Lista CVE - 2023 / Luglio
Visualizzazione 901 - 1000 di 2295 CVE per Luglio 2023 (Pagina 10 di 23)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-36884 | 2023-07-11 | Windows Search Remote Code Execution Vulnerability |
| CVE-2023-37280 | 2023-07-11 | Pimcore admin UI vulnerable to Cross-site Scripting in two factor authentication setup page |
| CVE-2023-20575 | 2023-07-11 | A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM... |
| CVE-2023-29406 | 2023-07-11 | Insufficient sanitization of Host header in net/http |
| CVE-2023-23756 | 2023-07-11 | Extension - advcomsys.com - XSS in oneVote component for Joomla <= 1.7.0 |
| CVE-2023-3127 | 2023-07-11 | Improper Authentication in iSTAR |
| CVE-2023-24491 | 2023-07-11 | A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that... |
| CVE-2023-24492 | 2023-07-11 | A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an... |
| CVE-2020-20021 | 2023-07-12 | An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. |
| CVE-2023-26563 | 2023-07-12 | The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any... |
| CVE-2023-26564 | 2023-07-12 | The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload... |
| CVE-2023-30226 | 2023-07-12 | An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file. |
| CVE-2023-33274 | 2023-07-12 | The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This... |
| CVE-2023-33668 | 2023-07-12 | DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers. |
| CVE-2023-37627 | 2023-07-12 | Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc. |
| CVE-2023-37628 | 2023-07-12 | Online Piggery Management System 1.0 is vulnerable to SQL Injection. |
| CVE-2023-37629 | 2023-07-12 | Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php." |
| CVE-2023-37630 | 2023-07-12 | Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS. |
| CVE-2023-36266 | 2023-07-12 | An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain... |
| CVE-2020-36750 | 2023-07-12 | The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on... |
| CVE-2021-4407 | 2023-07-12 | The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4408 | 2023-07-12 | The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation... |
| CVE-2021-4409 | 2023-07-12 | The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on... |
| CVE-2021-4410 | 2023-07-12 | The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4411 | 2023-07-12 | The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect... |
| CVE-2021-4412 | 2023-07-12 | The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4413 | 2023-07-12 | The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation... |
| CVE-2021-4414 | 2023-07-12 | The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce... |
| CVE-2021-4415 | 2023-07-12 | The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on... |
| CVE-2021-4416 | 2023-07-12 | The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost()... |
| CVE-2021-4417 | 2023-07-12 | The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due... |
| CVE-2023-3122 | 2023-07-12 | The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output... |
| CVE-2023-3080 | 2023-07-12 | The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and... |
| CVE-2023-3105 | 2023-07-12 | The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to... |
| CVE-2023-3525 | 2023-07-12 | The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes... |
| CVE-2023-3135 | 2023-07-12 | The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.0.0 due to insufficient input sanitization and... |
| CVE-2023-3011 | 2023-07-12 | The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the arm_check_user_cap... |
| CVE-2023-3168 | 2023-07-12 | The WP Reroute Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.4.9 due to insufficient input sanitization and... |
| CVE-2023-3093 | 2023-07-12 | The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This... |
| CVE-2023-3082 | 2023-07-12 | The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping.... |
| CVE-2023-3158 | 2023-07-12 | The Mail Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 0.2.8 due to insufficient input sanitization and output... |
| CVE-2023-3088 | 2023-07-12 | The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.1.1 due to insufficient input sanitization and output... |
| CVE-2023-3092 | 2023-07-12 | The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.2.16 due to insufficient input sanitization and output... |
| CVE-2023-2562 | 2023-07-12 | The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This... |
| CVE-2023-3199 | 2023-07-12 | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated attackers to update... |
| CVE-2023-3369 | 2023-07-12 | The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and... |
| CVE-2023-2869 | 2023-07-12 | The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3.... |
| CVE-2023-3023 | 2023-07-12 | The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user... |
| CVE-2023-2517 | 2023-07-12 | The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce... |
| CVE-2020-36752 | 2023-07-12 | The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to missing or incorrect... |
| CVE-2023-3202 | 2023-07-12 | The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_firebase_server_key function. This makes it possible for unauthenticated attackers to update... |
| CVE-2023-3167 | 2023-07-12 | The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.1 due to insufficient input sanitization and output... |
| CVE-2023-3166 | 2023-07-12 | The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input... |
| CVE-2023-3081 | 2023-07-12 | The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output... |
| CVE-2023-3087 | 2023-07-12 | The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping.... |
| CVE-2023-2561 | 2023-07-12 | The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This... |
| CVE-2023-37196 | 2023-07-12 | A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content,... |
| CVE-2023-37197 | 2023-07-12 | A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access unauthorized content,... |
| CVE-2023-37198 | 2023-07-12 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE uploads or tampers with install packages. |
| CVE-2021-4419 | 2023-07-12 | The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4420 | 2023-07-12 | The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the... |
| CVE-2020-36756 | 2023-07-12 | The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the create_csv_file()... |
| CVE-2021-4421 | 2023-07-12 | The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the... |
| CVE-2020-36757 | 2023-07-12 | The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incorrect nonce validation on... |
| CVE-2021-4422 | 2023-07-12 | The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on... |
| CVE-2021-4423 | 2023-07-12 | The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4424 | 2023-07-12 | The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-37199 | 2023-07-12 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that could cause remote code execution when an admin user on DCE tampers with backups which are then... |
| CVE-2023-2762 | 2023-07-12 | Use-After-Free vulnerability in SLDPRT file reading procedure affecting SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023 |
| CVE-2023-2763 | 2023-07-12 | Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023 |
| CVE-2023-37200 | 2023-07-12 | A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause loss of confidentiality when replacing a project file on the local filesystem and after manual restart... |
| CVE-2021-4425 | 2023-07-12 | The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the... |
| CVE-2020-36760 | 2023-07-12 | The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4426 | 2023-07-12 | The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the... |
| CVE-2020-36761 | 2023-07-12 | The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the... |
| CVE-2021-4427 | 2023-07-12 | The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect... |
| CVE-2023-32200 | 2023-07-12 | Apache Jena: Exposure of execution in script engine expressions. |
| CVE-2023-29414 | 2023-07-12 | A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a... |
| CVE-2023-3106 | 2023-07-12 | Kernel: netlink socket crash (null pointer deref) in netlink_dump function |
| CVE-2023-30916 | 2023-07-12 | In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2023-30917 | 2023-07-12 | In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2023-30918 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30919 | 2023-07-12 | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30920 | 2023-07-12 | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30921 | 2023-07-12 | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30922 | 2023-07-12 | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30923 | 2023-07-12 | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30924 | 2023-07-12 | In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30925 | 2023-07-12 | In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30926 | 2023-07-12 | In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30927 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30928 | 2023-07-12 | In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2023-30929 | 2023-07-12 | In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. |
| CVE-2023-30930 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30931 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30932 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30933 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30934 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30935 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |
| CVE-2023-30936 | 2023-07-12 | In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. |