The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-1174 | This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | -- | May 25, 2023 | n/a |
| CVE-2023-1173 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none. | -- | Nov 7, 2023 | n/a |
| CVE-2023-1172 | The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | -- | Mar 17, 2023 | n/a |
| CVE-2023-1170 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. | -- | Mar 3, 2023 | n/a |
| CVE-2023-1169 | The OoohBoi Steroids for Elementor plugin for WordPress is vulnerable to missing authorization due to a missing capability check on the \'file_uploader_callback\' function in versions up to, and including, 2.1.4. This makes it possible for subscriber-level attackers to upload image attachments to the site. | -- | Jun 9, 2023 | n/a |
| CVE-2023-1168 | An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX. | -- | Mar 22, 2023 | n/a |
| CVE-2023-1167 | Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an unauthorized access to security reports in MR. | -- | Apr 6, 2023 | n/a |
| CVE-2023-1166 | The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). | -- | Jun 27, 2023 | n/a |
| CVE-2023-1165 | A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. It has been classified as critical. This affects an unknown part of the file /api/admin/system/store/order/list. The manipulation of the argument keywords leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-222261 was assigned to this vulnerability. | -- | Mar 3, 2023 | n/a |
| CVE-2023-1164 | A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Affected by this issue is some unknown functionality of the component File Import. The manipulation leads to improper authorization. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.11-23 and 1.30.10-5.p23 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222260. | -- | Mar 3, 2023 | n/a |
| CVE-2023-1163 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Affected by this vulnerability is the function getSyslogFile of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument option leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222259. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | -- | Mar 3, 2023 | n/a |
| CVE-2023-1162 | ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Affected is an unknown function of the file mainfunction.cgi of the component Web Management Interface. The manipulation of the argument password leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-222258 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | -- | Mar 3, 2023 | n/a |
| CVE-2023-1161 | ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file | -- | Mar 5, 2023 | n/a |
| CVE-2023-1160 | Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. | -- | Mar 3, 2023 | n/a |
| CVE-2023-1159 | The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | -- | Jun 2, 2023 | n/a |
| CVE-2023-1158 | Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. | -- | May 25, 2023 | n/a |
| CVE-2023-1157 | A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Affected is the function elf_parser::Elf_parser::get_segments of the file elf_parser.cpp. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-222222 is the identifier assigned to this vulnerability. | -- | Mar 2, 2023 | n/a |
| CVE-2023-1156 | A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0. This vulnerability affects unknown code of the file admin/fecalysis_form.php. The manipulation of the argument itr_no leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-222220. | -- | Mar 2, 2023 | n/a |
| CVE-2023-1155 | The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | -- | Mar 2, 2023 | n/a |
| CVE-2023-1154 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Pacsrapor allows Reflected XSS.This issue affects Pacsrapor: before 1.22. | -- | Mar 26, 2023 | n/a |
| CVE-2023-1153 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection.This issue affects Pacsrapor: before 1.22. | -- | Mar 26, 2023 | n/a |
| CVE-2023-1152 | Improper Neutralization of Special Elements used in an SQL Command (\'SQL Injection\') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93. | -- | Mar 17, 2023 | n/a |
| CVE-2023-1151 | A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163. | -- | Mar 2, 2023 | n/a |
| CVE-2023-1150 | Uncontrolled resource consumption in Series WAGO 750-3x/-8x products may allow an unauthenticated remote attacker to DoS the MODBUS server with specially crafted packets. | -- | Jun 26, 2023 | n/a |
| CVE-2023-1149 | Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. | -- | Mar 2, 2023 | n/a |
| CVE-2023-1148 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | -- | Mar 3, 2023 | n/a |
| CVE-2023-1147 | Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. | -- | Mar 3, 2023 | n/a |
| CVE-2023-1146 | Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. | -- | Mar 3, 2023 | n/a |
| CVE-2023-1145 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1144 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization, which could result in privilege escalation. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1143 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1142 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege escalation. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1141 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote code execution. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1140 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an administrator. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1139 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests prior to authentication, resulting in remote code execution. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1138 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1137 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in privilege escalation. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1136 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1135 | In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1134 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials, and escalate privileges. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1133 | Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. The service accepts the unverified UDP packets and deserializes the content, which could allow an unauthenticated attacker to remotely execute arbitrary code. | -- | Mar 30, 2023 | n/a |
| CVE-2023-1132 | Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. | -- | May 18, 2023 | n/a |
| CVE-2023-1131 | A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. This vulnerability affects unknown code of the file customer.php. The manipulation of the argument FIRST_NAME/LAST_NAME/PHONE_NUMBER leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-222106 is the identifier assigned to this vulnerability. | -- | Mar 1, 2023 | n/a |
| CVE-2023-1130 | A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-222105 was assigned to this vulnerability. | -- | Mar 1, 2023 | n/a |
| CVE-2023-1129 | The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users. | -- | Apr 25, 2023 | n/a |
| CVE-2023-1127 | Divide By Zero in GitHub repository vim/vim prior to 9.0.1367. | -- | Mar 4, 2023 | n/a |
| CVE-2023-1126 | The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks | -- | Apr 25, 2023 | n/a |
| CVE-2023-1125 | The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own. | -- | May 2, 2023 | n/a |
| CVE-2023-1124 | The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. | -- | Apr 3, 2023 | n/a |
| CVE-2023-1122 | The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | -- | Apr 10, 2023 | n/a |
