-23727 | 2023-05-16 | WordPress Live Chat by Formilla – Real-time Chat & Chatbots Plugin Plugin <= 1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23641 | 2023-05-16 | WordPress Uji Popup Plugin <= 1.4.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23657 | 2023-05-16 | WordPress Mail Subscribe List Plugin <= 2.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23720 | 2023-05-16 | WordPress Verified Reviews (Avis Vérifiés) Plugin <= 2.3.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23709 | 2023-05-16 | WordPress WPJAM Basic Plugin <= 6.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23703 | 2023-05-16 | WordPress Arconix Shortcodes Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-29439 | 2023-05-16 | WordPress FooGallery Plugin <= 2.2.35 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2738 | 2023-05-16 | Tongda OA GatewayController.php actionGetdata unrestricted upload |
| CVE-2023-28076 | 2023-05-16 | CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability leading to some information disclosure. |
| CVE-2023-2739 | 2023-05-16 | Gira HomeServer hslist cross site scripting |
| CVE-2023-32977 | 2023-05-16 | Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable... |
| CVE-2023-32978 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. |
| CVE-2023-32979 | 2023-05-16 | Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the... |
| CVE-2023-32980 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. |
| CVE-2023-32981 | 2023-05-16 | An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on... |
| CVE-2023-32982 | 2023-05-16 | Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier stores extra variables unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or... |
| CVE-2023-32983 | 2023-05-16 | Jenkins Ansible Plugin 204.v8191fd551eb_f and earlier does not mask extra variables displayed on the configuration form, increasing the potential for attackers to observe and capture them. |
| CVE-2023-32984 | 2023-05-16 | Jenkins TestNG Results Plugin 730.v4c5283037693 and earlier does not escape several values that are parsed from TestNG report files and displayed on the plugin's test information pages, resulting in a... |
| CVE-2023-32985 | 2023-05-16 | Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence... |
| CVE-2023-32986 | 2023-05-16 | Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure permission to create or replace... |
| CVE-2023-32987 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials. |
| CVE-2023-32988 | 2023-05-16 | A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
| CVE-2023-32989 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs obtained... |
| CVE-2023-32990 | 2023-05-16 | A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using attacker-specified credentials IDs... |
| CVE-2023-32991 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the... |
| CVE-2023-32992 | 2023-05-16 | Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the... |
| CVE-2023-32993 | 2023-05-16 | Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier does not perform hostname validation when connecting to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused... |
| CVE-2023-32994 | 2023-05-16 | Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused... |
| CVE-2023-32995 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content,... |
| CVE-2023-32996 | 2023-05-16 | A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified... |
| CVE-2023-32997 | 2023-05-16 | Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. |
| CVE-2023-32998 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON... |
| CVE-2023-32999 | 2023-05-16 | A missing permission check in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and send an HTTP POST request with a... |
| CVE-2023-33000 | 2023-05-16 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and capture them. |
| CVE-2023-33001 | 2023-05-16 | Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. |
| CVE-2023-33002 | 2023-05-16 | Jenkins TestComplete support Plugin 2.8.1 and earlier does not escape the TestComplete project name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
| CVE-2023-33003 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics. |
| CVE-2023-33004 | 2023-05-16 | A missing permission check in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers with Overall/Read permission to reset profiler statistics. |
| CVE-2023-33005 | 2023-05-16 | Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. |
| CVE-2023-33006 | 2023-05-16 | A cross-site request forgery (CSRF) vulnerability in Jenkins WSO2 Oauth Plugin 1.0 and earlier allows attackers to trick users into logging in to the attacker's account. |
| CVE-2023-33007 | 2023-05-16 | Jenkins LoadComplete support Plugin 1.0 and earlier does not escape the LoadComplete test name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
| CVE-2023-2740 | 2023-05-16 | SourceCodester Guest Management System GET Parameter dateTest.php cross site scripting |