Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2023-12-29
Medium

CVE-2023-44088

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Arbitrary SQL queries were allowed to be executed using…

Read more
High

CVE-2023-41815

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Malicious code could be executed in the Fil…

Read more
Low

CVE-2023-41814

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Through an HTML payload (iframe tag) it is…

Read more
Low

CVE-2023-41813

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user not…

Read more
High

CVE-2023-52135

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WS Form WS Form LITE – Drag & Drop Contact Form Builder for WordPress.This issue affects WS Form…

Read more
Medium

CVE-2023-51541

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Stored XSS.This issue affects Stock Ticker: from n/a thro…

Read more
Medium

CVE-2023-51399

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.This issue affects Back Button Widget: from n/a th…

Read more
Medium

CVE-2023-51397

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.This issue affects WP Remote Site Search…

Read more
Medium

CVE-2023-51396

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brizy.Io Brizy – Page Builder allows Stored XSS.This issue affects Brizy – Page Builder: from n/a…

Read more
Medium

CVE-2023-51374

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZeroBounce ZeroBounce Email Verification & Validation allows Stored XSS.This issue affects ZeroBo…

Read more
High

CVE-2023-51373

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.This issue affects Googl…

Read more
Medium

CVE-2023-51372

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HashBar – WordPress Notification Bar allows Stored XSS.This issue affects HashBar – Wor…

Read more
Medium

CVE-2023-51371

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bit Assist Chat Widget: WhatsApp Chat, Facebook Messenger Chat, Telegram Chat Bubble, Line Messen…

Read more
Medium

CVE-2023-51361

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ginger Plugins Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat an…

Read more
High

CVE-2023-50901

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega – Absolute Addons For Elementor allows Reflected XSS.This issue affects HT Mega…

Read more
Medium

CVE-2023-50896

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in weForms weForms – Easy Drag & Drop Contact Form Builder For WordPress allows Stored XSS.This issu…

Read more
Medium

CVE-2023-7104

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make a…

Read more
Critical

CVE-2023-51420

Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.This issue affects Verge3D Publishing and E-Commerce: from n/a through 4.5.2.

Read more
Medium

CVE-2023-4468

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The…

Read more
Medium

CVE-2023-4467

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Affected by this issue is some unknown functionality of the component Test Automation Mode. The manipulation leads t…

Read more
Low

CVE-2023-4466

A vulnerability has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interfac…

Read more
Low

CVE-2023-4465

A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E30…

Read more
High

CVE-2023-4464

A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E…

Read more
Medium

CVE-2023-4463

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of…

Read more
Low

CVE-2023-4462

A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE…

Read more
Critical

CVE-2023-49830

Improper Control of Generation of Code ('Code Injection') vulnerability in Brainstorm Force Astra Pro.This issue affects Astra Pro: from n/a through 4.3.1.

Read more
Medium

CVE-2023-32517

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps MailChimp Subscribe Form, Optin Builder, PopUp Builder, Form Builder.This issue affects MailChimp Subscribe Form, Optin…

Read more
Medium

CVE-2023-32101

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pexle Chris Library Viewer.This issue affects Library Viewer: from n/a through 2.0.6.

Read more
Medium

CVE-2023-31237

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Dylan James Zephyr Project Manager.This issue affects Zephyr Project Manager: from n/a through 3.3.9.

Read more
Medium

CVE-2023-31229

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP Directory Kit.This issue affects WP Directory Kit: from n/a through 1.1.9.

Read more
Medium

CVE-2023-31095

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for HubSpot and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for HubSpot a…

Read more
Low

CVE-2023-28786

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SolidWP Solid Security – Password, Two Factor Authentication, and Brute Force Protection.This issue affects Solid Security – Passw…

Read more
High

CVE-2022-44589

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator – WordPress Two Factor Authentication – 2FA , Two Factor, OTP SMS and Email |…

Read more
Low

CVE-2023-7166

A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. This affects an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manip…

Read more
Critical

CVE-2023-47840

Improper Control of Generation of Code ('Code Injection') vulnerability in Qode Interactive Qode Essential Addons.This issue affects Qode Essential Addons: from n/a through 1.5.2.

Read more
Critical

CVE-2023-46623

Improper Control of Generation of Code ('Code Injection') vulnerability in TienCOP WP EXtra.This issue affects WP EXtra: from n/a through 6.2.

