Lista CVE - 2023 / Maggio
Visualizzazione 2101 - 2200 di 2420 CVE per Maggio 2023 (Pagina 22 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-33315 | 2023-05-28 | WordPress Smart App Banner Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33931 | 2023-05-28 | WordPress YouTube Playlist Player Plugin <= 4.6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33212 | 2023-05-28 | WordPress JetFormBuilder Plugin <= 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33314 | 2023-05-28 | WordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33309 | 2023-05-28 | WordPress Duplicator Pro Plugin <= 4.5.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33326 | 2023-05-28 | WordPress EventPrime Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33328 | 2023-05-28 | WordPress MailChimp Subscribe Forms Plugin <= 4.0.9.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33316 | 2023-05-28 | WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33319 | 2023-05-28 | WordPress WooCommerce Follow-Up Emails Plugin <= 4.9.40 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33211 | 2023-05-28 | WordPress WP-Piwik Plugin <= 1.0.27 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33313 | 2023-05-28 | WordPress WIP Custom Login Plugin <= 1.2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-33311 | 2023-05-28 | WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32800 | 2023-05-28 | WordPress Rank Math SEO PRO Plugin <= 3.0.35 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28785 | 2023-05-28 | WordPress Yoast SEO: Local Plugin <= 14.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33332 | 2023-05-28 | WordPress WooCommerce Product Vendors Plugin <= 2.1.76 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-33926 | 2023-05-28 | WordPress Easy Google Maps Plugin <= 1.11.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-36345 | 2023-05-28 | WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2021-4336 | 2023-05-28 | ITRS Group monitor-ninja scheduled_reports.php sql injection |
| CVE-2019-19791 | 2023-05-29 | In LemonLDAP::NG (aka lemonldap-ng) before 2.0.7, the default Apache HTTP Server configuration does not properly restrict access to SOAP/REST endpoints (when some LemonLDAP::NG setup options are used). For example, an... |
| CVE-2020-29547 | 2023-05-29 | An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline commands after POP3 STLS, IMAP STARTTLS, or SMTP STARTTLS commands, injecting cleartext commands into an encrypted user session.... |
| CVE-2021-27825 | 2023-05-29 | A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL. |
| CVE-2021-37845 | 2023-05-29 | An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command (a violation of "The STARTTLS command... |
| CVE-2022-24627 | 2023-05-29 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is an unauthenticated SQL injection in the p parameter of the process_login.php login form. |
| CVE-2022-24628 | 2023-05-29 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is authenticated SQL injection in the id parameter of IPPhoneFirmwareEdit.php. |
| CVE-2022-24629 | 2023-05-29 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code execution can be achieved via directory traversal in the dir parameter of the file upload functionality of... |
| CVE-2022-24630 | 2023-05-29 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. BrowseFiles.php allows a ?cmd=ssh POST request with an ssh_command field that is executed. |
| CVE-2022-24631 | 2023-05-29 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is stored XSS via the ajaxTenants.php desc parameter. |
| CVE-2022-24632 | 2023-05-29 | An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. It is directory traversal during file download via the BrowseFiles.php view parameter. |
| CVE-2022-41766 | 2023-05-29 | An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when... |
| CVE-2023-24597 | 2023-05-29 | OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing. |
| CVE-2023-24598 | 2023-05-29 | OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. |
| CVE-2023-24599 | 2023-05-29 | OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion." |
| CVE-2023-24600 | 2023-05-29 | OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book. |
| CVE-2023-24601 | 2023-05-29 | OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree. |
| CVE-2023-24602 | 2023-05-29 | OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title. |
| CVE-2023-24603 | 2023-05-29 | OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data. |
| CVE-2023-24604 | 2023-05-29 | OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data. |
| CVE-2023-24605 | 2023-05-29 | OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens. |
| CVE-2023-28153 | 2023-05-29 | An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. The child can remove all restrictions temporarily without the parents noticing by rebooting into... |
| CVE-2023-2954 | 2023-05-29 | Cross-site Scripting (XSS) - Stored in liangliangyy/djangoblog |
| CVE-2023-30253 | 2023-05-29 | Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. |
| CVE-2023-30571 | 2023-05-29 | Libarchive through 3.6.2 can cause directories to have world-writable permissions. The umask() call inside archive_write_disk_posix.c changes the umask of the whole process for a very short period of time; a... |
| CVE-2022-33974 | 2023-05-29 | WordPress Custom Twitter Feeds (Tweets Widget) Plugin <= 1.8.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-45372 | 2023-05-29 | WordPress Product Gallery Slider for WooCommerce Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2955 | 2023-05-29 | SourceCodester Students Online Internship Timesheet System GET Parameter rendered_report.php sql injection |
| CVE-2023-2808 | 2023-05-29 | Lack of URL normalization allows rendering previews for disallowed domains |
| CVE-2023-2962 | 2023-05-29 | SourceCodester Faculty Evaluation System sql injection |
| CVE-2023-23699 | 2023-05-29 | WordPress Progress Bar Plugin <= 2.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27613 | 2023-05-29 | WordPress Forms Ada Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32072 | 2023-05-29 | Tuleap vulnerable toXSS via the triggered job URL of a Jenkins job |
| CVE-2023-32687 | 2023-05-29 | Insufficiently Protected ChatBot Credentials in tgstation-server |
| CVE-2014-125102 | 2023-05-29 | Bestwebsoft Relevant Plugin Thumbnail information disclosure |
| CVE-2022-36243 | 2023-05-30 | Directory Traversal on Shop Beat Services |
