Lista CVE - 2023 / Settembre
Visualizzazione 1101 - 1200 di 2148 CVE per Settembre 2023 (Pagina 12 di 22)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-40983 | 2023-09-15 | A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results... |
| CVE-2023-40984 | 2023-09-15 | A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results... |
| CVE-2023-40985 | 2023-09-15 | An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject... |
| CVE-2023-40986 | 2023-09-15 | A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the... |
| CVE-2023-41436 | 2023-09-15 | Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu... |
| CVE-2023-41626 | 2023-09-15 | Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface. |
| CVE-2023-42270 | 2023-09-15 | Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2023-42398 | 2023-09-15 | An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. |
| CVE-2023-4977 | 2023-09-15 | Code Injection in librenms/librenms |
| CVE-2023-4979 | 2023-09-15 | Cross-site Scripting (XSS) - Reflected in librenms/librenms |
| CVE-2023-4978 | 2023-09-15 | Cross-site Scripting (XSS) - DOM in librenms/librenms |
| CVE-2023-4980 | 2023-09-15 | Cross-site Scripting (XSS) - Generic in librenms/librenms |
| CVE-2023-4981 | 2023-09-15 | Cross-site Scripting (XSS) - DOM in librenms/librenms |
| CVE-2023-4982 | 2023-09-15 | Cross-site Scripting (XSS) - Stored in librenms/librenms |
| CVE-2023-4973 | 2023-09-15 | Academy LMS GET Parameter filter cross site scripting |
| CVE-2023-4974 | 2023-09-15 | Academy LMS GET Parameter filter sql injection |
| CVE-2023-3891 | 2023-09-15 | Lapce v0.2.8 - Privilege escalation via Race Condition |
| CVE-2022-20917 | 2023-09-15 | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that... |
| CVE-2023-4963 | 2023-09-15 | The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient... |
| CVE-2023-38039 | 2023-09-15 | When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit... |
| CVE-2023-4673 | 2023-09-15 | SQLi in Sanalogy's Turasistan |
| CVE-2023-4830 | 2023-09-15 | SQLi in Tura's Signalix |
| CVE-2023-32461 | 2023-09-15 | Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially... |
| CVE-2023-4831 | 2023-09-15 | SQLi in nCep |
| CVE-2023-4670 | 2023-09-15 | SQLi in Innosa's Probbys |
| CVE-2023-4231 | 2023-09-15 | SQLi in Cevik Informatics' Online Payment System |
| CVE-2023-4835 | 2023-09-15 | SQLi in CF's Oil Management Software |
| CVE-2023-4833 | 2023-09-15 | SQLi in Besttem's Network Marketing Software |
| CVE-2023-4661 | 2023-09-15 | SQLi in Saphira Connect |
| CVE-2023-4662 | 2023-09-15 | RCE in Saphira Connect |
| CVE-2023-4663 | 2023-09-15 | XSS in Saphira Connect |
| CVE-2023-4664 | 2023-09-15 | Privilage Escalation in Saphira Connect |
| CVE-2023-4665 | 2023-09-15 | Privilage Escalation in Saphira Connect |
| CVE-2023-4959 | 2023-09-15 | Quay: cross-site request forgery (csrf) on config-editor page |
| CVE-2022-3466 | 2023-09-15 | Cri-o: security regression of cve-2022-27652 |
| CVE-2023-4983 | 2023-09-15 | app1pro Shopicial search cross site scripting |
| CVE-2023-4984 | 2023-09-15 | didi KnowSearch 1 credentials storage |
| CVE-2023-4985 | 2023-09-15 | Supcon InPlant SCADA Project.xml improper authentication |
| CVE-2023-4986 | 2023-09-15 | Supcon InPlant SCADA Project.xml unknown vulnerability |
| CVE-2023-4987 | 2023-09-15 | infinitietech taskhub GET Parameter get_tasks_list sql injection |
| CVE-2023-4988 | 2023-09-15 | Bettershop LaikeTui unrestricted upload |
| CVE-2023-4991 | 2023-09-15 | NextBX QWAlerter QWAlerter.exe unquoted search path |
| CVE-2023-36479 | 2023-09-15 | Jetty vulnerable to errant command quoting in CGI Servlet |
| CVE-2023-36472 | 2023-09-15 | Strapi may leak sensitive user information, user reset password, tokens via content-manager views |
| CVE-2023-37263 | 2023-09-15 | Strapi's field level permissions not being respected in relationship title |
| CVE-2023-38507 | 2023-09-15 | Strapi Improper Rate Limiting vulnerability |
| CVE-2023-37281 | 2023-09-15 | Out-of-bounds read during IPHC address decompression |
| CVE-2023-37459 | 2023-09-15 | Out-of-bounds read when processing a received IPv6 packet |
| CVE-2023-38706 | 2023-09-15 | Discourse vulnerable to DoS via drafts |
| CVE-2023-40588 | 2023-09-15 | Discourse DoS via 2FA and Security Key Names |
| CVE-2023-41042 | 2023-09-15 | Discourse DoS via remote theme assets |
