FEED Validator

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

• line 2512, column 0: description contains bad characters: � (4 occurrences) [help]

      <description>PCRS &amp;lt;= 3.11 (d0de1e) &amp;acirc;&amp;euro;&amp;oeli ...
  

Source: https://nvd.nist.gov/feeds/xml/cve/misc/nvd-rss.xml

1. <?xml version="1.0" encoding="UTF-8"?>
2. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://purl.org/rss/1.0/" xmlns:dc="http://purl.org/dc/elements/1.1/">
3.  <channel rdf:about="https://web.nvd.nist.gov/view/vuln/search">
4.    <title>National Vulnerability Database</title>
5.    <link>https://web.nvd.nist.gov/view/vuln/search</link>
6.    <description>This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.</description>
7.    <items>
8.      <rdf:Seq>
9.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-20187" />
10.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7252" />
11.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25092" />
12.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25093" />
13.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28407" />
14.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4430" />
15.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3172" />
16.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43554" />
17.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43555" />
18.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44569" />
19.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45373" />
20.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45805" />
21.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46808" />
22.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46818" />
23.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46849" />
24.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46859" />
25.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46860" />
26.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47420" />
27.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47426" />
28.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47428" />
29.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47430" />
30.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47432" />
31.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47445" />
32.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47588" />
33.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48192" />
34.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48193" />
35.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48454" />
36.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48455" />
37.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48456" />
38.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48457" />
39.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48458" />
40.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48459" />
41.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48460" />
42.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48461" />
43.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4900" />
44.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1192" />
45.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1193" />
46.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1194" />
47.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1476" />
48.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1713" />
49.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1714" />
50.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1715" />
51.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1716" />
52.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1717" />
53.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1718" />
54.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1719" />
55.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1720" />
56.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20005" />
57.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20031" />
58.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20041" />
59.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20042" />
60.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20048" />
61.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20063" />
62.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20070" />
63.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20071" />
64.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20074" />
65.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20083" />
66.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20086" />
67.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20095" />
68.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20114" />
69.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20155" />
70.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20170" />
71.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20175" />
72.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20177" />
73.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20195" />
74.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20196" />
75.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20206" />
76.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20213" />
77.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20219" />
78.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20220" />
79.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20244" />
80.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20245" />
81.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20246" />
82.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20247" />
83.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20255" />
84.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20256" />
85.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20264" />
86.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20267" />
87.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20270" />
88.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20702" />
89.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23368" />
90.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23369" />
91.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23702" />
92.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25700" />
93.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25800" />
94.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25960" />
95.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25990" />
96.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26015" />
97.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26452" />
98.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26453" />
99.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26454" />
100.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26455" />
101.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26456" />
102.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27605" />
103.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28748" />
104.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28794" />
105.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29043" />
106.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29044" />
107.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29045" />
108.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29046" />
109.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29047" />
110.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31016" />
111.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31017" />
112.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31018" />
113.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31019" />
114.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31020" />
115.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31021" />
116.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31022" />
117.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31023" />
118.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31026" />
119.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31027" />
120.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31102" />
121.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31579" />
122.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164" />
123.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32121" />
124.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3246" />
125.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32508" />
126.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32741" />
127.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3277" />
128.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32818" />
129.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32825" />
130.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32832" />
131.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32834" />
132.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32835" />
133.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32836" />
134.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32837" />
135.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32838" />
136.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32839" />
137.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32840" />
138.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33226" />
139.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33227" />
140.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33228" />
141.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33924" />
142.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397" />
143.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3399" />
144.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34179" />
145.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34259" />
146.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34260" />
147.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34261" />
148.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34383" />
149.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35896" />
150.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35910" />
151.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35911" />
152.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36022" />
153.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36029" />
154.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36034" />
155.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36409" />
156.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36529" />
157.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36620" />
158.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36621" />
159.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36677" />
160.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36769" />
161.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38382" />
162.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38391" />
163.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38406" />
164.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38407" />
165.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38469" />
166.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38470" />
167.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38471" />
168.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38472" />
169.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38473" />
170.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3893" />
171.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38965" />
172.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39042" />
173.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39047" />
174.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39048" />
175.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39050" />
176.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39051" />
177.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39053" />
178.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39054" />
179.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39057" />
180.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3909" />
181.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39281" />
182.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39283" />
183.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39284" />
184.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39299" />
185.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39301" />
186.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39345" />
187.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3961" />
188.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3972" />
189.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40061" />
190.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40062" />
191.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40207" />
192.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40215" />
193.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4043" />
194.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40609" />
195.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40660" />
196.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40661" />
197.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4091" />
198.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40922" />
199.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41164" />
200.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41259" />
201.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41260" />
202.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41343" />
203.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41344" />
204.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41345" />
205.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41346" />
206.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41347" />
207.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41348" />
208.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41350" />
209.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41351" />
210.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41352" />
211.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41353" />
212.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41354" />
213.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41355" />
214.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41356" />
215.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41357" />
216.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41378" />
217.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41652" />
218.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41685" />
219.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41725" />
220.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41726" />
221.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41914" />
222.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4197" />
223.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4198" />
224.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42027" />
225.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42029" />
226.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4217" />
227.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42299" />
228.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42631" />
229.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42632" />
230.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42633" />
231.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42634" />
232.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42635" />
233.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42636" />
234.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42637" />
235.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42638" />
236.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42639" />
237.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42640" />
238.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42641" />
239.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42642" />
240.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42643" />
241.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42644" />
242.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42645" />
243.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42646" />
244.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42647" />
245.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42648" />
246.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42649" />
247.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42650" />
248.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42651" />
249.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42652" />
250.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42653" />
251.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42654" />
252.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42655" />
253.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42669" />
254.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42670" />
255.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42750" />
256.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42802" />
257.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43018" />
258.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43076" />
259.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43087" />
260.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43193" />
261.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43194" />
262.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43336" />
263.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43665" />
264.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43982" />
265.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44025" />
266.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44271" />
267.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44398" />
268.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4452" />
269.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44954" />
270.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45001" />
271.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45012" />
272.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45013" />
273.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45014" />
274.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45015" />
275.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45016" />
276.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45017" />
277.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45018" />
278.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45019" />
279.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45024" />
280.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45046" />
281.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45055" />
282.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45069" />
283.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45074" />
284.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45111" />
285.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45112" />
286.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45113" />
287.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45114" />
288.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45161" />
289.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45163" />
290.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45189" />
291.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45201" />
292.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45202" />
293.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45203" />
294.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45323" />
295.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45324" />
296.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45325" />
297.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45326" />
298.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45327" />
299.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45328" />
300.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45329" />
301.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45330" />
302.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45331" />
303.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45332" />
304.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45333" />
305.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45334" />
306.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45335" />
307.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45336" />
308.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45337" />
309.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45338" />
310.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45339" />
311.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45340" />
312.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45341" />
313.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45342" />
314.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45343" />
315.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45344" />
316.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45345" />
317.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45346" />
318.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45347" />
319.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4535" />
320.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45360" />
321.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45362" />
322.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45556" />
323.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45657" />
324.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45827" />
325.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45830" />
326.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4591" />
327.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4592" />
328.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46084" />
329.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46176" />
330.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4625" />
331.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46251" />
332.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46254" />
333.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46327" />
334.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46352" />
335.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46380" />
336.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46381" />
337.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46382" />
338.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46404" />
339.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46428" />
340.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46448" />
341.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46475" />
342.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46482" />
343.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46517" />
344.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46595" />
345.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46695" />
346.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46724" />
347.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46725" />
348.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46728" />
349.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46731" />
350.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46732" />
351.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46775" />
352.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46776" />
353.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46777" />
354.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46778" />
355.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46779" />
356.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46780" />
357.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46781" />
358.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46782" />
359.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46783" />
360.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46802" />
361.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46817" />
362.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46821" />
363.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46822" />
364.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46823" />
365.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46824" />
366.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46846" />
367.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46847" />
368.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46848" />
369.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46911" />
370.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46925" />
371.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46927" />
372.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46928" />
373.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46930" />
