The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2023-29868 | Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. | -- | May 3, 2023 |
| CVE-2023-29867 | Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API. | -- | May 3, 2023 |
| CVE-2023-29863 | Medical Systems Co. Medisys Weblab Products v19.4.03 was discovered to contain a SQL injection vulnerability via the tem:statement parameter in the WSDL files. | -- | May 11, 2023 |
| CVE-2023-29862 | An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. | -- | May 15, 2023 |
| CVE-2023-29861 | An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. | -- | May 15, 2023 |
| CVE-2023-29857 | An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link. | -- | May 18, 2023 |
| CVE-2023-29856 | ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-868L Hardware version A1, firmware version 1.12 is vulnerable to Buffer Overflow. The vulnerability is in scandir.sgi binary. | -- | May 3, 2023 |
| CVE-2023-29855 | WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. | -- | Apr 18, 2023 |
| CVE-2023-29854 | DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the foreground. | -- | Apr 18, 2023 |
| CVE-2023-29850 | SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user\'s geolocation and device information. | -- | Apr 14, 2023 |
| CVE-2023-29849 | Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter. | -- | Apr 24, 2023 |
| CVE-2023-29848 | Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function. | -- | Apr 24, 2023 |
| CVE-2023-29847 | AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. These vulnerabilities allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | -- | Apr 14, 2023 |
| CVE-2023-29842 | ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. | -- | May 4, 2023 |
| CVE-2023-29839 | A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function. | -- | May 3, 2023 |
| CVE-2023-29838 | Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. | -- | May 23, 2023 |
| CVE-2023-29837 | Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page. | -- | May 18, 2023 |
| CVE-2023-29836 | Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. | -- | Apr 27, 2023 |
| CVE-2023-29835 | Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function. | -- | Apr 27, 2023 |
| CVE-2023-29827 | ** DISPUTED ** ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. NOTE: this is disputed by the vendor because the render function is not intended to be used with untrusted input. | -- | May 4, 2023 |
| CVE-2023-29820 | ** DISPUTED ** An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor\'s perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819. | -- | May 12, 2023 |
| CVE-2023-29819 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | -- | May 12, 2023 |
| CVE-2023-29818 | An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. | -- | May 12, 2023 |
| CVE-2023-29815 | mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). | -- | Apr 28, 2023 |
| CVE-2023-29809 | SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request. | -- | May 12, 2023 |
| CVE-2023-29808 | Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code. | -- | May 12, 2023 |
| CVE-2023-29805 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. | -- | Apr 14, 2023 |
| CVE-2023-29804 | WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. | -- | Apr 14, 2023 |
| CVE-2023-29803 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. | -- | Apr 14, 2023 |
| CVE-2023-29802 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. | -- | Apr 14, 2023 |
| CVE-2023-29801 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. | -- | Apr 14, 2023 |
| CVE-2023-29800 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. | -- | Apr 14, 2023 |
| CVE-2023-29799 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. | -- | Apr 14, 2023 |
| CVE-2023-29798 | TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. | -- | Apr 14, 2023 |
| CVE-2023-29791 | kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. | -- | May 11, 2023 |
| CVE-2023-29790 | kodbox 1.2.x through 1.3.7 has a Sensitive Information Leakage issue. | -- | May 12, 2023 |
| CVE-2023-29780 | Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. | -- | Apr 25, 2023 |
| CVE-2023-29779 | Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the \'Set_short_poll_interval\' command. | -- | Apr 25, 2023 |
| CVE-2023-29778 | GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | -- | May 3, 2023 |
| CVE-2023-29774 | Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). | -- | Apr 18, 2023 |
| CVE-2023-29772 | A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | -- | May 2, 2023 |
| CVE-2023-29746 | An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. | -- | Jun 2, 2023 |
| CVE-2023-29745 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. | -- | May 31, 2023 |
| CVE-2023-29743 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. | -- | May 30, 2023 |
| CVE-2023-29742 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database. | -- | May 31, 2023 |
| CVE-2023-29741 | An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database. | -- | May 30, 2023 |
| CVE-2023-29740 | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause a denial of service attack by manipulating the database. | -- | May 30, 2023 |
| CVE-2023-29739 | An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | -- | May 30, 2023 |
| CVE-2023-29738 | An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause code execution and escalation of Privileges via the database files. | -- | May 30, 2023 |
| CVE-2023-29737 | An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files. | -- | May 30, 2023 |