| CVE-2023-41043 | 2023-09-15 | Discourse DoS via SvgSprite cache |
| CVE-2023-40018 | 2023-09-15 | FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID |
| CVE-2023-40019 | 2023-09-15 | FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names |
| CVE-2023-40167 | 2023-09-15 | Jetty accepts "+" prefixed value in Content-Length |
| CVE-2023-41325 | 2023-09-15 | OP-TEE double free in shdr_verify_signature |
| CVE-2023-41880 | 2023-09-15 | Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64 |
| CVE-2023-41886 | 2023-09-15 | OpenRefine vulnerable to arbitrary file read in project import with mysql jdbc url attack |
| CVE-2023-41887 | 2023-09-15 | Remote Code exec in project import with mysql jdbc url attack |
| CVE-2023-41889 | 2023-09-15 | Late-Unicode normalization vulnerability in SHIRASAGI |
| CVE-2023-0923 | 2023-09-15 | Odh-notebook-controller-container: missing authorization allows for file contents disclosure |
| CVE-2023-0813 | 2023-09-15 | Network-observability-console-plugin-container: setting loki authtoken configuration to disable or host mode leads to authentication longer being enforced |
| CVE-2023-41900 | 2023-09-15 | Jetty's OpenId Revoked authentication allows one request |
| CVE-2022-3261 | 2023-09-15 | Plain-text passwords saved in /var/log/messages |
| CVE-2023-42439 | 2023-09-15 | GeoNode SSRF Bypass to return internal host data |
| CVE-2023-42442 | 2023-09-15 | JumpServer session replays download without authentication |
| CVE-2023-36735 | 2023-09-15 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-36727 | 2023-09-15 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2023-36562 | 2023-09-15 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-39612 | 2023-09-16 | A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL. |
| CVE-2023-39777 | 2023-09-16 | A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. |
| CVE-2023-41157 | 2023-09-16 | Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage... |
| CVE-2023-42336 | 2023-09-16 | An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. |
| CVE-2023-4994 | 2023-09-16 | The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated... |
| CVE-2023-5001 | 2023-09-16 | The Horizontal scrolling announcement for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization... |
| CVE-2023-3025 | 2023-09-16 | The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to... |
| CVE-2023-5012 | 2023-09-16 | Topaz OFD Protection Module Warsaw core.exe unquoted search path |
| CVE-2023-5013 | 2023-09-16 | Pluck CMS Installation install.php cross site scripting |
| CVE-2023-5014 | 2023-09-17 | Sakshi2610 Food Ordering Website categoryfood.php sql injection |
| CVE-2023-5015 | 2023-09-17 | UCMS cross site scripting |
| CVE-2023-5016 | 2023-09-17 | spider-flow API DataSourceController.java DriverManager.getConnection deserialization |
| CVE-2023-5017 | 2023-09-17 | lmxcms admin.php sql injection |
| CVE-2023-5018 | 2023-09-17 | SourceCodester Lost and Found Information System POST Parameter sql injection |
| CVE-2023-5019 | 2023-09-17 | Tongda OA delete.php sql injection |
| CVE-2023-5020 | 2023-09-17 | 07FLY CRM Administrator Login Page sql injection |
| CVE-2023-38040 | 2023-09-17 | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. |
| CVE-2023-5021 | 2023-09-17 | SourceCodester AC Repair and Services System cross site scripting |
| CVE-2023-5022 | 2023-09-17 | DedeCMS select_templets_post.php absolute path traversal |
| CVE-2023-5023 | 2023-09-17 | Tongda OA delete.php sql injection |
| CVE-2023-5024 | 2023-09-17 | Planno Comment cross site scripting |
| CVE-2023-5025 | 2023-09-17 | KOHA MARC search.pl cross site scripting |
| CVE-2023-5026 | 2023-09-17 | Tongda OA cross site scripting |
| CVE-2023-5028 | 2023-09-17 | China Unicom TEWA-800G debug log file |
| CVE-2023-5027 | 2023-09-17 | SourceCodester Simple Membership System club_validator.php sql injection |
| CVE-2023-5029 | 2023-09-17 | mccms 1 sql injection |
| CVE-2023-5030 | 2023-09-17 | Tongda OA delete.php sql injection |
| CVE-2020-36766 | 2023-09-18 | An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a... |
| CVE-2021-26837 | 2023-09-18 | SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. |
| CVE-2023-33831 | 2023-09-18 | A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. |
| CVE-2023-34195 | 2023-09-18 | An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and... |