374.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46931" />
375.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46947" />
376.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46954" />
377.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46958" />
378.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46963" />
379.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46964" />
380.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46980" />
381.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46981" />
382.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4699" />
383.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4700" />
384.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47004" />
385.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47177" />
386.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47182" />
387.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47184" />
388.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47185" />
389.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47186" />
390.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47204" />
391.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47233" />
392.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47234" />
393.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47235" />
394.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47249" />
395.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47253" />
396.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47258" />
397.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47259" />
398.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47260" />
399.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47271" />
400.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47272" />
401.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4767" />
402.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4768" />
403.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4769" />
404.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4810" />
405.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4858" />
406.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4910" />
407.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4930" />
408.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4996" />
409.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5035" />
410.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5082" />
411.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088" />
412.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5090" />
413.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5178" />
414.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5181" />
415.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5228" />
416.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5352" />
417.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5354" />
418.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5355" />
419.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5358" />
420.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5408" />
421.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5454" />
422.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5480" />
423.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5482" />
424.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5530" />
425.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5601" />
426.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5605" />
427.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5606" />
428.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5625" />
429.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5627" />
430.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5678" />
431.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5707" />
432.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5719" />
433.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5763" />
434.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5765" />
435.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5766" />
436.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5771" />
437.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5777" />
438.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5823" />
439.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5824" />
440.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5825" />
441.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5831" />
442.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5846" />
443.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5847" />
444.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5849" />
445.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5850" />
446.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5851" />
447.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5852" />
448.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5853" />
449.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5854" />
450.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5855" />
451.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5856" />
452.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5857" />
453.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5858" />
454.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5859" />
455.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5860" />
456.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5875" />
457.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5876" />
458.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5910" />
459.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5916" />
460.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5917" />
461.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5918" />
462.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5919" />
463.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5920" />
464.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5923" />
465.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5924" />
466.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5925" />
467.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5926" />
468.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5927" />
469.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5928" />
470.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5929" />
471.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5930" />
472.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5945" />
473.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5946" />
474.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5948" />
475.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5950" />
476.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5963" />
477.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5964" />
478.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5967" />
479.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5968" />
480.        <rdf:li rdf:resource="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5969" />
481.      </rdf:Seq>
482.    </items>
483.    <dc:date>2023-11-07T01:00:00Z</dc:date>
484.    <dc:language>en-us</dc:language>
485.    <dc:rights>This material is not copywritten and may be freely used, however, attribution is requested.</dc:rights>
486.  </channel>
487.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-20187">
488.    <title>CVE-2017-20187</title>
489.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-20187</link>
490.    <description>** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3.1 is able to address this issue. The patch is identified as 500d340e1f6421007413cc08a8383475221c2604. It is recommended to upgrade the affected component. VDB-244482 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.</description>
491.    <dc:date>2023-11-05T21:15:09Z</dc:date>
492.  </item>
493.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7252">
494.    <title>CVE-2017-7252</title>
495.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7252</link>
496.    <description>bcrypt password hashing in Botan before 2.1.0 does not correctly handle passwords with a length between 57 and 72 characters, which makes it easier for attackers to determine the cleartext password.</description>
497.    <dc:date>2023-11-03T01:15:07Z</dc:date>
498.  </item>
499.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25092">
500.    <title>CVE-2018-25092</title>
501.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25092</link>
502.    <description>A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Command Mention Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The patch is named cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244483.</description>
503.    <dc:date>2023-11-05T21:15:09Z</dc:date>
504.  </item>
505.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25093">
506.    <title>CVE-2018-25093</title>
507.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-25093</link>
508.    <description>A vulnerability was found in Vaerys-Dawn DiscordSailv2 up to 2.10.2. It has been rated as critical. Affected by this issue is some unknown functionality of the component Tag Handler. The manipulation leads to improper access controls. Upgrading to version 2.10.3 is able to address this issue. The name of the patch is cc12e0be82a5d05d9f359ed8e56088f4f8b8eb69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-244484.</description>
509.    <dc:date>2023-11-06T01:15:08Z</dc:date>
510.  </item>
511.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28407">
512.    <title>CVE-2020-28407</title>
513.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-28407</link>
514.    <description>In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary files via a symlink attack against a temporary file such as TMP2-00.permall.</description>
515.    <dc:date>2023-11-03T04:15:15Z</dc:date>
516.  </item>
517.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4430">
518.    <title>CVE-2021-4430</title>
519.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-4430</link>
520.    <description>A vulnerability classified as problematic has been found in Ortus Solutions ColdBox Elixir 3.1.6. This affects an unknown part of the file src/defaultConfig.js of the component ENV Variable Handler. The manipulation leads to information disclosure. Upgrading to version 3.1.7 is able to address this issue. The identifier of the patch is a3aa62daea2e44c76d08d1eac63768cd928cd69e. It is recommended to upgrade the affected component. The identifier VDB-244485 was assigned to this vulnerability.</description>
521.    <dc:date>2023-11-06T08:15:21Z</dc:date>
522.  </item>
523.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3172">
524.    <title>CVE-2022-3172</title>
525.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3172</link>
526.    <description>A security issue was discovered in kube-apiserver that allows an
527. aggregated API server to redirect client traffic to any URL.  This could
528. lead to the client performing unexpected actions as well as forwarding
529. the client's API server credentials to third parties.</description>
530.    <dc:date>2023-11-03T20:15:08Z</dc:date>
531.  </item>
532.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43554">
533.    <title>CVE-2022-43554</title>
534.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43554</link>
535.    <description>Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability</description>
536.    <dc:date>2023-11-03T20:15:08Z</dc:date>
537.  </item>
538.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43555">
539.    <title>CVE-2022-43555</title>
540.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-43555</link>
541.    <description>Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability</description>
542.    <dc:date>2023-11-03T20:15:08Z</dc:date>
543.  </item>
544.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44569">
545.    <title>CVE-2022-44569</title>
546.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-44569</link>
547.    <description>A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.</description>
548.    <dc:date>2023-11-03T20:15:08Z</dc:date>
549.  </item>
550.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45373">
551.    <title>CVE-2022-45373</title>
552.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45373</link>
553.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows SQL Injection.This issue affects Slimstat Analytics: from n/a through 5.0.4.</description>
554.    <dc:date>2023-11-06T08:15:21Z</dc:date>
555.  </item>
556.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45805">
557.    <title>CVE-2022-45805</title>
558.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45805</link>
559.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Paytm Paytm Payment Gateway paytm-payments allows SQL Injection.This issue affects Paytm Payment Gateway: from n/a through 2.7.3.</description>
560.    <dc:date>2023-11-03T13:15:08Z</dc:date>
561.  </item>
562.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46808">
563.    <title>CVE-2022-46808</title>
564.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46808</link>
565.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Repute Infosystems ARMember armember-membership allows SQL Injection.This issue affects ARMember: from n/a through 3.4.11.</description>
566.    <dc:date>2023-11-03T13:15:08Z</dc:date>
567.  </item>
568.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46818">
569.    <title>CVE-2022-46818</title>
570.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46818</link>
571.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Gopi Ramasamy Email posts to subscribers allows SQL Injection.This issue affects Email posts to subscribers: from n/a through 6.2.</description>
572.    <dc:date>2023-11-03T16:15:30Z</dc:date>
573.  </item>
574.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46849">
575.    <title>CVE-2022-46849</title>
576.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46849</link>
577.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar Coming Soon Page &amp;acirc;&amp;euro;&amp;ldquo; Responsive Coming Soon &amp;amp; Maintenance Mode allows SQL Injection.This issue affects Coming Soon Page &amp;acirc;&amp;euro;&amp;ldquo; Responsive Coming Soon &amp;amp; Maintenance Mode: from n/a through 1.5.9.</description>
578.    <dc:date>2023-11-06T08:15:21Z</dc:date>
579.  </item>
580.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46859">
581.    <title>CVE-2022-46859</title>
582.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46859</link>
583.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.1.</description>
584.    <dc:date>2023-11-03T13:15:08Z</dc:date>
585.  </item>
586.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46860">
587.    <title>CVE-2022-46860</title>
588.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-46860</link>
589.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in KaizenCoders Short URL allows SQL Injection.This issue affects Short URL: from n/a through 1.6.4.</description>
590.    <dc:date>2023-11-06T08:15:21Z</dc:date>
591.  </item>
592.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47420">
593.    <title>CVE-2022-47420</title>
594.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47420</link>
595.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.</description>
596.    <dc:date>2023-11-06T08:15:21Z</dc:date>
597.  </item>
598.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47426">
599.    <title>CVE-2022-47426</title>
600.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47426</link>
601.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Neshan Maps Platform Neshan Maps neshan-maps allows SQL Injection.This issue affects Neshan Maps: from n/a through 1.1.4.</description>
602.    <dc:date>2023-11-03T13:15:08Z</dc:date>
603.  </item>
604.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47428">
605.    <title>CVE-2022-47428</title>
606.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47428</link>
607.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpDevArt Booking calendar, Appointment Booking System allows SQL Injection.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.7.</description>
608.    <dc:date>2023-11-06T08:15:21Z</dc:date>
609.  </item>
610.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47430">
611.    <title>CVE-2022-47430</title>
612.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47430</link>
613.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar The School Management &amp;acirc;&amp;euro;&amp;ldquo; Education &amp;amp; Learning Management allows SQL Injection.This issue affects The School Management &amp;acirc;&amp;euro;&amp;ldquo; Education &amp;amp; Learning Management: from n/a through 4.1.</description>
614.    <dc:date>2023-11-06T08:15:21Z</dc:date>
615.  </item>
616.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47432">
617.    <title>CVE-2022-47432</title>
618.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47432</link>
619.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB allows SQL Injection.This issue affects Shortcode IMDB: from n/a through 6.0.8.</description>
620.    <dc:date>2023-11-06T08:15:21Z</dc:date>
621.  </item>
622.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47445">
623.    <title>CVE-2022-47445</title>
624.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47445</link>
625.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Web-X Be POPIA Compliant be-popia-compliant allows SQL Injection.This issue affects Be POPIA Compliant: from n/a through 1.2.0.</description>
626.    <dc:date>2023-11-03T13:15:08Z</dc:date>
627.  </item>
628.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47588">
629.    <title>CVE-2022-47588</title>
630.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-47588</link>
631.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery allows SQL Injection.This issue affects Simple Photo Gallery: from n/a through v1.8.1.</description>
632.    <dc:date>2023-11-03T12:15:08Z</dc:date>
633.  </item>
634.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48192">
635.    <title>CVE-2022-48192</title>
636.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48192</link>
637.    <description>Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.</description>
638.    <dc:date>2023-11-06T20:15:07Z</dc:date>
639.  </item>
640.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48193">
641.    <title>CVE-2022-48193</title>
642.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48193</link>
643.    <description>Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).</description>
644.    <dc:date>2023-11-06T20:15:07Z</dc:date>
645.  </item>
646.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48454">
647.    <title>CVE-2022-48454</title>
648.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48454</link>
649.    <description>In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed</description>
650.    <dc:date>2023-11-01T10:15:08Z</dc:date>
651.  </item>
652.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48455">
653.    <title>CVE-2022-48455</title>
654.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48455</link>
655.    <description>In wifi service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed</description>
656.    <dc:date>2023-11-01T10:15:08Z</dc:date>
657.  </item>
658.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48456">
659.    <title>CVE-2022-48456</title>
660.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48456</link>
661.    <description>In camera driver, there is a possible out of bounds write due to a incorrect bounds check. This could lead to local denial of service with System execution privileges needed</description>
662.    <dc:date>2023-11-01T10:15:08Z</dc:date>
663.  </item>
664.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48457">
665.    <title>CVE-2022-48457</title>
666.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48457</link>
667.    <description>In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed</description>
668.    <dc:date>2023-11-01T10:15:08Z</dc:date>
669.  </item>
670.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48458">
671.    <title>CVE-2022-48458</title>
672.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48458</link>
673.    <description>In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed</description>
674.    <dc:date>2023-11-01T10:15:08Z</dc:date>
675.  </item>
676.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48459">
677.    <title>CVE-2022-48459</title>
678.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48459</link>
679.    <description>In TeleService, there is a possible system crash due to improper input validation. This could lead to local denial of service with no additional execution privileges needed</description>
680.    <dc:date>2023-11-01T10:15:08Z</dc:date>
681.  </item>
682.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48460">
683.    <title>CVE-2022-48460</title>
684.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48460</link>
685.    <description>In setting service, there is a possible undefined behavior due to incorrect error handling. This could lead to local denial of service with no additional execution privileges needed</description>
686.    <dc:date>2023-11-01T10:15:08Z</dc:date>
687.  </item>
688.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48461">
689.    <title>CVE-2022-48461</title>
690.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-48461</link>
691.    <description>In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed</description>
692.    <dc:date>2023-11-01T10:15:08Z</dc:date>
693.  </item>
694.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4900">
695.    <title>CVE-2022-4900</title>
696.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-4900</link>
697.    <description>A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow.</description>
698.    <dc:date>2023-11-02T16:15:08Z</dc:date>
699.  </item>
700.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1192">
701.    <title>CVE-2023-1192</title>
702.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1192</link>
703.    <description>A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.</description>
704.    <dc:date>2023-11-01T20:15:08Z</dc:date>
705.  </item>
706.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1193">
707.    <title>CVE-2023-1193</title>
708.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1193</link>
709.    <description>A use-after-free flaw was found in setup_async_work in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. This issue could allow an attacker to crash the system by accessing freed work.</description>
710.    <dc:date>2023-11-01T20:15:08Z</dc:date>
711.  </item>
712.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1194">
713.    <title>CVE-2023-1194</title>
714.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1194</link>
715.    <description>An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. When an attacker sends the CREATE command with a malformed payload to KSMBD, due to a missing check of `NameOffset` in the `parse_lease_state()` function, the `create_context` object can access invalid memory.</description>
716.    <dc:date>2023-11-03T08:15:07Z</dc:date>
717.  </item>
718.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1476">
719.    <title>CVE-2023-1476</title>
720.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1476</link>
721.    <description>A use-after-free flaw was found in the Linux kernel&amp;acirc;&amp;euro;&amp;trade;s mm/mremap memory address space accounting source code. This issue occurs due to a race condition between rmap walk and mremap, allowing a local user to crash the system or potentially escalate their privileges on the system.</description>
722.    <dc:date>2023-11-03T09:15:13Z</dc:date>
723.  </item>
724.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1713">
725.    <title>CVE-2023-1713</title>
726.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1713</link>
727.    <description>Insecure temporary file creation in bitrix/modules/crm/lib/order/import/instagram.php in Bitrix24 22.0.300 hosted on Apache HTTP Server allows remote authenticated attackers to execute arbitrary code via uploading a crafted &amp;quot;.htaccess&amp;quot; file.</description>
728.    <dc:date>2023-11-01T10:15:08Z</dc:date>
729.  </item>
730.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1714">
731.    <title>CVE-2023-1714</title>
732.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1714</link>
733.    <description>Unsafe variable extraction in bitrix/modules/main/classes/general/user_options.php in Bitrix24 22.0.300 allows remote authenticated attackers to execute arbitrary code via (1) appending arbitrary content to existing PHP files or (2) PHAR deserialization.</description>
734.    <dc:date>2023-11-01T10:15:09Z</dc:date>