Read more
Critical

CVE-2023-45751

Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.This issue affects Nexter Extension: from n/a through 2.0.3.

Read more
Critical

CVE-2023-40606

Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.This issue affects Kanban Boards for WordPress: from n/a through 2.5.21.

Read more
Critical

CVE-2023-32095

Improper Control of Generation of Code ('Code Injection') vulnerability in Milan Dinić Rename Media Files.This issue affects Rename Media Files: from n/a through 1.0.1.

Read more
Critical

CVE-2023-25054

Improper Control of Generation of Code ('Code Injection') vulnerability in David F. Carr RSVPMaker.This issue affects RSVPMaker: from n/a through 10.6.6.

Read more
High

CVE-2023-22677

Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.This issue affects WP Booklet: from n/a through 2.1.8.

Read more
Low

CVE-2023-22676

Missing Authorization vulnerability in Anders Thorborg.This issue affects Anders Thorborg: from n/a through 1.4.12.

Read more
High

CVE-2023-7161

A vulnerability classified as critical has been found in Netentsec NS-ASG Application Security Gateway 6.3.1. This affects an unknown part of the file index.php?para=index of the component Login. The…

Read more
Low

CVE-2023-7160

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler.…

Read more
Medium

CVE-2023-7159

A vulnerability was found in gopeak MasterLab up to 3.3.10. It has been declared as critical. Affected by this vulnerability is the function add/update of the file app/ctrl/admin/User.php. The manipu…

Read more
High

CVE-2023-7158

A vulnerability was found in MicroPython up to 1.21.0. It has been classified as critical. Affected is the function slice_indices of the file objslice.c. The manipulation leads to heap-based buffer o…

Read more
Critical

CVE-2023-23634

SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint.

Read more
Medium

CVE-2023-7157

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /app/ajax/sell_retu…

Read more
High

CVE-2023-7156

A vulnerability has been found in Campcodes Online College Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file index.php of the component Search. The ma…

Read more
Medium

CVE-2023-31302

Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field.

Read more
High

CVE-2023-31300

An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext cr…

Read more
High

CVE-2023-31295

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field.

Read more
Medium

CVE-2023-7155

A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. This affects an unknown part of the file /ample/app/action/edit_pr…

Read more
Medium

CVE-2023-7152

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function poll_set_add_fd of the file extmod/modselect.c. The mani…

Read more
Medium

CVE-2023-31299

Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a contain…

Read more
Medium

CVE-2023-7150

A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Affected by this vulnerability is an unknown functionality of the file product-list.php of the component Prod…

Read more
Low

CVE-2023-7149

A vulnerability was found in code-projects QR Code Generator 1.0. It has been classified as problematic. This affects an unknown part of the file /download.php?file=author.png. The manipulation of th…

Read more
Medium

CVE-2023-6939

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service.

Read more
Critical

CVE-2023-52174

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6.

Read more
Critical

CVE-2023-52173

XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0.

Read more
High

CVE-2023-51435

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Read more
Critical

CVE-2023-51434

Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution.

Read more
Low

CVE-2023-51433

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Read more
Low

CVE-2023-51432

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

Read more
Medium

CVE-2023-51430

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Read more
Medium

CVE-2023-51429

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak.

Read more
Medium

CVE-2023-51428

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

Read more
Medium

CVE-2023-51427

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

Read more
Medium

CVE-2023-51426

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

Read more
Medium

CVE-2023-31296

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field.

Read more
Medium

CVE-2023-23443

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

Read more
Medium

CVE-2023-23442

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak.

Read more
Medium

CVE-2023-23441

Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak.

Read more
Medium

CVE-2023-7148

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file src/main/java/ml/shifu/shifu/core/DataPurifie…

Read more
Medium

CVE-2023-7147

A vulnerability, which was classified as critical, was found in gopeak MasterLab up to 3.3.10. Affected is the function base64ImageContent of the file app/ctrl/User.php. The manipulation of the argum…

Read more
High

CVE-2023-31294

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field.

