The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2023-31698 | Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. | -- | May 17, 2023 |
| CVE-2023-31689 | In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. It can write arbitrary strings into custom file names and upload any files, and write malicious code to execute scripts to trigger command execution. | -- | May 23, 2023 |
| CVE-2023-31679 | Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter. | -- | May 16, 2023 |
| CVE-2023-31678 | Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended. | -- | May 16, 2023 |
| CVE-2023-31677 | Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter. | -- | May 16, 2023 |
| CVE-2023-31670 | An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. | -- | May 23, 2023 |
| CVE-2023-31669 | WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting \'@\' before a quote (). | -- | May 23, 2023 |
| CVE-2023-31664 | A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter. | -- | May 23, 2023 |
| CVE-2023-31655 | redis-7.0.10 was discovered to contain a segmentation violation. | -- | May 18, 2023 |
| CVE-2023-31631 | An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31630 | An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31629 | An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31628 | An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31627 | An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31626 | An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31625 | An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31624 | An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31623 | An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31622 | An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31621 | An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31620 | An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31619 | An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31618 | An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31617 | An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31616 | An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31615 | An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31614 | An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. | -- | May 15, 2023 |
| CVE-2023-31613 | An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31612 | An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31611 | An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31610 | An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31609 | An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31608 | An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31607 | An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | -- | May 15, 2023 |
| CVE-2023-31597 | An issue in Zammad v5.4.0 allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existing tickets. | -- | May 18, 2023 |
| CVE-2023-31595 | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. | -- | May 25, 2023 |
| CVE-2023-31594 | IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. | -- | May 25, 2023 |
| CVE-2023-31587 | Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | -- | May 16, 2023 |
| CVE-2023-31584 | GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. | -- | May 23, 2023 |
| CVE-2023-31576 | An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. | -- | May 16, 2023 |
| CVE-2023-31572 | An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. | -- | May 16, 2023 |
| CVE-2023-31568 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptRC4::PdfEncryptRC4. | -- | May 10, 2023 |
| CVE-2023-31567 | Podofo v0.10.0 was discovered to contain a heap buffer overflow via the component PoDoFo::PdfEncryptAESV3::PdfEncryptAESV3. | -- | May 10, 2023 |
| CVE-2023-31566 | Podofo v0.10.0 was discovered to contain a heap-use-after-free via the component PoDoFo::PdfEncrypt::IsMetadataEncrypted(). | -- | May 10, 2023 |
| CVE-2023-31557 | xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readEmbeddedFileTree(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS). | -- | May 10, 2023 |
| CVE-2023-31556 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfDictionary::findKeyParent. | -- | May 10, 2023 |
| CVE-2023-31555 | podofoinfo 0.10.0 was discovered to contain a segmentation violation via the function PoDoFo::PdfObject::DelayedLoad. | -- | May 10, 2023 |
| CVE-2023-31554 | xpdf pdfimages v4.04 was discovered to contain a stack overflow in the component Catalog::readPageLabelTree2(Object*). This vulnerability allows attackers to cause a Denial of Service (DoS). | -- | May 10, 2023 |
| CVE-2023-31544 | A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the Upload Image module. | -- | May 16, 2023 |
| CVE-2023-31531 | Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. | -- | May 11, 2023 |
