Lista CVE - 2023 / Giugno
Visualizzazione 1501 - 1600 di 2395 CVE per Giugno 2023 (Pagina 16 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2022-46850 | 2023-06-19 | WordPress Easy Media Replace Plugin <= 0.1.3 is vulnerable to Arbitrary File Deletion |
| CVE-2023-3318 | 2023-06-19 | SourceCodester Resort Management System cross site scripting |
| CVE-2023-34373 | 2023-06-19 | WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2907 | 2023-06-19 | SQLi in Marksoft |
| CVE-2023-33213 | 2023-06-19 | WordPress wpView Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35779 | 2023-06-19 | WordPress Seed Fonts Plugin 2.3.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35776 | 2023-06-19 | WordPress Sermon'e – Sermons Online Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35775 | 2023-06-19 | WordPress WP Backup Manager Plugin <= 1.13.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35772 | 2023-06-19 | WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-31410 | 2023-06-19 | A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security (TLS) in the SICK EventCam App. This lack of encryption in... |
| CVE-2023-31411 | 2023-06-19 | A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the... |
| CVE-2023-34461 | 2023-06-19 | Cross-site Scripting (XSS) Availability in PyBB |
| CVE-2023-3315 | 2023-06-19 | Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller... |
| CVE-2023-29158 | 2023-06-19 | SUBNET PowerSYSTEM Center Authentication Bypass by Capture-replay |
| CVE-2023-32659 | 2023-06-19 | SUBNET PowerSYSTEM Center Cross-site Scripting |
| CVE-2020-20067 | 2023-06-20 | File upload vulnerability in ebCMS v.1.1.0 allows a remote attacker to execute arbitrary code via the upload type parameter. |
| CVE-2020-20070 | 2023-06-20 | Cross Site Scripting vulnerability found in wkeyuan DWSurvey 1.0 allows a remote attacker to execute arbitrary code via thequltemld parameter of the qu-multi-fillblank!answers.action file. |
| CVE-2020-20335 | 2023-06-20 | Buffer Overflow vulnerability in Antirez Kilo before commit 7709a04ae8520c5b04d261616098cebf742f5a23 allows a remote attacker to cause a denial of service via the editorUpdateRow function in kilo.c. |
| CVE-2020-20413 | 2023-06-20 | SQL injection vulnerability found in WUZHICMS v.4.1.0 allows a remote attacker to execute arbitrary code via the checktitle() function in admin/content.php. |
| CVE-2020-20491 | 2023-06-20 | SQL injection vulnerability in OpenCart v.2.2.00 thru 3.0.3.2 allows a remote attacker to execute arbitrary code via the Fba plugin function in upload/admin/index.php. |
| CVE-2020-20502 | 2023-06-20 | Cross Site Request Forgery found in yzCMS v.2.0 allows a remote attacker to execute arbitrary code via the token check function. |
| CVE-2020-20636 | 2023-06-20 | SQL injection vulnerability found in Joyplus-cms v.1.6.0 allows a remote attacker to access sensitive information via the id parameter of the goodbad() function. |
| CVE-2020-20697 | 2023-06-20 | Cross Site Scripting vulnerability in khodakhah NodCMS v.3.0 allows a remote attacker to execute arbitrary code and gain access to senstivie information via a crafted script to the address parameter. |
| CVE-2020-20703 | 2023-06-20 | Buffer Overflow vulnerability in VIM v.8.1.2135 allows a remote attacker to execute arbitrary code via the operand parameter. |
| CVE-2020-20718 | 2023-06-20 | File Upload vulnerability in PluckCMS v.4.7.10 dev versions allows a remote attacker to execute arbitrary code via a crafted image file to the the save_file() parameter. |
| CVE-2020-20725 | 2023-06-20 | Cross Site Scripting vulnerability in taogogo taoCMS v.2.5 beta5.1 allows remote attacker to execute arbitrary code via the name field in admin.php. |
| CVE-2020-20726 | 2023-06-20 | Cross Site Request Forgery vulnerability in Gila GilaCMS v.1.11.4 allows a remote attacker to execute arbitrary code via the cm/update_rows/user parameter. |
| CVE-2020-20735 | 2023-06-20 | File Upload vulnerability in LJCMS v.4.3.R60321 allows a remote attacker to execute arbitrary code via the ljcms/index.php parameter. |
| CVE-2020-20918 | 2023-06-20 | An issue discovered in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary php code via the hidden parameter to admin.php when editing a page. |
| CVE-2020-20919 | 2023-06-20 | File upload vulnerability in Pluck CMS v.4.7.10-dev2 allows a remote attacker to execute arbitrary code and access sensitive information via the theme.php file. |