| CVE-2022-36244 | 2023-05-30 | Multiple Stored Cross-Site Scripting Vulnerabilities on Shop Beat Services |
| CVE-2022-36246 | 2023-05-30 | Shop Beat Services Vulnerable To Insecure Permissions |
| CVE-2022-36247 | 2023-05-30 | Shop Beat Services Vulnerable To IDOR |
| CVE-2022-36249 | 2023-05-30 | Shop Beat Services Vulnerable To Bypass 2FA via APIs |
| CVE-2022-36250 | 2023-05-30 | Cross Site Request Forgery on Shop Beat Services |
| CVE-2022-39071 | 2023-05-30 | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers... |
| CVE-2022-39074 | 2023-05-30 | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could start a non-public interface of an application without... |
| CVE-2022-39075 | 2023-05-30 | There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could delete some system files without user permission. |
| CVE-2022-47028 | 2023-05-30 | An issue discovered in Action Launcher for Android v50.5 allows an attacker to cause a denial of service via arbitary data injection to function insert. |
| CVE-2022-47029 | 2023-05-30 | An issue was found in Action Launcher v50.5 allows an attacker to escalate privilege via modification of the intent string to function update. |
| CVE-2022-47525 | 2023-05-30 | Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a Divide-by-Zero vulnerability in the packet parser. A remote attacker could leverage this vulnerability to cause a denial-of-service. Exploitation of this issue... |
| CVE-2022-47526 | 2023-05-30 | Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with resultant arbitrary writing of files. A remote attacker could leverage this vulnerability to achieve arbitrary code execution... |
| CVE-2023-23561 | 2023-05-30 | Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. |
| CVE-2023-23956 | 2023-05-30 | A user can supply malicious HTML and JavaScript code that will be executed in the client browser |
| CVE-2023-27988 | 2023-05-30 | The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on... |
| CVE-2023-28344 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application allows unauthenticated attackers to view constantly updated screenshots of student desktops and to submit falsified... |
| CVE-2023-28345 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. The Insight Teacher Console application exposes the teacher's Console password in cleartext via an API endpoint accessible from localhost. Attackers... |
| CVE-2023-28346 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for a remote attacker to communicate with the private API endpoints exposed at /login, /consoleSettings, /console, etc.... |
| CVE-2023-28347 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a proof-of-concept script that functions similarly to a Student Console, providing unauthenticated... |
| CVE-2023-28348 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. A suitably positioned attacker could perform a man-in-the-middle attack on either a connected student or teacher, enabling them to intercept... |
| CVE-2023-28349 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker to create a crafted program that functions similarly to the Teacher Console. This can... |
| CVE-2023-28350 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. Attacker-supplied input is not validated/sanitized before being rendered in both the Teacher and Student Console applications, enabling an attacker to... |
| CVE-2023-28351 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. Every keystroke made by any user on a computer with the Student application installed is logged to a world-readable directory.... |
| CVE-2023-28352 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. By abusing the Insight UDP broadcast discovery system, an attacker-controlled artificial Student Console can connect to and attack a Teacher... |
| CVE-2023-28353 | 2023-05-30 | An issue was discovered in Faronics Insight 10.0.19045 on Windows. An unauthenticated attacker is able to upload any type of file to any location on the Teacher Console's computer, enabling... |
| CVE-2023-2953 | 2023-05-30 | A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function. |
| CVE-2023-2972 | 2023-05-30 | Prototype Pollution in antfu/utils |
| CVE-2023-29726 | 2023-05-30 | The Call Blocker application 6.6.3 for Android incorrectly opens a key component that an attacker can use to inject large amounts of dirty data into the application's database. When the... |
| CVE-2023-29727 | 2023-05-30 | The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects... |
| CVE-2023-29728 | 2023-05-30 | The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack. |
| CVE-2023-29731 | 2023-05-30 | SoLive 1.6.14 thru 1.6.20 for Android has an exposed component that provides a method to modify the SharedPreference file. An attacker can leverage this method to inject a large amount... |
| CVE-2023-29732 | 2023-05-30 | SoLive 1.6.14 thru 1.6.20 for Android exists exposed component, the component provides the method to modify the SharedPreference file. The attacker can use the method to modify the data in... |
| CVE-2023-29733 | 2023-05-30 | The Lock Master app 2.2.4 for Android allows unauthorized apps to modify the values in its SharedPreference files. These files hold data that affects many app functions. Malicious modifications by... |
| CVE-2023-29734 | 2023-05-30 | An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database. |
| CVE-2023-29735 | 2023-05-30 | An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files. |
| CVE-2023-29737 | 2023-05-30 | An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files. |
| CVE-2023-29738 | 2023-05-30 | An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files. |
| CVE-2023-29739 | 2023-05-30 | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. |
| CVE-2023-29740 | 2023-05-30 | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database. |
| CVE-2023-29741 | 2023-05-30 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database. |
| CVE-2023-29742 | 2023-05-30 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database. |
| CVE-2023-29743 | 2023-05-30 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. |
| CVE-2023-29745 | 2023-05-30 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. |
| CVE-2023-2983 | 2023-05-30 | Privilege Defined With Unsafe Actions in pimcore/pimcore |
| CVE-2023-2984 | 2023-05-30 | Path Traversal: '\..\filename' in pimcore/pimcore |
| CVE-2023-30196 | 2023-05-30 | Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. |
| CVE-2023-31184 | 2023-05-30 | ROZCOM client |