Lista CVE - 2023 / Giugno
Visualizzazione 201 - 300 di 2395 CVE per Giugno 2023 (Pagina 3 di 24)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-3058 | 2023-06-02 | 07FLY CRM User Profile cross site scripting |
| CVE-2023-3059 | 2023-06-02 | SourceCodester Online Exam Form Submission update_s6.php sql injection |
| CVE-2023-3060 | 2023-06-02 | code-projects Agro-School Management System btn_functions.php doAddQuestion cross site scripting |
| CVE-2023-3061 | 2023-06-02 | code-projects Agro-School Management System Attachment Image btn_functions.php unrestricted upload |
| CVE-2023-3062 | 2023-06-02 | code-projects Agro-School Management System index.php sql injection |
| CVE-2023-34094 | 2023-06-02 | ChuanhuChatGPT vulnerable to unauthorized configuration file access |
| CVE-2023-3068 | 2023-06-02 | Campcodes Retro Cellphone Online Store modal_add_product.php sql injection |
| CVE-2023-2687 | 2023-06-02 | Buffer overflow in Platform CLI component in Silicon Labs Gecko SDK v4.2.1 and earlier allows user to overwrite limited structures on the heap. |
| CVE-2023-3044 | 2023-06-02 | Divide-by-zero in Xpdf 4.04 due to very large page size |
| CVE-2023-2816 | 2023-06-02 | Consul Envoy Extension Downsteam Proxy Configuration By Upstream Service Owner |
| CVE-2023-1297 | 2023-06-02 | Consul Cluster Peering can Result in Denial of Service |
| CVE-2023-3051 | 2023-06-02 | The Page Builder by AZEXO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'azh_post' shortcode in versions up to, and including, 1.27.133 due to insufficient input sanitization and... |
| CVE-2023-3055 | 2023-06-02 | The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation... |
| CVE-2023-3052 | 2023-06-02 | The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation... |
| CVE-2023-3053 | 2023-06-02 | The Page Builder by AZEXO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'azh_add_post' function in versions up to, and... |
| CVE-2023-2781 | 2023-06-02 | The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticate_user_by_email in versions up to, and including, 3.5.0. This is due to a random token... |
| CVE-2023-3084 | 2023-06-03 | Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass |
| CVE-2023-3086 | 2023-06-03 | Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass |
| CVE-2023-3083 | 2023-06-03 | Cross-site Scripting (XSS) - Stored in nilsteampassnet/teampass |
| CVE-2023-33143 | 2023-06-03 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-0583 | 2023-06-03 | The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_vk_blocks_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions... |
| CVE-2023-0584 | 2023-06-03 | The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'update_options' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions... |
| CVE-2023-2405 | 2023-06-03 | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation... |
| CVE-2023-2300 | 2023-06-03 | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 4.9.1 due to insufficient input... |
| CVE-2023-2406 | 2023-06-03 | The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to... |
| CVE-2023-2407 | 2023-06-03 | The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to... |
| CVE-2023-2303 | 2023-06-03 | The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing... |
| CVE-2023-2299 | 2023-06-03 | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized medication of data via the /wp-json/vcita-wordpress/v1/actions/auth REST-API endpoint in versions up to, and... |
| CVE-2023-2302 | 2023-06-03 | The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.4 due... |
| CVE-2023-2301 | 2023-06-03 | The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.1. This is due to missing nonce validation on... |
| CVE-2023-2415 | 2023-06-03 | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_logout_callback function... |
| CVE-2023-2298 | 2023-06-03 | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'business_id' parameter in versions up to, and including, 4.2.10... |
| CVE-2023-2404 | 2023-06-03 | The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'email' parameter in versions up to, and including, 2.6.2 due to insufficient... |
| CVE-2023-2416 | 2023-06-03 | The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the vcita_logout_callback function in... |
| CVE-2023-3085 | 2023-06-03 | X-WRT luci 404 Error Template dispatcher.uc run_action cross site scripting |
| CVE-2023-32582 | 2023-06-03 | WordPress Don8 Plugin <= 0.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-3091 | 2023-06-03 | Captura CRYPTBASE.dll uncontrolled search path |
| CVE-2023-3095 | 2023-06-04 | Improper Access Control in nilsteampassnet/teampass |
| CVE-2023-3094 | 2023-06-04 | code-projects Agro-School Management System btn_functions.php doUpdateQuestion sql injection |
| CVE-2015-10111 | 2023-06-04 | Watu Quiz Plugin Exam exam.php watu_exams sql injection |
| CVE-2013-10027 | 2023-06-04 | Blogger Importer Plugin blogger-importer.php restart cross-site request forgery |
| CVE-2013-10028 | 2023-06-04 | EELV Newsletter Plugin lettreinfo.php style_newsletter cross site scripting |
| CVE-2023-22862 | 2023-06-04 | IBM Aspera information disclosure |
| CVE-2023-27285 | 2023-06-04 | IBM Aspera buffer overflow |
| CVE-2020-19028 | 2023-06-05 | *File Upload vulnerability found in Emlog EmlogCMS v.6.0.0 allows a remote attacker to gain access to sensitive information via the /admin/plugin.php function. |
| CVE-2023-24510 | 2023-06-05 | On the affected platforms running EOS, a malformed DHCP packet might cause the DHCP relay agent to restart. |