| CVE-2020-21052 | 2023-06-20 | Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function. |
| CVE-2020-21058 | 2023-06-20 | Cross Site Scripting vulnerability in Typora v.0.9.79 allows a remote attacker to execute arbitrary code via the mermaid sytax. |
| CVE-2020-21174 | 2023-06-20 | File Upload vulenrability in liufee CMS v.2.0.7.1 allows a remote attacker to execute arbitrary code via the image suffix function. |
| CVE-2020-21246 | 2023-06-20 | Cross Site Scripting vulnerability in YiiCMS v.1.0 allows a remote attacker to execute arbitrary code via the news function. |
| CVE-2020-21252 | 2023-06-20 | Cross Site Request Forgery vulnerability in Neeke HongCMS 3.0.0 allows a remote attacker to execute arbitrary code and escalate privileges via the updateusers parameter. |
| CVE-2020-21268 | 2023-06-20 | Cross Site Scripting vulnerability in EasySoft ZenTao v.11.6.4 allows a remote attacker to execute arbitrary code via the lastComment parameter. |
| CVE-2020-21325 | 2023-06-20 | An issue in WUZHI CMS v.4.1.0 allows a remote attacker to execute arbitrary code via the set_chache method of the function\common.func.php file. |
| CVE-2020-21366 | 2023-06-20 | Cross Site Request Forgery vulnerability in GreenCMS v.2.3 allows an attacker to gain privileges via the adduser function of index.php. |
| CVE-2020-21400 | 2023-06-20 | SQL injection vulnerability in gaozhifeng PHPMyWind v.5.6 allows a remote attacker to execute arbitrary code via the id variable in the modify function. |
| CVE-2020-21474 | 2023-06-20 | File Upload vulnerability in NucleusCMS v.3.71 allows a remote attacker to execute arbitrary code via the /nucleus/plugins/skinfiles/?dir=rsd parameter. |
| CVE-2020-21485 | 2023-06-20 | Cross Site Scripting vulnerability in Alluxio v.1.8.1 allows a remote attacker to executea arbitrary code via the path parameter in the browse board component. |
| CVE-2020-21486 | 2023-06-20 | SQL injection vulnerability in PHPOK v.5.4. allows a remote attacker to obtain sensitive information via the _userlist function in framerwork/phpok_call.php file. |
| CVE-2020-21489 | 2023-06-20 | File Upload vulnerability in Feehicms v.2.0.8 allows a remote attacker to execute arbitrary code via the /admin/index.php?r=admin-user%2Fupdate-self component. |
| CVE-2023-33495 | 2023-06-20 | Craft CMS through 4.4.9 is vulnerable to HTML Injection. |
| CVE-2023-34541 | 2023-06-20 | Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. |
| CVE-2023-34563 | 2023-06-20 | netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. |
| CVE-2023-34596 | 2023-06-20 | A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. |
| CVE-2023-34597 | 2023-06-20 | A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. |
| CVE-2023-34600 | 2023-06-20 | Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection. |
| CVE-2023-35854 | 2023-06-20 | Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the privileges of the... |
| CVE-2023-35885 | 2023-06-20 | CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. |
| CVE-2020-20969 | 2023-06-20 | File Upload vulnerability in PluckCMS v.4.7.10 allows a remote attacker to execute arbitrary code via the trashcan_restoreitem.php file. |
| CVE-2023-3220 | 2023-06-20 | An issue was discovered in the Linux kernel through 6.1-rc8. dpu_crtc_atomic_check in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c lacks check of the return value of kzalloc() and will cause the NULL Pointer Dereference. |
| CVE-2023-3320 | 2023-06-20 | The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the ~/admin/views/admin.php... |
| CVE-2023-3325 | 2023-06-20 | The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and... |
| CVE-2023-35884 | 2023-06-20 | WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-26427 | 2023-06-20 | Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly... |
| CVE-2023-26428 | 2023-06-20 | Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of other users could be read even though they are not explicitly... |
| CVE-2023-26429 | 2023-06-20 | Control characters were not removed when exporting user feedback content. This allowed attackers to include unexpected content via user feedback and potentially break the exported data structure. We now drop... |