735.  </item>
736.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1715">
737.    <title>CVE-2023-1715</title>
738.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1715</link>
739.    <description>A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300 allows attackers to bypass XSS sanitisation via placing HTML tags at the begining of the payload.</description>
740.    <dc:date>2023-11-01T10:15:09Z</dc:date>
741.  </item>
742.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1716">
743.    <title>CVE-2023-1716</title>
744.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1716</link>
745.    <description>Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege.</description>
746.    <dc:date>2023-11-01T10:15:09Z</dc:date>
747.  </item>
748.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1717">
749.    <title>CVE-2023-1717</title>
750.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1717</link>
751.    <description>Prototype pollution in bitrix/templates/bitrix24/components/bitrix/menu/left_vertical/script.js in Bitrix24 22.0.300 allows remote attackers to execute arbitrary JavaScript code in the victim&amp;acirc;&amp;euro;&amp;trade;s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via polluting `__proto__[tag]` and `__proto__[text]`.</description>
752.    <dc:date>2023-11-01T10:15:09Z</dc:date>
753.  </item>
754.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1718">
755.    <title>CVE-2023-1718</title>
756.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1718</link>
757.    <description>Improper file stream access in /desktop_app/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted &amp;quot;tmp_url&amp;quot;.</description>
758.    <dc:date>2023-11-01T10:15:09Z</dc:date>
759.  </item>
760.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1719">
761.    <title>CVE-2023-1719</title>
762.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1719</link>
763.    <description>Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.</description>
764.    <dc:date>2023-11-01T10:15:09Z</dc:date>
765.  </item>
766.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1720">
767.    <title>CVE-2023-1720</title>
768.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-1720</link>
769.    <description>Lack of mime type response header in Bitrix24 22.0.300 allows authenticated remote attackers to execute arbitrary JavaScript code in the victim's browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via uploading a crafted HTML file through /desktop_app/file.ajax.php?action=uploadfile.</description>
770.    <dc:date>2023-11-01T10:15:09Z</dc:date>
771.  </item>
772.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20005">
773.    <title>CVE-2023-20005</title>
774.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20005</link>
775.    <description>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.</description>
776.    <dc:date>2023-11-01T17:15:10Z</dc:date>
777.  </item>
778.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20031">
779.    <title>CVE-2023-20031</title>
780.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20031</link>
781.    <description>A vulnerability in the SSL/TLS certificate handling of Snort 3 Detection Engine integration with Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to restart. This vulnerability is due to a logic error that occurs when an SSL/TLS certificate that is under load is accessed when it is initiating an SSL connection. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a high rate of SSL/TLS connection requests to be inspected by the Snort 3 detection engine on an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in either a bypass or a denial of service (DoS) condition, depending on device configuration. The Snort detection engine will restart automatically. No manual intervention is required.</description>
782.    <dc:date>2023-11-01T18:15:08Z</dc:date>
783.  </item>
784.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20041">
785.    <title>CVE-2023-20041</title>
786.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20041</link>
787.    <description>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.</description>
788.    <dc:date>2023-11-01T17:15:10Z</dc:date>
789.  </item>
790.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20042">
791.    <title>CVE-2023-20042</title>
792.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20042</link>
793.    <description>A vulnerability in the AnyConnect SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an implementation error within the SSL/TLS session handling process that can prevent the release of a session handler under specific conditions. An attacker could exploit this vulnerability by sending crafted SSL/TLS traffic to an affected device, increasing the probability of session handler leaks. A successful exploit could allow the attacker to eventually deplete the available session handler pool, preventing new sessions from being established and causing a DoS condition.</description>
794.    <dc:date>2023-11-01T18:15:08Z</dc:date>
795.  </item>
796.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20048">
797.    <title>CVE-2023-20048</title>
798.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20048</link>
799.    <description>A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software.</description>
800.    <dc:date>2023-11-01T18:15:08Z</dc:date>
801.  </item>
802.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20063">
803.    <title>CVE-2023-20063</title>
804.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20063</link>
805.    <description>A vulnerability in the inter-device communication mechanisms between devices that are running Cisco Firepower Threat Defense (FTD) Software and devices that are running Cisco Firepower Management (FMC) Software could allow an authenticated, local attacker to execute arbitrary commands with root permissions on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by accessing the expert mode of an affected device and submitting specific commands to a connected system. A successful exploit could allow the attacker to execute arbitrary code in the context of an FMC device if the attacker has administrative privileges on an associated FTD device. Alternatively, a successful exploit could allow the attacker to execute arbitrary code in the context of an FTD device if the attacker has administrative privileges on an associated FMC device.</description>
806.    <dc:date>2023-11-01T18:15:08Z</dc:date>
807.  </item>
808.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20070">
809.    <title>CVE-2023-20070</title>
810.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20070</link>
811.    <description>A vulnerability in the TLS 1.3 implementation of the Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability is due to a logic error in how memory allocations are handled during a TLS 1.3 session. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted TLS 1.3 message sequence through an affected device. A successful exploit could allow the attacker to cause the Snort 3 detection engine to reload, resulting in a denial of service (DoS) condition. While the Snort detection engine reloads, packets going through the FTD device that are sent to the Snort detection engine will be dropped. The Snort detection engine will restart automatically. No manual intervention is required.</description>
812.    <dc:date>2023-11-01T18:15:09Z</dc:date>
813.  </item>
814.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20071">
815.    <title>CVE-2023-20071</title>
816.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20071</link>
817.    <description>Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a flaw in the FTP module of the Snort detection engine. An attacker could exploit this vulnerability by sending crafted FTP traffic through an affected device. A successful exploit could allow the attacker to bypass FTP inspection and deliver a malicious payload.</description>
818.    <dc:date>2023-11-01T18:15:09Z</dc:date>
819.  </item>
820.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20074">
821.    <title>CVE-2023-20074</title>
822.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20074</link>
823.    <description>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.</description>
824.    <dc:date>2023-11-01T17:15:10Z</dc:date>
825.  </item>
826.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20083">
827.    <title>CVE-2023-20083</title>
828.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20083</link>
829.    <description>A vulnerability in ICMPv6 inspection when configured with the Snort 2 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause the CPU of an affected device to spike to 100 percent, which could stop all traffic processing and result in a denial of service (DoS) condition. FTD management traffic is not affected by this vulnerability. This vulnerability is due to improper error checking when parsing fields within the ICMPv6 header. An attacker could exploit this vulnerability by sending a crafted ICMPv6 packet through an affected device. A successful exploit could allow the attacker to cause the device to exhaust CPU resources and stop processing traffic, resulting in a DoS condition. Note: To recover from the DoS condition, the Snort 2 Detection Engine or the Cisco FTD device may need to be restarted.</description>
830.    <dc:date>2023-11-01T18:15:09Z</dc:date>
831.  </item>
832.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20086">
833.    <title>CVE-2023-20086</title>
834.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20086</link>
835.    <description>A vulnerability in ICMPv6 processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper processing of ICMPv6 messages. An attacker could exploit this vulnerability by sending crafted ICMPv6 messages to a targeted Cisco ASA or FTD system with IPv6 enabled. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.</description>
836.    <dc:date>2023-11-01T17:15:11Z</dc:date>
837.  </item>
838.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20095">
839.    <title>CVE-2023-20095</title>
840.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20095</link>
841.    <description>A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of HTTPS requests. An attacker could exploit this vulnerability by sending crafted HTTPS requests to an affected system. A successful exploit could allow the attacker to cause resource exhaustion, resulting in a DoS condition.</description>
842.    <dc:date>2023-11-01T18:15:09Z</dc:date>
843.  </item>
844.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20114">
845.    <title>CVE-2023-20114</title>
846.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20114</link>
847.    <description>A vulnerability in the file download feature of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to download arbitrary files from an affected system. This vulnerability is due to a lack of input sanitation. An attacker could exploit this vulnerability by sending a crafted HTTPS request. A successful exploit could allow the attacker to download arbitrary files from the affected system.</description>
848.    <dc:date>2023-11-01T17:15:11Z</dc:date>
849.  </item>
850.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20155">
851.    <title>CVE-2023-20155</title>
852.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20155</link>
853.    <description>A vulnerability in a logging API in Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause the device to become unresponsive or trigger an unexpected reload. This vulnerability could also allow an attacker with valid user credentials, but not Administrator privileges, to view a system log file that they would not normally have access to. This vulnerability is due to a lack of rate-limiting of requests that are sent to a specific API that is related to an FMC log. An attacker could exploit this vulnerability by sending a high rate of HTTP requests to the API. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to the FMC CPU spiking to 100 percent utilization or to the device reloading. CPU utilization would return to normal if the attack traffic was stopped before an unexpected reload was triggered.</description>
854.    <dc:date>2023-11-01T17:15:11Z</dc:date>
855.  </item>
856.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20170">
857.    <title>CVE-2023-20170</title>
858.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20170</link>
859.    <description>A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.</description>
860.    <dc:date>2023-11-01T18:15:09Z</dc:date>
861.  </item>
862.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20175">
863.    <title>CVE-2023-20175</title>
864.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20175</link>
865.    <description>A vulnerability in a specific Cisco ISE CLI command could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, an attacker must have valid Read-only-level privileges or higher on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root.</description>
866.    <dc:date>2023-11-01T18:15:09Z</dc:date>
867.  </item>
868.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20177">
869.    <title>CVE-2023-20177</title>
870.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20177</link>
871.    <description>A vulnerability in the SSL file policy implementation of Cisco Firepower Threat Defense (FTD) Software that occurs when the SSL/TLS connection is configured with a URL Category and the Snort 3 detection engine could allow an unauthenticated, remote attacker to cause the Snort 3 detection engine to unexpectedly restart. This vulnerability exists because a logic error occurs when a Snort 3 detection engine inspects an SSL/TLS connection that has either a URL Category configured on the SSL file policy or a URL Category configured on an access control policy with TLS server identity discovery enabled. Under specific, time-based constraints, an attacker could exploit this vulnerability by sending a crafted SSL/TLS connection through an affected device. A successful exploit could allow the attacker to trigger an unexpected reload of the Snort 3 detection engine, resulting in either a bypass or denial of service (DoS) condition, depending on device configuration. The Snort 3 detection engine will restart automatically. No manual intervention is required.</description>
872.    <dc:date>2023-11-01T17:15:11Z</dc:date>
873.  </item>
874.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20195">
875.    <title>CVE-2023-20195</title>
876.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20195</link>
877.    <description>Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.</description>
878.    <dc:date>2023-11-01T17:15:11Z</dc:date>
879.  </item>
880.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20196">
881.    <title>CVE-2023-20196</title>
882.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20196</link>
883.    <description>Two vulnerabilities in Cisco ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit these vulnerabilities, an attacker must have valid Administrator credentials on the affected device. These vulnerabilities are due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit these vulnerabilities by uploading a crafted file to an affected device. A successful exploit could allow the attacker to store malicious files in specific directories on the device. The attacker could later use those files to conduct additional attacks, including executing arbitrary code on the affected device with root privileges.</description>
884.    <dc:date>2023-11-01T18:15:09Z</dc:date>
885.  </item>
886.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20206">
887.    <title>CVE-2023-20206</title>
888.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20206</link>
889.    <description>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by inserting crafted input into various data fields in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface, or access sensitive, browser-based information. In some cases, it is also possible to cause a temporary availability impact to portions of the FMC Dashboard.</description>
890.    <dc:date>2023-11-01T17:15:11Z</dc:date>
891.  </item>
892.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20213">
893.    <title>CVE-2023-20213</title>
894.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20213</link>
895.    <description>A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this vulnerability by sending crafted CDP traffic to the device. A successful exploit could cause the CDP process to crash, impacting neighbor discovery and the ability of Cisco ISE to determine the reachability of remote devices. After a crash, the CDP process must be manually restarted using the cdp enable command in interface configuration mode.</description>
896.    <dc:date>2023-11-01T17:15:11Z</dc:date>
897.  </item>
898.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20219">
899.    <title>CVE-2023-20219</title>
900.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20219</link>
901.    <description>Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require administrator privileges to exploit this vulnerability. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device including the underlying operating system which could also affect the availability of the device.</description>
902.    <dc:date>2023-11-01T18:15:09Z</dc:date>
903.  </item>
904.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20220">
905.    <title>CVE-2023-20220</title>
906.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20220</link>
907.    <description>Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device credentials, but does not need Administrator privileges. These vulnerabilities are due to insufficient validation of user-supplied input for certain configuration options. An attacker could exploit these vulnerabilities by using crafted input within the device configuration GUI. A successful exploit could allow the attacker to execute arbitrary commands on the device, including on the underlying operating system, which could also affect the availability of the device.</description>
908.    <dc:date>2023-11-01T18:15:09Z</dc:date>
909.  </item>
910.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20244">
911.    <title>CVE-2023-20244</title>
912.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20244</link>
913.    <description>A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain packets when they are sent to the inspection engine. An attacker could exploit this vulnerability by sending a series of crafted packets to an affected device. A successful exploit could allow the attacker to deplete all 9,472 byte blocks on the device, resulting in traffic loss across the device or an unexpected reload of the device. If the device does not reload on its own, a manual reload of the device would be required to recover from this state.</description>
914.    <dc:date>2023-11-01T17:15:11Z</dc:date>
915.  </item>
916.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20245">
917.    <title>CVE-2023-20245</title>
918.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20245</link>
919.    <description>Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.</description>
920.    <dc:date>2023-11-01T17:15:11Z</dc:date>
921.  </item>
922.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20246">
923.    <title>CVE-2023-20246</title>
924.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20246</link>
925.    <description>Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system.</description>
926.    <dc:date>2023-11-01T18:15:09Z</dc:date>
927.  </item>
928.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20247">
929.    <title>CVE-2023-20247</title>
930.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20247</link>
931.    <description>A vulnerability in the remote access SSL VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to bypass a configured multiple certificate authentication policy and connect using only a valid username and password. This vulnerability is due to improper error handling during remote access VPN authentication. An attacker could exploit this vulnerability by sending crafted requests during remote access VPN session establishment. A successful exploit could allow the attacker to bypass the configured multiple certificate authentication policy while retaining the privileges and permissions associated with the original connection profile.</description>
932.    <dc:date>2023-11-01T18:15:09Z</dc:date>
933.  </item>
934.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20255">
935.    <title>CVE-2023-20255</title>
936.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20255</link>
937.    <description>A vulnerability in an API of the Web Bridge feature of Cisco Meeting Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause a partial availability condition, which could cause ongoing video calls to be dropped due to the invalid packets reaching the Web Bridge.</description>
938.    <dc:date>2023-11-01T18:15:09Z</dc:date>
939.  </item>
940.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20256">
941.    <title>CVE-2023-20256</title>
942.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20256</link>
943.    <description>Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access control list (ACL) and allow traffic that should be denied to flow through an affected device. These vulnerabilities are due to a logic error that could occur when the affected software constructs and applies per-user-override rules. An attacker could exploit these vulnerabilities by connecting to a network through an affected device that has a vulnerable configuration. A successful exploit could allow the attacker to bypass the interface ACL and access resources that would should be protected.</description>
944.    <dc:date>2023-11-01T17:15:11Z</dc:date>
945.  </item>
946.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20264">
947.    <title>CVE-2023-20264</title>
948.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20264</link>
949.    <description>A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to intercept the SAML assertion of a user who is authenticating to a remote access VPN session. This vulnerability is due to insufficient validation of the login URL. An attacker could exploit this vulnerability by persuading a user to access a site that is under the control of the attacker, allowing the attacker to modify the login URL. A successful exploit could allow the attacker to intercept a successful SAML assertion and use that assertion to establish a remote access VPN session toward the affected device with the identity and permissions of the hijacked user, resulting in access to the protected network.</description>
950.    <dc:date>2023-11-01T18:15:09Z</dc:date>
951.  </item>
952.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20267">
953.    <title>CVE-2023-20267</title>
954.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20267</link>
955.    <description>A vulnerability in the IP geolocation rules of Snort 3 could allow an unauthenticated, remote attacker to potentially bypass IP address restrictions. This vulnerability exists because the configuration for IP geolocation rules is not parsed properly. An attacker could exploit this vulnerability by spoofing an IP address until they bypass the restriction. A successful exploit could allow the attacker to bypass location-based IP address restrictions.</description>
956.    <dc:date>2023-11-01T18:15:09Z</dc:date>
957.  </item>
958.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20270">
959.    <title>CVE-2023-20270</title>
960.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20270</link>
961.    <description>A vulnerability in the interaction between the Server Message Block (SMB) protocol preprocessor and the Snort 3 detection engine for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error-checking when the Snort 3 detection engine is processing SMB traffic. An attacker could exploit this vulnerability by sending a crafted SMB packet stream through an affected device. A successful exploit could allow the attacker to cause the Snort process to reload, resulting in a DoS condition.</description>
962.    <dc:date>2023-11-01T17:15:11Z</dc:date>
963.  </item>
964.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20702">
965.    <title>CVE-2023-20702</title>
966.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20702</link>
967.    <description>In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895.</description>
968.    <dc:date>2023-11-06T04:15:07Z</dc:date>
969.  </item>
970.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23368">
971.    <title>CVE-2023-23368</title>
972.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23368</link>
973.    <description>An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
974.  