Read more
Medium

CVE-2023-23438

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions

Read more
Low

CVE-2023-23437

Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak

Read more
Low

CVE-2023-23430

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

Read more
Medium

CVE-2023-23429

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

Read more
Low

CVE-2023-23428

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

Read more
Medium

CVE-2023-23427

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

Read more
Medium

CVE-2023-7146

A vulnerability, which was classified as critical, has been found in gopeak MasterLab up to 3.3.10. This issue affects the function sqlInjectDelete of the file app/ctrl/framework/Feature.php of the c…

Read more
Medium

CVE-2023-7145

A vulnerability classified as critical was found in gopeak MasterLab up to 3.3.10. This vulnerability affects the function sqlInject of the file app/ctrl/Framework.php of the component HTTP POST Requ…

Read more
Medium

CVE-2023-31301

Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive inform…

Read more
Medium

CVE-2023-31298

Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information v…

Read more
Medium

CVE-2023-31292

An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" at…

Read more
High

CVE-2023-23436

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file

Read more
Medium

CVE-2023-23435

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file

Read more
Medium

CVE-2023-23433

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

Read more
High

CVE-2023-23432

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

Read more
High

CVE-2023-23431

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file.

Read more
Medium

CVE-2023-7144

A vulnerability classified as critical has been found in gopeak MasterLab up to 3.3.10. This affects the function sqlInject of the file app/ctrl/framework/Feature.php of the component HTTP POST Reque…

Read more
Low

CVE-2023-7143

A vulnerability was found in code-projects Client Details System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/regester.php. The manip…

Read more
Medium

CVE-2023-7142

A vulnerability was found in code-projects Client Details System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/clientview.php…

Read more
Medium

CVE-2023-7141

A vulnerability was found in code-projects Client Details System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/update-clients.php. The manipulation of…

Read more
Low

CVE-2023-52085

Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further proce…

Read more
Critical

CVE-2023-50104

ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.

Read more
2023-12-28
Medium

CVE-2023-7140

A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of…

Read more
Medium

CVE-2023-7139

A vulnerability has been found in code-projects Client Details System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/regester.php of the component HTTP…

Read more
High

CVE-2023-52152

mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds read and application crash because it lacks a certain host length recalculation.

Read more
Low

CVE-2023-52084

Winter is a free, open-source content management system. Prior to 1.2.4, Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be rendered unesc…

Read more
Low

CVE-2023-52083

Winter is a free, open-source content management system. Prior to 1.2.4, users with the `media.manage_media` permission can upload files to the Media Manager and rename them after uploading. Previou…

Read more
Medium

CVE-2023-50448

In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at certai…

Read more
Medium

CVE-2023-7138

A vulnerability, which was classified as critical, was found in code-projects Client Details System 1.0. This affects an unknown part of the file /admin of the component HTTP POST Request Handler. Th…

Read more
Medium

CVE-2023-7137

A vulnerability, which was classified as critical, has been found in code-projects Client Details System 1.0. Affected by this issue is some unknown functionality of the component HTTP POST Request H…

Read more
Medium

CVE-2022-36399

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.This issue affects Booked - Appointment Booking for WordP…

Read more
Low

CVE-2023-7136

A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /main/doctype.php of the comp…

Read more
Low

CVE-2023-7135

A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Affected is an unknown function of the file /main/offices.php of the component Offices Handler.…

Read more
Medium

CVE-2023-7134

A vulnerability was found in SourceCodester Medicine Tracking System 1.0. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument page leads to pat…

Read more
Critical

CVE-2023-50839

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin.This issue affects JS Help Desk – Bes…

Read more
High

CVE-2023-50838

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder – Contact forms and much more.This issue affects NEX-Form…

Read more
High

CVE-2023-50847

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Collne Inc. Welcart e-Commerce.This issue affects Welcart e-Commerce: from n/a through 2.9.3.

Read more
High

CVE-2023-50846

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RegistrationMagic RegistrationMagic – Custom Registration Forms, User Registration, Payment, and…

Read more
High

CVE-2023-50845

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AyeCode - WordPress Business Directory Plugins GeoDirectory – WordPress Business Directory Plugin…

Read more
High

CVE-2023-50844

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in James Ward Mail logging – WP Mail Catcher.This issue affects Mail logging – WP Mail Catcher: from…

Read more
High

CVE-2023-50843

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Clockwork Clockwork SMS Notfications.This issue affects Clockwork SMS Notfications: from n/a thro…

Read more
High

CVE-2023-50842

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Matthew Fries MF Gig Calendar.This issue affects MF Gig Calendar: from n/a through 1.2.1.

Read more
High

CVE-2023-50841

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugi…

Read more
High

CVE-2023-50840

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevelop, oplugins Booking Manager.This issue affects Booking Manager: from n/a through 2.1.5.

Read more