| CVE-2023-26431 | 2023-06-20 | IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Attackers with access to user accounts could use this to bypass existing... |
| CVE-2023-26432 | 2023-06-20 | When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue SMTP service could trigger requests that lead... |
| CVE-2023-26433 | 2023-06-20 | When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue IMAP service could trigger requests that lead... |
| CVE-2023-26434 | 2023-06-20 | When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Attacker with access to a rogue POP3 service could trigger requests that lead... |
| CVE-2023-26435 | 2023-06-20 | It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including... |
| CVE-2023-26436 | 2023-06-20 | Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local... |
| CVE-2023-35882 | 2023-06-20 | WordPress Super Socializer Plugin <= 7.13.52 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35878 | 2023-06-20 | WordPress Extra User Details Plugin <= 0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1862 | 2023-06-20 | Remote access to warp-svc.exe in Cloudflare WARP |
| CVE-2023-35098 | 2023-06-20 | WordPress NextGen GalleryView Plugin <= 0.5.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-35097 | 2023-06-20 | WordPress WP Affiliate Links Plugin <= 0.1.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-1999 | 2023-06-20 | Use after free in libwebp |
| CVE-2023-3337 | 2023-06-20 | PuneethReddyHC Online Shopping System Advanced Admin Registration reg.php improper authentication |
| CVE-2023-35095 | 2023-06-20 | WordPress Flo Forms Plugin <= 1.0.40 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-2533 | 2023-06-20 | PaperCut MF/NG 22.0.10 (Build 65996 2023-03-27) - Remote code execution via CSRF |
| CVE-2023-3340 | 2023-06-20 | SourceCodester Online School Fees System GET Parameter ajx.php sql injection |
| CVE-2023-2400 | 2023-06-20 | Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. |
| CVE-2023-35166 | 2023-06-20 | Privilege escalation (PR) from account through TipsPanel |
| CVE-2023-32274 | 2023-06-20 | Enphase Installer Toolkit Android App Use of Hard-coded Credentials |
| CVE-2023-33869 | 2023-06-20 | Enphase Envoy OS Command Injection |
| CVE-2022-45287 | 2023-06-21 | An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. |
| CVE-2023-0026 | 2023-06-21 | 2023-06: Out-of-Cycle Security Bulletin: Junos OS and Junos OS Evolved: A BGP session will flap upon receipt of a specific, optional transitive attribute |
| CVE-2023-24261 | 2023-06-21 | A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. |
| CVE-2023-25435 | 2023-06-21 | libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. |
| CVE-2023-27243 | 2023-06-21 | An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API. |
| CVE-2023-33405 | 2023-06-21 | Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. |
| CVE-2023-33584 | 2023-06-21 | Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly... |
| CVE-2023-33591 | 2023-06-21 | User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. |
| CVE-2023-33725 | 2023-06-21 | Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. This is fixed in... |
| CVE-2023-33289 | 2023-06-21 | The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. NOTE: the Supplier disputes this, taking the position that "Slow... |
| CVE-2022-25883 | 2023-06-21 | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. |
| CVE-2023-3339 | 2023-06-21 | code-projects Agro-School Management System exam-delete.php sql injection |
| CVE-2023-34340 | 2023-06-21 | Apache Accumulo: Accumulo 2.1.0 may incorrectly validate cached credentials |
| CVE-2023-34981 | 2023-06-21 | Apache Tomcat: AJP response header mix-up |
| CVE-2023-27443 | 2023-06-21 | WordPress Simple Vimeo Shortcode Plugin <= 2.9.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-3372 | 2023-06-21 | Cross-Site Request Forgery (CSRF) in Riello UPS Netman-204 |
| CVE-2023-27450 | 2023-06-21 | WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27439 | 2023-06-21 | WordPress New Adman Plugin <= 1.6.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27432 | 2023-06-21 | WordPress Manage Upload Limit Plugin <= 1.0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27429 | 2023-06-21 | WordPress Jetpack CRM Plugin <= 5.4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-27414 | 2023-06-21 | WordPress Popup box Plugin <= 3.4.4 is vulnerable to Cross Site Scripting (XSS) |