975. We have already fixed the vulnerability in the following versions:
976. QTS 5.0.1.2376 build 20230421 and later
977. QTS 4.5.4.2374 build 20230416 and later
978. QuTS hero h5.0.1.2376 build 20230421 and later
979. QuTS hero h4.5.4.2374 build 20230417 and later
980. QuTScloud c5.0.1.2374 and later</description>
981.    <dc:date>2023-11-03T17:15:08Z</dc:date>
982.  </item>
983.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23369">
984.    <title>CVE-2023-23369</title>
985.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23369</link>
986.    <description>An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
987.  
988. We have already fixed the vulnerability in the following versions:
989. Multimedia Console 2.1.2 ( 2023/05/04 ) and later
990. Multimedia Console 1.4.8 ( 2023/05/05 ) and later
991. QTS 5.1.0.2399 build 20230515 and later
992. QTS 4.3.6.2441 build 20230621 and later
993. QTS 4.3.4.2451 build 20230621 and later
994. QTS 4.3.3.2420 build 20230621 and later
995. QTS 4.2.6 build 20230621 and later
996. Media Streaming add-on 500.1.1.2 ( 2023/06/12 ) and later
997. Media Streaming add-on 500.0.0.11 ( 2023/06/16 ) and later</description>
998.    <dc:date>2023-11-03T17:15:08Z</dc:date>
999.  </item>
1000.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23702">
1001.    <title>CVE-2023-23702</title>
1002.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23702</link>
1003.    <description>Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pixelgrade Comments Ratings plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.1.7 versions.</description>
1004.    <dc:date>2023-11-06T10:15:07Z</dc:date>
1005.  </item>
1006.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25700">
1007.    <title>CVE-2023-25700</title>
1008.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25700</link>
1009.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.</description>
1010.    <dc:date>2023-11-03T17:15:08Z</dc:date>
1011.  </item>
1012.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25800">
1013.    <title>CVE-2023-25800</title>
1014.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25800</link>
1015.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.</description>
1016.    <dc:date>2023-11-03T17:15:08Z</dc:date>
1017.  </item>
1018.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25960">
1019.    <title>CVE-2023-25960</title>
1020.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25960</link>
1021.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop &amp;acirc;&amp;euro;&amp;ldquo; Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL Injection.This issue affects Zendrop &amp;acirc;&amp;euro;&amp;ldquo; Global Dropshipping: from n/a through 1.0.0.</description>
1022.    <dc:date>2023-11-03T13:15:08Z</dc:date>
1023.  </item>
1024.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25990">
1025.    <title>CVE-2023-25990</title>
1026.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25990</link>
1027.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.</description>
1028.    <dc:date>2023-11-03T17:15:08Z</dc:date>
1029.  </item>
1030.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26015">
1031.    <title>CVE-2023-26015</title>
1032.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26015</link>
1033.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Richardson MapPress Maps for WordPress mappress-google-maps-for-wordpress allows SQL Injection.This issue affects MapPress Maps for WordPress: from n/a through 2.85.4.</description>
1034.    <dc:date>2023-11-03T13:15:08Z</dc:date>
1035.  </item>
1036.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26452">
1037.    <title>CVE-2023-26452</title>
1038.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26452</link>
1039.    <description>Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.</description>
1040.    <dc:date>2023-11-02T14:15:10Z</dc:date>
1041.  </item>
1042.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26453">
1043.    <title>CVE-2023-26453</title>
1044.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26453</link>
1045.    <description>Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.</description>
1046.    <dc:date>2023-11-02T14:15:10Z</dc:date>
1047.  </item>
1048.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26454">
1049.    <title>CVE-2023-26454</title>
1050.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26454</link>
1051.    <description>Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Exploiting this vulnerability requires at least access to adjacent networks of the imageconverter service, which is not exposed to public networks by default. Arbitrary SQL statements could be executed in the context of the services database user account. API requests are now properly checked for valid content and attempts to circumvent this check are being logged as error. No publicly available exploits are known.</description>
1052.    <dc:date>2023-11-02T14:15:10Z</dc:date>
1053.  </item>
1054.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26455">
1055.    <title>CVE-2023-26455</title>
1056.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26455</link>
1057.    <description>RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require authenticated requests. No publicly available exploits are known.</description>
1058.    <dc:date>2023-11-02T14:15:10Z</dc:date>
1059.  </item>
1060.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26456">
1061.    <title>CVE-2023-26456</title>
1062.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26456</link>
1063.    <description>Users were able to set an arbitrary &amp;quot;product name&amp;quot; for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code execution, allowing an attacker to build a foothold. Sanitization is in place for product names now. No publicly available exploits are known.</description>
1064.    <dc:date>2023-11-02T14:15:10Z</dc:date>
1065.  </item>
1066.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27605">
1067.    <title>CVE-2023-27605</title>
1068.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27605</link>
1069.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sajjad Hossain WP Reroute Email allows SQL Injection.This issue affects WP Reroute Email: from n/a through 1.4.6.</description>
1070.    <dc:date>2023-11-06T09:15:07Z</dc:date>
1071.  </item>
1072.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28748">
1073.    <title>CVE-2023-28748</title>
1074.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28748</link>
1075.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in biztechc Copy or Move Comments allows SQL Injection.This issue affects Copy or Move Comments: from n/a through 5.0.4.</description>
1076.    <dc:date>2023-11-06T09:15:07Z</dc:date>
1077.  </item>
1078.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28794">
1079.    <title>CVE-2023-28794</title>
1080.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28794</link>
1081.    <description>Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.</description>
1082.    <dc:date>2023-11-06T08:15:22Z</dc:date>
1083.  </item>
1084.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29043">
1085.    <title>CVE-2023-29043</title>
1086.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29043</link>
1087.    <description>Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Script code embedded in malicious documents could be executed in the context of the user editing the document when performing certain actions, like copying content. The relevant attribute does now get encoded to avoid the possibility of executing script code. No publicly available exploits are known.</description>
1088.    <dc:date>2023-11-02T14:15:11Z</dc:date>
1089.  </item>
1090.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29044">
1091.    <title>CVE-2023-29044</title>
1092.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29044</link>
1093.    <description>Documents operations could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now get escaped to avoid code execution. No publicly available exploits are known.</description>
1094.    <dc:date>2023-11-02T14:15:11Z</dc:date>
1095.  </item>
1096.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29045">
1097.    <title>CVE-2023-29045</title>
1098.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29045</link>
1099.    <description>Documents operations, in this case &amp;quot;drawing&amp;quot;, could be manipulated to contain invalid data types, possibly script code. Script code could be injected to an operation that would be executed for users that are actively collaborating on the same document. Operation data exchanged between collaborating parties does now gets checked for validity to avoid code execution. No publicly available exploits are known.</description>
1100.    <dc:date>2023-11-02T14:15:11Z</dc:date>
1101.  </item>
1102.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29046">
1103.    <title>CVE-2023-29046</title>
1104.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29046</link>
1105.    <description>Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Some connections use user-controlled endpoints, which could be malicious and attempt to keep the connection open for an extended period of time. As a result users were able to trigger large amount of egress network connections, possibly exhausting network pool resources and lock up legitimate requests. A new mechanism has been introduced to cancel external connections that might access user-controlled endpoints. No publicly available exploits are known.</description>
1106.    <dc:date>2023-11-02T14:15:11Z</dc:date>
1107.  </item>
1108.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29047">
1109.    <title>CVE-2023-29047</title>
1110.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29047</link>
1111.    <description>Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. An attacker with access to the adjacent network and potentially API credentials, could read and modify database content which is accessible to the imageconverter SQL user account. None No publicly available exploits are known.</description>
1112.    <dc:date>2023-11-02T14:15:11Z</dc:date>
1113.  </item>
1114.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31016">
1115.    <title>CVE-2023-31016</title>
1116.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31016</link>
1117.    <description>NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.</description>
1118.    <dc:date>2023-11-02T19:15:40Z</dc:date>
1119.  </item>
1120.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31017">
1121.    <title>CVE-2023-31017</title>
1122.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31017</link>
1123.    <description>NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.</description>
1124.    <dc:date>2023-11-02T19:15:41Z</dc:date>
1125.  </item>
1126.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31018">
1127.    <title>CVE-2023-31018</title>
1128.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31018</link>
1129.    <description>NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service.</description>
1130.    <dc:date>2023-11-02T19:15:41Z</dc:date>
1131.  </item>
1132.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31019">
1133.    <title>CVE-2023-31019</title>
1134.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31019</link>
1135.    <description>NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to a connecting client, which may lead to potential impersonation to the client's secure context.</description>
1136.    <dc:date>2023-11-02T19:15:41Z</dc:date>
1137.  </item>
1138.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31020">
1139.    <title>CVE-2023-31020</title>
1140.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31020</link>
1141.    <description>NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or data tampering.</description>
1142.    <dc:date>2023-11-02T19:15:41Z</dc:date>
1143.  </item>
1144.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31021">
1145.    <title>CVE-2023-31021</title>
1146.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31021</link>
1147.    <description>NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may lead to denial of service.</description>
1148.    <dc:date>2023-11-02T19:15:41Z</dc:date>
1149.  </item>
1150.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31022">
1151.    <title>CVE-2023-31022</title>
1152.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31022</link>
1153.    <description>NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service.</description>
1154.    <dc:date>2023-11-02T19:15:41Z</dc:date>
1155.  </item>
1156.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31023">
1157.    <title>CVE-2023-31023</title>
1158.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31023</link>
1159.    <description>NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service.</description>
1160.    <dc:date>2023-11-02T19:15:41Z</dc:date>
1161.  </item>
1162.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31026">
1163.    <title>CVE-2023-31026</title>
1164.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31026</link>
1165.    <description>NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service.</description>
1166.    <dc:date>2023-11-02T19:15:41Z</dc:date>
1167.  </item>
1168.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31027">
1169.    <title>CVE-2023-31027</title>
1170.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31027</link>
1171.    <description>NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may lead to escalation of privileges.</description>
1172.    <dc:date>2023-11-02T19:15:41Z</dc:date>
1173.  </item>
1174.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31102">
1175.    <title>CVE-2023-31102</title>
1176.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31102</link>
1177.    <description>7-Zip through 22.01 on Linux allows an integer underflow and code execution via a crafted 7Z archive.</description>
1178.    <dc:date>2023-11-03T04:15:20Z</dc:date>
1179.  </item>
1180.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31579">
1181.    <title>CVE-2023-31579</title>
1182.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31579</link>
1183.    <description>Dromara Lamp-Cloud before v3.8.1 was discovered to use a hardcoded cryptographic key when creating and verifying a Json Web Token. This vulnerability allows attackers to authenticate to the application via a crafted JWT token.</description>
1184.    <dc:date>2023-11-02T22:15:08Z</dc:date>
1185.  </item>
1186.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164">
1187.    <title>CVE-2023-3164</title>
1188.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3164</link>
1189.    <description>A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.</description>
1190.    <dc:date>2023-11-02T12:15:09Z</dc:date>