| CVE-2023-3027 | 2023-06-05 | The grc-policy-propagator allows security escalation within the cluster. The propagator allows policies which contain some dynamically obtained values (instead of the policy apply a static manifest on a managed cluster)... |
| CVE-2023-3109 | 2023-06-05 | Cross-site Scripting (XSS) - Stored in admidio/admidio |
| CVE-2023-33386 | 2023-06-05 | MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. |
| CVE-2023-33408 | 2023-06-05 | Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). The vulnerability exists due to insufficient input validation in the application's user input handling in the security_helper.php file. |
| CVE-2023-33409 | 2023-06-05 | Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. |
| CVE-2023-33410 | 2023-06-05 | Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. The vulnerability exists due to insufficient input validation on the Customer Name field... |
| CVE-2023-33518 | 2023-06-05 | emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a... |
| CVE-2023-33524 | 2023-06-05 | Advent/SSC Inc. Tamale RMS < 23.1 is vulnerable to Directory Traversal. If one traverses to the affected URL, one enumerates Contact information on the host which contains usernames, e-mail addresses,... |
| CVE-2023-33690 | 2023-06-05 | SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. |
| CVE-2023-33693 | 2023-06-05 | A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file. |
| CVE-2023-33733 | 2023-06-05 | Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. |
| CVE-2023-34407 | 2023-06-05 | OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. |
| CVE-2023-34408 | 2023-06-05 | DokuWiki before 2023-04-04a allows XSS via RSS titles. |
| CVE-2023-34410 | 2023-06-05 | An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2. Certificate validation for TLS does not always consider whether the root of a... |
| CVE-2023-34411 | 2023-06-05 | The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest... |
| CVE-2023-29629 | 2023-06-05 | PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php. |
| CVE-2023-29630 | 2023-06-05 | PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php. |
| CVE-2023-29631 | 2023-06-05 | PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. |
| CVE-2023-3111 | 2023-06-05 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). |
| CVE-2023-31893 | 2023-06-05 | Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. |
| CVE-2023-32766 | 2023-06-05 | Gitpod before 2022.11.3 allows XSS because redirection can occur for some protocols outside of the trusted set of three (vscode: vscode-insiders: jetbrains-gateway:). |
| CVE-2023-27861 | 2023-06-05 | IBM Maximo Application Suite information disclosure |
| CVE-2023-32334 | 2023-06-05 | IBM Maximo Asset Management information disclosure |
| CVE-2023-0041 | 2023-06-05 | IBM Security Guardium session fixation |
| CVE-2014-125105 | 2023-06-05 | Broken Link Checker Plugin Settings Page core.php options_page cross site scripting |
| CVE-2023-0635 | 2023-06-05 | Privilege escalation to root |
| CVE-2023-0636 | 2023-06-05 | Remote Code Execution via Command Injection |
| CVE-2023-3096 | 2023-06-05 | KylinSoft kylin-software-properties changedSource access control |
| CVE-2023-3097 | 2023-06-05 | KylinSoft kylin-software-properties setMainSource os command injection |
| CVE-2023-3098 | 2023-06-05 | KylinSoft youker-assistant restore_all_sound_file path traversal |
| CVE-2023-3099 | 2023-06-05 | KylinSoft youker-assistant Arbitrary File dbus.SystemBus delete_file access control |
| CVE-2023-3100 | 2023-06-05 | IBOS del actionDel sql injection |
| CVE-2015-10112 | 2023-06-05 | WooFramework Branding Plugin wooframework-branding.php admin_screen_logic redirect |
| CVE-2023-3064 | 2023-06-05 | Mobatime mobile application - Sensitive information disclosure |
| CVE-2023-3065 | 2023-06-05 | Mobatime mobile application - Authentication bypass |
| CVE-2023-3066 | 2023-06-05 | Mobatime mobile application - Broken authorisation |
| CVE-2023-27989 | 2023-06-05 | A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions... |
| CVE-2023-2503 | 2023-06-05 | 10WebSocial < 1.2.9 - Reflected XSS |
| CVE-2023-0545 | 2023-06-05 | Hostel < 1.1.5.2 - Admin+ Stored XSS |
| CVE-2023-2489 | 2023-06-05 | Stop Spammers Security < 2023 - Admin+ Stored XSS |
| CVE-2023-2488 | 2023-06-05 | Stop Spammers Security < 2023 - Reflected XSS |
| CVE-2023-2572 | 2023-06-05 | Survey Maker < 3.4.7 - Reflected XSS |
| CVE-2023-0152 | 2023-06-05 | WP Multi Store Locator <= 2.4 - Contributor+ Stored XSS |
| CVE-2022-4946 | 2023-06-05 | Frontend Post WordPress Plugin <= 2.8.4 - Contributor+ Arbitrary Redirect |
| CVE-2023-2634 | 2023-06-05 | Get Your Number <= 1.1.3 - Admin+ Stored XSS |
| CVE-2023-2337 | 2023-06-05 | ConvertKit < 2.2.1 - Reflected XSS |
| CVE-2023-0900 | 2023-06-05 | AP Pricing Tables Lite <= 1.1.6 - Admin+ SQLi |
| CVE-2023-2224 | 2023-06-05 | Seo By 10Web < 1.2.7 - Admin+ Stored XSS |
| CVE-2023-2571 | 2023-06-05 | Quiz Maker < 6.4.2.7 - Reflected XSS |
| CVE-2023-2472 | 2023-06-05 | Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue < 3.1.61 - Reflected XSS |
| CVE-2015-10113 | 2023-06-05 | WooFramework Tweaks Plugin wooframework-tweaks.php admin_screen_logic redirect |
| CVE-2015-10114 | 2023-06-05 | WooSidebars Plugin class-woo-sidebars.php enable_custom_post_sidebars redirect |
| CVE-2015-10115 | 2023-06-05 | WooSidebars Sidebar Manager Converter Plugin class-woosidebars-sbm-converter.php process_request redirect |
| CVE-2023-29344 | 2023-06-05 | Microsoft Office Remote Code Execution Vulnerability |