1191.  </item>
1192.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32121">
1193.    <title>CVE-2023-32121</title>
1194.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32121</link>
1195.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Highfivery LLC Zero Spam for WordPress allows SQL Injection.This issue affects Zero Spam for WordPress: from n/a through 5.4.4.</description>
1196.    <dc:date>2023-11-03T17:15:08Z</dc:date>
1197.  </item>
1198.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3246">
1199.    <title>CVE-2023-3246</title>
1200.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3246</link>
1201.    <description>An issue has been discovered in GitLab EE/CE affecting all versions starting before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1 which allows an attackers to block Sidekiq job processor.</description>
1202.    <dc:date>2023-11-06T13:15:09Z</dc:date>
1203.  </item>
1204.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32508">
1205.    <title>CVE-2023-32508</title>
1206.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32508</link>
1207.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rolf van Gelder Order Your Posts Manually allows SQL Injection.This issue affects Order Your Posts Manually: from n/a through 2.2.5.</description>
1208.    <dc:date>2023-11-03T17:15:08Z</dc:date>
1209.  </item>
1210.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32741">
1211.    <title>CVE-2023-32741</title>
1212.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32741</link>
1213.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IT Path Solutions PVT LTD Contact Form to Any API allows SQL Injection.This issue affects Contact Form to Any API: from n/a through 1.1.2.</description>
1214.    <dc:date>2023-11-04T00:15:08Z</dc:date>
1215.  </item>
1216.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3277">
1217.    <title>CVE-2023-3277</title>
1218.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3277</link>
1219.    <description>The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login feature. This allows unauthenticated attackers to log in as any user as long as they know the user's email address. We are disclosing this issue as the developer has not yet released a patch, but continues to release updates and we escalated this issue to the plugin's team 30 days ago.</description>
1220.    <dc:date>2023-11-03T12:15:08Z</dc:date>
1221.  </item>
1222.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32818">
1223.    <title>CVE-2023-32818</title>
1224.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32818</link>
1225.    <description>In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 &amp;amp; ALPS08013430; Issue ID: ALPS07867715.</description>
1226.    <dc:date>2023-11-06T04:15:07Z</dc:date>
1227.  </item>
1228.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32825">
1229.    <title>CVE-2023-32825</title>
1230.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32825</link>
1231.    <description>In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130.</description>
1232.    <dc:date>2023-11-06T04:15:07Z</dc:date>
1233.  </item>
1234.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32832">
1235.    <title>CVE-2023-32832</title>
1236.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32832</link>
1237.    <description>In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273.</description>
1238.    <dc:date>2023-11-06T04:15:07Z</dc:date>
1239.  </item>
1240.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32834">
1241.    <title>CVE-2023-32834</title>
1242.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32834</link>
1243.    <description>In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762.</description>
1244.    <dc:date>2023-11-06T04:15:07Z</dc:date>
1245.  </item>
1246.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32835">
1247.    <title>CVE-2023-32835</title>
1248.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32835</link>
1249.    <description>In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.</description>
1250.    <dc:date>2023-11-06T04:15:07Z</dc:date>
1251.  </item>
1252.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32836">
1253.    <title>CVE-2023-32836</title>
1254.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32836</link>
1255.    <description>In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725.</description>
1256.    <dc:date>2023-11-06T04:15:07Z</dc:date>
1257.  </item>
1258.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32837">
1259.    <title>CVE-2023-32837</title>
1260.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32837</link>
1261.    <description>In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357.</description>
1262.    <dc:date>2023-11-06T04:15:07Z</dc:date>
1263.  </item>
1264.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32838">
1265.    <title>CVE-2023-32838</title>
1266.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32838</link>
1267.    <description>In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805.</description>
1268.    <dc:date>2023-11-06T04:15:08Z</dc:date>
1269.  </item>
1270.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32839">
1271.    <title>CVE-2023-32839</title>
1272.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32839</link>
1273.    <description>In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576.</description>
1274.    <dc:date>2023-11-06T04:15:08Z</dc:date>
1275.  </item>
1276.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32840">
1277.    <title>CVE-2023-32840</title>
1278.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-32840</link>
1279.    <description>In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862).</description>
1280.    <dc:date>2023-11-06T04:15:08Z</dc:date>
1281.  </item>
1282.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33226">
1283.    <title>CVE-2023-33226</title>
1284.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33226</link>
1285.    <description>The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability.  This vulnerability allows a low-level user to perform the actions with SYSTEM privileges.</description>
1286.    <dc:date>2023-11-01T16:15:08Z</dc:date>
1287.  </item>
1288.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33227">
1289.    <title>CVE-2023-33227</title>
1290.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33227</link>
1291.    <description>The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability This vulnerability allows a low level user to perform the actions with SYSTEM privileges.</description>
1292.    <dc:date>2023-11-01T16:15:08Z</dc:date>
1293.  </item>
1294.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33228">
1295.    <title>CVE-2023-33228</title>
1296.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33228</link>
1297.    <description>The SolarWinds Network Configuration Manager was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to obtain sensitive information.</description>
1298.    <dc:date>2023-11-01T16:15:08Z</dc:date>
1299.  </item>
1300.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33924">
1301.    <title>CVE-2023-33924</title>
1302.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33924</link>
1303.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Felix Welberg SIS Handball allows SQL Injection.This issue affects SIS Handball: from n/a through 1.0.45.</description>
1304.    <dc:date>2023-11-06T09:15:07Z</dc:date>
1305.  </item>
1306.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397">
1307.    <title>CVE-2023-3397</title>
1308.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3397</link>
1309.    <description>A race condition occurred between the functions lmLogClose and txEnd in JFS, in the Linux Kernel, executed in different threads. This flaw allows a local attacker with normal user privileges to crash the system or leak internal kernel information.</description>
1310.    <dc:date>2023-11-01T20:15:08Z</dc:date>
1311.  </item>
1312.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3399">
1313.    <title>CVE-2023-3399</title>
1314.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3399</link>
1315.    <description>An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom project templates.</description>
1316.    <dc:date>2023-11-06T13:15:09Z</dc:date>
1317.  </item>
1318.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34179">
1319.    <title>CVE-2023-34179</title>
1320.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34179</link>
1321.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Groundhogg Inc. Groundhogg allows SQL Injection.This issue affects Groundhogg: from n/a through 2.7.11.</description>
1322.    <dc:date>2023-11-03T17:15:08Z</dc:date>
1323.  </item>
1324.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34259">
1325.    <title>CVE-2023-34259</title>
1326.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34259</link>
1327.    <description>Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. NOTE: this issue exists because of an incomplete fix for CVE-2020-23575.</description>
1328.    <dc:date>2023-11-03T04:15:20Z</dc:date>
1329.  </item>
1330.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34260">
1331.    <title>CVE-2023-34260</title>
1332.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34260</link>
1333.    <description>Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try to read the /etc directory.</description>
1334.    <dc:date>2023-11-03T04:15:20Z</dc:date>
1335.  </item>
1336.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34261">
1337.    <title>CVE-2023-34261</title>
1338.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34261</link>
1339.    <description>Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a &amp;quot;nicht einloggen&amp;quot; error rather than a falsch error.</description>
1340.    <dc:date>2023-11-03T04:15:20Z</dc:date>
1341.  </item>
1342.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34383">
1343.    <title>CVE-2023-34383</title>
1344.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34383</link>
1345.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP Project Manager wedevs-project-manager allows SQL Injection.This issue affects WP Project Manager: from n/a through 2.6.0.</description>
1346.    <dc:date>2023-11-03T12:15:08Z</dc:date>
1347.  </item>
1348.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35896">
1349.    <title>CVE-2023-35896</title>
1350.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35896</link>
1351.    <description>IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  259247.</description>
1352.    <dc:date>2023-11-03T03:15:07Z</dc:date>
1353.  </item>
1354.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35910">
1355.    <title>CVE-2023-35910</title>
1356.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35910</link>
1357.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nucleus_genius Quasar form free &amp;acirc;&amp;euro;&amp;ldquo; Contact Form Builder for WordPress allows SQL Injection.This issue affects Quasar form free &amp;acirc;&amp;euro;&amp;ldquo; Contact Form Builder for WordPress: from n/a through 6.0.</description>
1358.    <dc:date>2023-11-04T00:15:08Z</dc:date>
1359.  </item>
1360.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35911">
1361.    <title>CVE-2023-35911</title>
1362.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-35911</link>
1363.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Creative Solutions Contact Form Generator : Creative form builder for WordPress allows SQL Injection.This issue affects Contact Form Generator : Creative form builder for WordPress: from n/a through 2.6.0.</description>
1364.    <dc:date>2023-11-06T09:15:07Z</dc:date>
1365.  </item>
1366.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36022">
1367.    <title>CVE-2023-36022</title>
1368.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36022</link>
1369.    <description>Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability</description>
1370.    <dc:date>2023-11-03T01:15:07Z</dc:date>
1371.  </item>
1372.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36029">
1373.    <title>CVE-2023-36029</title>
1374.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36029</link>
1375.    <description>Microsoft Edge (Chromium-based) Spoofing Vulnerability</description>
1376.    <dc:date>2023-11-03T01:15:07Z</dc:date>
1377.  </item>
1378.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36034">
1379.    <title>CVE-2023-36034</title>
1380.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36034</link>
1381.    <description>Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability</description>
1382.    <dc:date>2023-11-03T01:15:08Z</dc:date>
1383.  </item>
1384.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36409">
1385.    <title>CVE-2023-36409</title>
1386.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36409</link>
1387.    <description>Microsoft Edge (Chromium-based) Information Disclosure Vulnerability</description>
1388.    <dc:date>2023-11-07T00:15:07Z</dc:date>
1389.  </item>
1390.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36529">
1391.    <title>CVE-2023-36529</title>
1392.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36529</link>
1393.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme allows SQL Injection.This issue affects Houzez - Real Estate WordPress Theme: from n/a through 1.3.4.</description>
1394.    <dc:date>2023-11-03T17:15:08Z</dc:date>
1395.  </item>
1396.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36620">
1397.    <title>CVE-2023-36620</title>
1398.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36620</link>
1399.    <description>An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. The app is missing the android:allowBackup=&amp;quot;false&amp;quot; attribute in the manifest. This allows the user to backup the internal memory of the app to a PC. This gives the user access to the API token that is used to authenticate requests to the API.</description>
1400.    <dc:date>2023-11-03T04:15:21Z</dc:date>
1401.  </item>
1402.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36621">
1403.    <title>CVE-2023-36621</title>
1404.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36621</link>
1405.    <description>An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. The child can use Safe Mode to remove all restrictions temporarily or uninstall the application without the parents noticing.</description>
1406.    <dc:date>2023-11-03T04:15:21Z</dc:date>
1407.  </item>
1408.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36677">
1409.    <title>CVE-2023-36677</title>
1410.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36677</link>
1411.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project &amp;amp; Document Manager allows SQL Injection.This issue affects SP Project &amp;amp; Document Manager: from n/a through 4.67.</description>
1412.    <dc:date>2023-11-03T23:15:08Z</dc:date>
1413.  </item>
1414.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36769">
1415.    <title>CVE-2023-36769</title>
1416.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36769</link>
1417.    <description>Microsoft OneNote Spoofing Vulnerability</description>
1418.    <dc:date>2023-11-06T23:15:10Z</dc:date>
1419.  </item>
1420.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38382">
1421.    <title>CVE-2023-38382</title>
1422.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38382</link>
1423.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Daniel S&amp;Atilde;&amp;para;derstr&amp;Atilde;&amp;para;m / Sidney van de Stouwe Subscribe to Category allows SQL Injection.This issue affects Subscribe to Category: from n/a through 2.7.4.</description>
1424.    <dc:date>2023-11-06T09:15:08Z</dc:date>
1425.  </item>
1426.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38391">
1427.    <title>CVE-2023-38391</title>
1428.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38391</link>
1429.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themesgrove Onepage Builder allows SQL Injection.This issue affects Onepage Builder: from n/a through 2.4.1.</description>
1430.    <dc:date>2023-11-04T00:15:08Z</dc:date>
1431.  </item>
1432.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38406">
1433.    <title>CVE-2023-38406</title>
1434.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38406</link>
1435.    <description>bgpd/bgp_flowspec.c in FRRouting (FRR) before 8.4.3 mishandles an nlri length of zero, aka a &amp;quot;flowspec overflow.&amp;quot;</description>
1436.    <dc:date>2023-11-06T06:15:40Z</dc:date>
1437.  </item>
1438.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38407">
1439.    <title>CVE-2023-38407</title>
1440.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38407</link>
1441.    <description>bgpd/bgp_label.c in FRRouting (FRR) before 8.5 attempts to read beyond the end of the stream during labeled unicast parsing.</description>
1442.    <dc:date>2023-11-06T06:15:40Z</dc:date>
1443.  </item>
1444.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38469">
1445.    <title>CVE-2023-38469</title>
1446.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38469</link>
1447.    <description>A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.</description>
1448.    <dc:date>2023-11-02T15:15:08Z</dc:date>
1449.  </item>
1450.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38470">
1451.    <title>CVE-2023-38470</title>
1452.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38470</link>
1453.    <description>A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.</description>
1454.    <dc:date>2023-11-02T15:15:08Z</dc:date>
1455.  </item>
1456.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38471">
1457.    <title>CVE-2023-38471</title>
1458.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38471</link>
1459.    <description>A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.</description>
1460.    <dc:date>2023-11-02T15:15:08Z</dc:date>
1461.  </item>
1462.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38472">
1463.    <title>CVE-2023-38472</title>
1464.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38472</link>
1465.    <description>A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.</description>
1466.    <dc:date>2023-11-02T15:15:08Z</dc:date>
1467.  </item>
1468.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38473">
1469.    <title>CVE-2023-38473</title>
1470.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38473</link>
1471.    <description>A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.</description>
1472.    <dc:date>2023-11-02T16:15:08Z</dc:date>
1473.  </item>
1474.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3893">
1475.    <title>CVE-2023-3893</title>
1476.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3893</link>
1477.    <description>A security issue was discovered in Kubernetes where a user that can
1478. create pods on Windows nodes running kubernetes-csi-proxy may be able to
1479. escalate to admin privileges on those nodes. Kubernetes clusters are
1480. only affected if they include Windows nodes running
1481. kubernetes-csi-proxy.</description>
1482.    <dc:date>2023-11-03T18:15:08Z</dc:date>
1483.  </item>
1484.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38965">
1485.    <title>CVE-2023-38965</title>
1486.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38965</link>
1487.    <description>Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI.</description>
1488.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1489.  </item>
1490.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39042">
1491.    <title>CVE-2023-39042</title>
1492.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39042</link>
1493.    <description>An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages.</description>
1494.    <dc:date>2023-11-02T22:15:08Z</dc:date>
1495.  </item>
1496.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39047">
1497.    <title>CVE-2023-39047</title>
1498.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39047</link>
1499.    <description>An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages.</description>
1500.    <dc:date>2023-11-02T22:15:08Z</dc:date>
1501.  </item>
1502.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39048">
1503.    <title>CVE-2023-39048</title>
1504.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39048</link>
1505.    <description>An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.</description>
1506.    <dc:date>2023-11-02T22:15:08Z</dc:date>
1507.  </item>
1508.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39050">
1509.    <title>CVE-2023-39050</title>
1510.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39050</link>
1511.    <description>An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages.</description>
1512.    <dc:date>2023-11-02T22:15:08Z</dc:date>
1513.  </item>
1514.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39051">
1515.    <title>CVE-2023-39051</title>
1516.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39051</link>
1517.    <description>An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages.</description>
1518.    <dc:date>2023-11-02T22:15:08Z</dc:date>
1519.  </item>
1520.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39053">
1521.    <title>CVE-2023-39053</title>
1522.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39053</link>
1523.    <description>An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages.</description>
1524.    <dc:date>2023-11-02T22:15:08Z</dc:date>
1525.  </item>
1526.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39054">
1527.    <title>CVE-2023-39054</title>
1528.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39054</link>
1529.    <description>An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages.</description>
1530.    <dc:date>2023-11-02T22:15:08Z</dc:date>
1531.  </item>
1532.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39057">
1533.    <title>CVE-2023-39057</title>
1534.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39057</link>
1535.    <description>An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages.</description>
1536.    <dc:date>2023-11-02T22:15:09Z</dc:date>
1537.  </item>
1538.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3909">
1539.    <title>CVE-2023-3909</title>
1540.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3909</link>
1541.    <description>An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A Regular Expression Denial of Service was possible by adding a large string in timeout input in gitlab-ci.yml file.</description>
1542.    <dc:date>2023-11-06T13:15:09Z</dc:date>
1543.  </item>
1544.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39281">
1545.    <title>CVE-2023-39281</title>
1546.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39281</link>
1547.    <description>A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase.</description>
1548.    <dc:date>2023-11-01T22:15:08Z</dc:date>
1549.  </item>
1550.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39283">
1551.    <title>CVE-2023-39283</title>
1552.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39283</link>
1553.    <description>An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could lead to privilege escalation.</description>
1554.    <dc:date>2023-11-02T22:15:09Z</dc:date>
1555.  </item>
1556.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39284">
1557.    <title>CVE-2023-39284</title>
1558.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39284</link>
1559.    <description>An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There are arbitrary calls to SetVariable with unsanitized arguments in the SMI handler.</description>
1560.    <dc:date>2023-11-02T21:15:09Z</dc:date>
1561.  </item>
1562.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39299">
1563.    <title>CVE-2023-39299</title>
1564.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39299</link>
1565.    <description>A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
1566.  
1567. We have already fixed the vulnerability in the following versions:
1568. Music Station 4.8.11 and later
1569. Music Station 5.1.16 and later
1570. Music Station 5.3.23 and later</description>
1571.    <dc:date>2023-11-03T17:15:08Z</dc:date>
1572.  </item>
1573.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39301">
1574.    <title>CVE-2023-39301</title>
1575.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39301</link>
1576.    <description>A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to read application data via a network.
1577.  
1578. We have already fixed the vulnerability in the following versions:
1579. QTS 5.0.1.2514 build 20230906 and later
1580. QTS 5.1.1.2491 build 20230815 and later
1581. QuTS hero h5.0.1.2515 build 20230907 and later
1582. QuTS hero h5.1.1.2488 build 20230812 and later
1583. QuTScloud c5.1.0.2498 and later</description>
1584.    <dc:date>2023-11-03T17:15:08Z</dc:date>
1585.  </item>
1586.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39345">
1587.    <title>CVE-2023-39345</title>
1588.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39345</link>
1589.    <description>strapi is an open-source headless CMS. Versions prior to 4.13.1 did not properly restrict write access to fielded marked as private in the user registration endpoint. As such malicious users may be able to errantly modify their user records. This issue has been addressed in version 4.13.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.</description>
1590.    <dc:date>2023-11-06T19:15:09Z</dc:date>
1591.  </item>
1592.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3961">
1593.    <title>CVE-2023-3961</title>
1594.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3961</link>
1595.    <description>A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Samba typically uses this mechanism to connect SMB clients to remote procedure call (RPC) services like SAMR LSA or SPOOLSS, which Samba initiates on demand. However, due to inadequate sanitization of incoming client pipe names, allowing a client to send a pipe name containing Unix directory traversal characters (../). This could result in SMB clients connecting as root to Unix domain sockets outside the private directory. If an attacker or client managed to send a pipe name resolving to an external service using an existing Unix domain socket, it could potentially lead to unauthorized access to the service and consequential adverse events, including compromise or service crashes.</description>
1596.    <dc:date>2023-11-03T13:15:08Z</dc:date>
1597.  </item>
1598.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3972">
1599.    <title>CVE-2023-3972</title>
1600.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3972</link>
1601.    <description>A vulnerability was found in insights-client. This security issue occurs because of insecure file operations or unsafe handling of temporary files and directories that lead to local privilege escalation. Before the insights-client has been registered on the system by root, an unprivileged local user or attacker could create the /var/tmp/insights-client directory (owning the directory with read, write, and execute permissions) on the system. After the insights-client is registered by root, an attacker could then control the directory content that insights are using by putting malicious scripts into it and executing arbitrary code as root (trivially bypassing SELinux protections because insights processes are allowed to disable SELinux system-wide).</description>
1602.    <dc:date>2023-11-01T16:15:08Z</dc:date>
1603.  </item>
1604.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40061">
1605.    <title>CVE-2023-40061</title>
1606.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40061</link>
1607.    <description>&amp;Acirc;&amp;nbsp;Insecure
1608. job execution mechanism vulnerability.  This
1609. vulnerability can lead to other attacks as a result.</description>
1610.    <dc:date>2023-11-01T16:15:08Z</dc:date>
1611.  </item>
1612.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40062">
1613.    <title>CVE-2023-40062</title>
1614.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40062</link>
1615.    <description>SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges.</description>
1616.    <dc:date>2023-11-01T16:15:08Z</dc:date>
1617.  </item>
1618.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40207">
1619.    <title>CVE-2023-40207</title>
1620.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40207</link>
1621.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RedNao Donations Made Easy &amp;acirc;&amp;euro;&amp;ldquo; Smart Donations allows SQL Injection.This issue affects Donations Made Easy &amp;acirc;&amp;euro;&amp;ldquo; Smart Donations: from n/a through 4.0.12.</description>
1622.    <dc:date>2023-11-06T09:15:08Z</dc:date>
1623.  </item>
1624.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40215">
1625.    <title>CVE-2023-40215</title>
1626.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40215</link>
1627.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Demonisblack demon image annotation allows SQL Injection.This issue affects demon image annotation: from n/a through 5.1.</description>
1628.    <dc:date>2023-11-04T00:15:08Z</dc:date>
1629.  </item>
1630.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4043">
1631.    <title>CVE-2023-4043</title>
1632.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4043</link>
1633.    <description>In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in Java has a number of edge cases where the input text of a number can lead to much larger processing time than one would expect.
1634.  
1635.  
1636. To mitigate the risk, parsson put in place a size limit for the numbers as well as their scale.</description>
1637.    <dc:date>2023-11-03T09:15:13Z</dc:date>
1638.  </item>
1639.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40609">
1640.    <title>CVE-2023-40609</title>
1641.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40609</link>
1642.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aiyaz, maheshpatel Contact form 7 Custom validation allows SQL Injection.This issue affects Contact form 7 Custom validation: from n/a through 1.1.3.</description>
1643.    <dc:date>2023-11-06T09:15:08Z</dc:date>
1644.  </item>
1645.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40660">
1646.    <title>CVE-2023-40660</title>
1647.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40660</link>
1648.    <description>A flaw was found in OpenSC packages that allow a potential PIN bypass. When a token/card is authenticated by one process, it can perform cryptographic operations in other processes when an empty zero-length pin is passed. This issue poses a security risk, particularly for OS logon/screen unlock and for small, permanently connected tokens to computers. Additionally, the token can internally track login status. This flaw allows an attacker to gain unauthorized access, carry out malicious actions, or compromise the system without the user's awareness.</description>
1649.    <dc:date>2023-11-06T17:15:11Z</dc:date>
1650.  </item>
1651.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40661">
1652.    <title>CVE-2023-40661</title>
1653.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40661</link>
1654.    <description>Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. To take advantage of these flaws, an attacker must have physical access to the computer system and employ a custom-crafted USB device or smart card to manipulate responses to APDUs. This manipulation can potentially allow &#xD;
1655. compromise key generation, certificate loading, and other card management operations during enrollment.</description>
1656.    <dc:date>2023-11-06T17:15:11Z</dc:date>
1657.  </item>
1658.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4091">
1659.    <title>CVE-2023-4091</title>
1660.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4091</link>
1661.    <description>A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module &amp;quot;acl_xattr&amp;quot; is configured with &amp;quot;acl_xattr:ignore system acls = yes&amp;quot;. The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.</description>
1662.    <dc:date>2023-11-03T08:15:08Z</dc:date>
1663.  </item>
1664.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40922">
1665.    <title>CVE-2023-40922</title>
1666.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-40922</link>
1667.    <description>kerawen before v2.5.1 was discovered to contain a SQL injection vulnerability via the ocs_id_cart parameter at KerawenDeliveryModuleFrontController::initContent().</description>
1668.    <dc:date>2023-11-04T23:15:07Z</dc:date>
1669.  </item>
1670.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41164">
1671.    <title>CVE-2023-41164</title>
1672.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41164</link>
1673.    <description>In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encoding.uri_to_iri() is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.</description>
1674.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1675.  </item>
1676.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41259">
1677.    <title>CVE-2023-41259</title>
1678.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41259</link>
1679.    <description>Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Disclosure via fake or spoofed RT email headers in an email message or a mail-gateway REST API call.</description>
1680.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1681.  </item>
1682.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41260">
1683.    <title>CVE-2023-41260</title>
1684.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41260</link>
1685.    <description>Best Practical Request Tracker (RT) before 4.4.7 and 5.x before 5.0.5 allows Information Exposure in responses to mail-gateway REST API calls.</description>
1686.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1687.  </item>
1688.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41343">
1689.    <title>CVE-2023-41343</title>
1690.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41343</link>
1691.    <description>Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.</description>
1692.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1693.  </item>
1694.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41344">
1695.    <title>CVE-2023-41344</title>
1696.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41344</link>
1697.    <description>NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.</description>
1698.    <dc:date>2023-11-03T07:15:14Z</dc:date>
1699.  </item>
1700.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41345">
1701.    <title>CVE-2023-41345</title>
1702.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41345</link>
1703.    <description>ASUS RT-AX55&amp;acirc;&amp;euro;&amp;trade;s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services.</description>
1704.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1705.  </item>
1706.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41346">
1707.    <title>CVE-2023-41346</title>
1708.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41346</link>
1709.    <description>ASUS RT-AX55&amp;acirc;&amp;euro;&amp;trade;s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.</description>
1710.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1711.  </item>
1712.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41347">
1713.    <title>CVE-2023-41347</title>
1714.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41347</link>
1715.    <description>ASUS RT-AX55&amp;acirc;&amp;euro;&amp;trade;s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.</description>
1716.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1717.  </item>
1718.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41348">
1719.    <title>CVE-2023-41348</title>
1720.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41348</link>
1721.    <description>ASUS RT-AX55&amp;acirc;&amp;euro;&amp;trade;s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.</description>
1722.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1723.  </item>
1724.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41350">
1725.    <title>CVE-2023-41350</title>
1726.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41350</link>
1727.    <description>Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. An unauthenticated remote attacker can execute a crafted Javascript to expose captcha in page, making it very easy for bots to bypass the captcha check and more susceptible to brute force attacks.</description>
1728.    <dc:date>2023-11-03T05:15:29Z</dc:date>
1729.  </item>
1730.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41351">
1731.    <title>CVE-2023-41351</title>
1732.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41351</link>
1733.    <description>Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an alternative URL. This makes it possible for unauthenticated remote attackers to log in as any existing users, such as an administrator, to perform arbitrary system operations or disrupt service.</description>
1734.    <dc:date>2023-11-03T06:15:07Z</dc:date>
1735.  </item>
1736.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41352">
1737.    <title>CVE-2023-41352</title>
1738.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41352</link>
1739.    <description>Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services.</description>
1740.    <dc:date>2023-11-03T06:15:07Z</dc:date>
1741.  </item>
1742.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41353">
1743.    <title>CVE-2023-41353</title>
1744.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41353</link>
1745.    <description>Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. A remote attacker with regular user privilege can easily infer the administrator password from system information after logging system, resulting in admin access and performing arbitrary system operations or disrupt service.</description>
1746.    <dc:date>2023-11-03T06:15:07Z</dc:date>
1747.  </item>
1748.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41354">
1749.    <title>CVE-2023-41354</title>
1750.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41354</link>
1751.    <description>Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package, resulting in partially sensitive information exposed to an actor.</description>
1752.    <dc:date>2023-11-03T06:15:07Z</dc:date>
1753.  </item>
1754.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41355">
1755.    <title>CVE-2023-41355</title>
1756.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41355</link>
1757.    <description>Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a crafted package to modify the network routing table, resulting in a denial of service or sensitive information leaking.</description>
1758.    <dc:date>2023-11-03T06:15:07Z</dc:date>
1759.  </item>
1760.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41356">
1761.    <title>CVE-2023-41356</title>
1762.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41356</link>
1763.    <description>NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and read arbitrary system files.</description>
1764.    <dc:date>2023-11-03T07:15:14Z</dc:date>
1765.  </item>
1766.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41357">
1767.    <title>CVE-2023-41357</title>
1768.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41357</link>
1769.    <description>Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operations or disrupt service.</description>
1770.    <dc:date>2023-11-03T07:15:14Z</dc:date>
1771.  </item>
1772.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41378">
1773.    <title>CVE-2023-41378</title>
1774.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41378</link>
1775.    <description>In certain conditions for Calico Typha (v3.26.2, v3.25.1 and below), and Calico Enterprise Typha (v3.17.1, v3.16.3, v3.15.3 and below), a client TLS handshake can block the Calico Typha server indefinitely, resulting in denial of service. The TLS Handshake() call is performed inside the main server handle for loop without any timeout allowing an unclean TLS handshake to block the main loop indefinitely while other connections will be idle waiting for that handshake to finish.</description>
1776.    <dc:date>2023-11-06T16:15:42Z</dc:date>
1777.  </item>
1778.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41652">
1779.    <title>CVE-2023-41652</title>
1780.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41652</link>
1781.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Carr RSVPMaker rsvpmaker allows SQL Injection.This issue affects RSVPMaker: from n/a through 10.6.6.</description>
1782.    <dc:date>2023-11-03T12:15:08Z</dc:date>
1783.  </item>
1784.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41685">
1785.    <title>CVE-2023-41685</title>
1786.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41685</link>
1787.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ilGhera Woocommerce Support System allows SQL Injection.This issue affects Woocommerce Support System: from n/a through 1.2.1.</description>
1788.    <dc:date>2023-11-06T09:15:08Z</dc:date>
1789.  </item>
1790.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41725">
1791.    <title>CVE-2023-41725</title>
1792.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41725</link>
1793.    <description>Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability</description>
1794.    <dc:date>2023-11-03T20:15:09Z</dc:date>
1795.  </item>
1796.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41726">
1797.    <title>CVE-2023-41726</title>
1798.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41726</link>
1799.    <description>Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability</description>
1800.    <dc:date>2023-11-03T20:15:09Z</dc:date>
1801.  </item>
1802.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41914">
1803.    <title>CVE-2023-41914</title>
1804.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41914</link>
1805.    <description>SchedMD Slurm 23.02.x before 23.02.6 and 22.05.x before 22.05.10 allows filesystem race conditions for gaining ownership of a file, overwriting a file, or deleting files.</description>
1806.    <dc:date>2023-11-03T05:15:30Z</dc:date>
1807.  </item>
1808.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4197">
1809.    <title>CVE-2023-4197</title>
1810.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4197</link>
1811.    <description>Improper input validation in Dolibarr ERP CRM &amp;lt;= v18.0.1 fails to strip certain PHP code from user-supplied input when creating a Website, allowing an attacker to inject and evaluate arbitrary PHP code.</description>
1812.    <dc:date>2023-11-01T08:15:07Z</dc:date>
1813.  </item>
1814.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4198">
1815.    <title>CVE-2023-4198</title>
1816.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4198</link>
1817.    <description>Improper Access Control in Dolibarr ERP CRM &amp;lt;= v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data</description>
1818.    <dc:date>2023-11-01T09:15:09Z</dc:date>
1819.  </item>
1820.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42027">
1821.    <title>CVE-2023-42027</title>
1822.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42027</link>
1823.    <description>IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.  IBM X-Force ID:  266057.</description>
1824.    <dc:date>2023-11-03T00:15:12Z</dc:date>
1825.  </item>
1826.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42029">
1827.    <title>CVE-2023-42029</title>
1828.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42029</link>
1829.    <description>IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  266059.</description>
1830.    <dc:date>2023-11-03T00:15:12Z</dc:date>
1831.  </item>
1832.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4217">
1833.    <title>CVE-2023-4217</title>
1834.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4217</link>
1835.    <description>A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.</description>
1836.    <dc:date>2023-11-02T17:15:11Z</dc:date>
1837.  </item>
1838.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42299">
1839.    <title>CVE-2023-42299</title>
1840.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42299</link>
1841.    <description>Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the read_subimage_data function.</description>
1842.    <dc:date>2023-11-02T22:15:09Z</dc:date>
1843.  </item>
1844.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42631">
1845.    <title>CVE-2023-42631</title>
1846.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42631</link>
1847.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1848.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1849.  </item>
1850.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42632">
1851.    <title>CVE-2023-42632</title>
1852.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42632</link>
1853.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1854.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1855.  </item>
1856.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42633">
1857.    <title>CVE-2023-42633</title>
1858.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42633</link>
1859.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1860.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1861.  </item>
1862.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42634">
1863.    <title>CVE-2023-42634</title>
1864.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42634</link>
1865.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1866.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1867.  </item>
1868.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42635">
1869.    <title>CVE-2023-42635</title>
1870.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42635</link>
1871.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1872.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1873.  </item>
1874.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42636">
1875.    <title>CVE-2023-42636</title>
1876.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42636</link>
1877.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1878.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1879.  </item>
1880.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42637">
1881.    <title>CVE-2023-42637</title>
1882.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42637</link>
1883.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1884.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1885.  </item>
1886.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42638">
1887.    <title>CVE-2023-42638</title>
1888.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42638</link>
1889.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1890.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1891.  </item>
1892.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42639">
1893.    <title>CVE-2023-42639</title>
1894.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42639</link>
1895.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1896.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1897.  </item>
1898.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42640">
1899.    <title>CVE-2023-42640</title>
1900.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42640</link>
1901.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1902.    <dc:date>2023-11-01T10:15:09Z</dc:date>
1903.  </item>
1904.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42641">
1905.    <title>CVE-2023-42641</title>
1906.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42641</link>
1907.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1908.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1909.  </item>
1910.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42642">
1911.    <title>CVE-2023-42642</title>
1912.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42642</link>
1913.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1914.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1915.  </item>
1916.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42643">
1917.    <title>CVE-2023-42643</title>
1918.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42643</link>
1919.    <description>In validationtools, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1920.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1921.  </item>
1922.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42644">
1923.    <title>CVE-2023-42644</title>
1924.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42644</link>
1925.    <description>In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1926.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1927.  </item>
1928.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42645">
1929.    <title>CVE-2023-42645</title>
1930.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42645</link>
1931.    <description>In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1932.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1933.  </item>
1934.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42646">
1935.    <title>CVE-2023-42646</title>
1936.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42646</link>
1937.    <description>In Ifaa service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1938.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1939.  </item>
1940.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42647">
1941.    <title>CVE-2023-42647</title>
1942.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42647</link>
1943.    <description>In Ifaa service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1944.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1945.  </item>
1946.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42648">
1947.    <title>CVE-2023-42648</title>
1948.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42648</link>
1949.    <description>In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1950.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1951.  </item>
1952.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42649">
1953.    <title>CVE-2023-42649</title>
1954.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42649</link>
1955.    <description>In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1956.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1957.  </item>
1958.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42650">
1959.    <title>CVE-2023-42650</title>
1960.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42650</link>
1961.    <description>In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1962.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1963.  </item>
1964.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42651">
1965.    <title>CVE-2023-42651</title>
1966.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42651</link>
1967.    <description>In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1968.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1969.  </item>
1970.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42652">
1971.    <title>CVE-2023-42652</title>
1972.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42652</link>
1973.    <description>In engineermode, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1974.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1975.  </item>
1976.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42653">
1977.    <title>CVE-2023-42653</title>
1978.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42653</link>
1979.    <description>In faceid service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges</description>
1980.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1981.  </item>
1982.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42654">
1983.    <title>CVE-2023-42654</title>
1984.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42654</link>
1985.    <description>In dm service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed</description>
1986.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1987.  </item>
1988.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42655">
1989.    <title>CVE-2023-42655</title>
1990.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42655</link>
1991.    <description>In sim service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed</description>
1992.    <dc:date>2023-11-01T10:15:10Z</dc:date>
1993.  </item>
1994.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42669">
1995.    <title>CVE-2023-42669</title>
1996.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42669</link>
1997.    <description>A vulnerability was found in Samba's &amp;quot;rpcecho&amp;quot; development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the &amp;quot;rpcecho&amp;quot; service operates with only one worker in the main RPC task, allowing calls to the &amp;quot;rpcecho&amp;quot; server to be blocked for a specified time, causing service disruptions. This disruption is triggered by a &amp;quot;sleep()&amp;quot; call in the &amp;quot;dcesrv_echo_TestSleep()&amp;quot; function under specific conditions. Authenticated users or attackers can exploit this vulnerability to make calls to the &amp;quot;rpcecho&amp;quot; server, requesting it to block for a specified duration, effectively disrupting most services and leading to a complete denial of service on the AD DC. The DoS affects all other services as &amp;quot;rpcecho&amp;quot; runs in the main RPC task.</description>
1998.    <dc:date>2023-11-06T07:15:09Z</dc:date>
1999.  </item>
2000.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42670">
2001.    <title>CVE-2023-42670</title>
2002.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42670</link>
2003.    <description>A flaw was found in Samba. It is susceptible to a vulnerability where multiple incompatible RPC listeners can be initiated, causing disruptions in the AD DC service. When Samba's RPC server experiences a high load or unresponsiveness, servers intended for non-AD DC purposes (for example, NT4-emulation &amp;quot;classic DCs&amp;quot;) can erroneously start and compete for the same unix domain sockets. This issue leads to partial query responses from the AD DC, causing issues such as &amp;quot;The procedure number is out of range&amp;quot; when using tools like Active Directory Users. This flaw allows an attacker to disrupt AD DC services.</description>
2004.    <dc:date>2023-11-03T08:15:07Z</dc:date>
2005.  </item>
2006.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42750">
2007.    <title>CVE-2023-42750</title>
2008.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42750</link>
2009.    <description>In gnss service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed</description>
2010.    <dc:date>2023-11-01T10:15:10Z</dc:date>
2011.  </item>
2012.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42802">
2013.    <title>CVE-2023-42802</title>
2014.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42802</link>
2015.    <description>GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PHP files can then be executed through a web server request. Version 10.0.10 fixes this issue. As a workaround, remove write access on `/ajax` and `/front` files to the web server.</description>
2016.    <dc:date>2023-11-02T14:15:11Z</dc:date>
2017.  </item>
2018.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43018">
2019.    <title>CVE-2023-43018</title>
2020.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43018</link>
2021.    <description>IBM CICS TX Standard 11.1 and Advanced 10.1, 11.1 performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.  IBM X-Force ID:  266163.</description>
2022.    <dc:date>2023-11-03T00:15:12Z</dc:date>
2023.  </item>
2024.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43076">
2025.    <title>CVE-2023-43076</title>
2026.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43076</link>
2027.    <description>Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. A low privilege remote attacker could potentially exploit this vulnerability to cause an out of memory (OOM) condition.</description>
2028.    <dc:date>2023-11-02T11:15:14Z</dc:date>
2029.  </item>
2030.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43087">
2031.    <title>CVE-2023-43087</title>
2032.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43087</link>
2033.    <description>Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. A low privileged remote attacker could potentially exploit this vulnerability to cause information disclosure.</description>
2034.    <dc:date>2023-11-02T11:15:14Z</dc:date>
2035.  </item>
2036.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43193">
2037.    <title>CVE-2023-43193</title>
2038.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43193</link>
2039.    <description>Submitty before v22.06.00 is vulnerable to Cross Site Scripting (XSS). An attacker can create a malicious link in the forum that leads to XSS.</description>
2040.    <dc:date>2023-11-02T12:15:09Z</dc:date>
2041.  </item>
2042.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43194">
2043.    <title>CVE-2023-43194</title>
2044.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43194</link>
2045.    <description>Submitty before v22.06.00 is vulnerable to Incorrect Access Control. An attacker can delete any post in the forum by modifying request parameter.</description>
2046.    <dc:date>2023-11-02T22:15:09Z</dc:date>
2047.  </item>
2048.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43336">
2049.    <title>CVE-2023-43336</title>
2050.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43336</link>
2051.    <description>Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.</description>
2052.    <dc:date>2023-11-02T12:15:09Z</dc:date>
2053.  </item>
2054.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43665">
2055.    <title>CVE-2023-43665</title>
2056.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43665</link>
2057.    <description>In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.text.Truncator chars() and words() methods (when used with html=True) are subject to a potential DoS (denial of service) attack via certain inputs with very long, potentially malformed HTML text. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which are thus also vulnerable. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232.</description>
2058.    <dc:date>2023-11-03T05:15:30Z</dc:date>
2059.  </item>
2060.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43982">
2061.    <title>CVE-2023-43982</title>
2062.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43982</link>
2063.    <description>Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. This vulnerability allows attackers to use the vulnerable website as proxy to attack other websites or exfiltrate data via a HTTP call.</description>
2064.    <dc:date>2023-11-03T05:15:30Z</dc:date>
2065.  </item>
2066.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44025">
2067.    <title>CVE-2023-44025</title>
2068.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44025</link>
2069.    <description>SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component.</description>
2070.    <dc:date>2023-11-01T22:15:08Z</dc:date>
2071.  </item>
2072.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44271">
2073.    <title>CVE-2023-44271</title>
2074.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44271</link>
2075.    <description>An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw instance operates on a long text argument.</description>
2076.    <dc:date>2023-11-03T05:15:30Z</dc:date>
2077.  </item>
2078.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44398">
2079.    <title>CVE-2023-44398</title>
2080.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44398</link>
2081.    <description>Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds write was found in Exiv2 version v0.28.0. The vulnerable function, `BmffImage::brotliUncompress`, is new in v0.28.0, so earlier versions of Exiv2 are _not_ affected. The out-of-bounds write is triggered when Exiv2 is used to read the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to gain code execution, if they can trick the victim into running Exiv2 on a crafted image file. This bug is fixed in version v0.28.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.</description>
2082.    <dc:date>2023-11-06T18:15:08Z</dc:date>
2083.  </item>
2084.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4452">
2085.    <title>CVE-2023-4452</title>
2086.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4452</link>
2087.    <description>A vulnerability has been identified in the EDR-810, EDR-G902, and EDR-G903 Series, making them  vulnerable to the denial-of-service vulnerability. This vulnerability stems from insufficient input validation in the URI, potentially enabling malicious users to trigger the device reboot.</description>
2088.    <dc:date>2023-11-01T15:15:08Z</dc:date>
2089.  </item>
2090.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44954">
2091.    <title>CVE-2023-44954</title>
2092.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44954</link>
2093.    <description>Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions.</description>
2094.    <dc:date>2023-11-01T23:15:07Z</dc:date>
2095.  </item>
2096.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45001">
2097.    <title>CVE-2023-45001</title>
2098.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45001</link>
2099.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Castos Seriously Simple Stats allows SQL Injection.This issue affects Seriously Simple Stats: from n/a through 1.5.0.</description>
2100.    <dc:date>2023-11-06T09:15:08Z</dc:date>
2101.  </item>
2102.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45012">
2103.    <title>CVE-2023-45012</title>
2104.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45012</link>
2105.    <description>Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.&amp;Acirc;&amp;nbsp;The 'user_email' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2106.    <dc:date>2023-11-02T03:15:09Z</dc:date>
2107.  </item>
2108.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45013">
2109.    <title>CVE-2023-45013</title>
2110.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45013</link>
2111.    <description>Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'user_query' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2112.    <dc:date>2023-11-02T03:15:09Z</dc:date>
2113.  </item>
2114.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45014">
2115.    <title>CVE-2023-45014</title>
2116.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45014</link>
2117.    <description>Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'bus_id' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2118.    <dc:date>2023-11-02T03:15:09Z</dc:date>
2119.  </item>
2120.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45015">
2121.    <title>CVE-2023-45015</title>
2122.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45015</link>
2123.    <description>Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2124.    <dc:date>2023-11-02T03:15:09Z</dc:date>
2125.  </item>
2126.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45016">
2127.    <title>CVE-2023-45016</title>
2128.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45016</link>
2129.    <description>Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'source' parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2130.    <dc:date>2023-11-02T03:15:09Z</dc:date>
2131.  </item>
2132.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45017">
2133.    <title>CVE-2023-45017</title>
2134.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45017</link>
2135.    <description>Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'destination' parameter of the search.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2136.    <dc:date>2023-11-02T03:15:09Z</dc:date>
2137.  </item>
2138.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45018">
2139.    <title>CVE-2023-45018</title>
2140.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45018</link>
2141.    <description>Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2142.    <dc:date>2023-11-02T03:15:10Z</dc:date>
2143.  </item>
2144.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45019">
2145.    <title>CVE-2023-45019</title>
2146.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45019</link>
2147.    <description>Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2148.    <dc:date>2023-11-02T03:15:10Z</dc:date>
2149.  </item>
2150.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45024">
2151.    <title>CVE-2023-45024</title>
2152.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45024</link>
2153.    <description>Best Practical Request Tracker (RT) 5 before 5.0.5 allows Information Disclosure via a transaction search in the transaction query builder.</description>
2154.    <dc:date>2023-11-03T05:15:30Z</dc:date>
2155.  </item>
2156.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45046">
2157.    <title>CVE-2023-45046</title>
2158.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45046</link>
2159.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressference Pressference Exporter allows SQL Injection.This issue affects Pressference Exporter: from n/a through 1.0.3.</description>
2160.    <dc:date>2023-11-06T09:15:08Z</dc:date>
2161.  </item>
2162.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45055">
2163.    <title>CVE-2023-45055</title>
2164.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45055</link>
2165.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InspireUI MStore API allows SQL Injection.This issue affects MStore API: from n/a through 4.0.6.</description>
2166.    <dc:date>2023-11-06T09:15:08Z</dc:date>
2167.  </item>
2168.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45069">
2169.    <title>CVE-2023-45069</title>
2170.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45069</link>
2171.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Video Gallery by Total-Soft Video Gallery &amp;acirc;&amp;euro;&amp;ldquo; Best WordPress YouTube Gallery Plugin allows SQL Injection.This issue affects Video Gallery &amp;acirc;&amp;euro;&amp;ldquo; Best WordPress YouTube Gallery Plugin: from n/a through 2.1.3.</description>
2172.    <dc:date>2023-11-06T09:15:08Z</dc:date>
2173.  </item>
2174.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45074">
2175.    <title>CVE-2023-45074</title>
2176.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45074</link>
2177.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter &amp;acirc;&amp;euro;&amp;ldquo; Most Wanted Analytics Plugin for WordPress allows SQL Injection.This issue affects Advanced Page Visit Counter &amp;acirc;&amp;euro;&amp;ldquo; Most Wanted Analytics Plugin for WordPress: from n/a through 7.1.1.</description>
2178.    <dc:date>2023-11-06T09:15:08Z</dc:date>
2179.  </item>
2180.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45111">
2181.    <title>CVE-2023-45111</title>
2182.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45111</link>
2183.    <description>Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.&amp;Acirc;&amp;nbsp;The 'email' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2184.    <dc:date>2023-11-02T02:15:08Z</dc:date>
2185.  </item>
2186.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45112">
2187.    <title>CVE-2023-45112</title>
2188.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45112</link>
2189.    <description>Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'feedback' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2190.    <dc:date>2023-11-02T02:15:08Z</dc:date>
2191.  </item>
2192.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45113">
2193.    <title>CVE-2023-45113</title>
2194.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45113</link>
2195.    <description>Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2196.    <dc:date>2023-11-02T02:15:08Z</dc:date>
2197.  </item>
2198.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45114">
2199.    <title>CVE-2023-45114</title>
2200.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45114</link>
2201.    <description>Online Examination System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'subject' parameter of the feed.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2202.    <dc:date>2023-11-02T02:15:08Z</dc:date>
2203.  </item>
2204.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45161">
2205.    <title>CVE-2023-45161</title>
2206.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45161</link>
2207.    <description>The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.
2208.  
2209. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-URLResponseTime instruction to v20.1 by uploading it through the 1E Platform instruction upload UI</description>
2210.    <dc:date>2023-11-06T13:15:09Z</dc:date>
2211.  </item>
2212.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45163">
2213.    <title>CVE-2023-45163</title>
2214.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45163</link>
2215.    <description>The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.
2216.  
2217. To remediate this issue download the updated Network product pack from the 1E Exchange and update the 1E-Exchange-CommandLinePing instruction to v18.1 by uploading it through the 1E Platform instruction upload UI</description>
2218.    <dc:date>2023-11-06T13:15:09Z</dc:date>
2219.  </item>
2220.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45189">
2221.    <title>CVE-2023-45189</title>
2222.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45189</link>
2223.    <description>A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials.  This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials.  IBM X-Force ID:  268752.</description>
2224.    <dc:date>2023-11-03T23:15:08Z</dc:date>
2225.  </item>
2226.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45201">
2227.    <title>CVE-2023-45201</title>
2228.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45201</link>
2229.    <description>Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities.&amp;Acirc;&amp;nbsp;The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.</description>
2230.    <dc:date>2023-11-01T22:15:08Z</dc:date>
2231.  </item>
2232.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45202">
2233.    <title>CVE-2023-45202</title>
2234.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45202</link>
2235.    <description>Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.</description>
2236.    <dc:date>2023-11-01T23:15:07Z</dc:date>
2237.  </item>
2238.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45203">
2239.    <title>CVE-2023-45203</title>
2240.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45203</link>
2241.    <description>Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.</description>
2242.    <dc:date>2023-11-01T23:15:08Z</dc:date>
2243.  </item>
2244.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45323">
2245.    <title>CVE-2023-45323</title>
2246.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45323</link>
2247.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities.&amp;Acirc;&amp;nbsp;The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2248.    <dc:date>2023-11-02T14:15:11Z</dc:date>
2249.  </item>
2250.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45324">
2251.    <title>CVE-2023-45324</title>
2252.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45324</link>
2253.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'price' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2254.    <dc:date>2023-11-02T14:15:11Z</dc:date>
2255.  </item>
2256.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45325">
2257.    <title>CVE-2023-45325</title>
2258.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45325</link>
2259.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2260.    <dc:date>2023-11-02T14:15:11Z</dc:date>
2261.  </item>
2262.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45326">
2263.    <title>CVE-2023-45326</title>
2264.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45326</link>
2265.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'email' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2266.    <dc:date>2023-11-02T14:15:11Z</dc:date>
2267.  </item>
2268.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45327">
2269.    <title>CVE-2023-45327</title>
2270.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45327</link>
2271.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2272.    <dc:date>2023-11-02T14:15:11Z</dc:date>
2273.  </item>
2274.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45328">
2275.    <title>CVE-2023-45328</title>
2276.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45328</link>
2277.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2278.    <dc:date>2023-11-02T14:15:11Z</dc:date>
2279.  </item>
2280.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45329">
2281.    <title>CVE-2023-45329</title>
2282.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45329</link>
2283.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2284.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2285.  </item>
2286.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45330">
2287.    <title>CVE-2023-45330</title>
2288.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45330</link>
2289.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2290.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2291.  </item>
2292.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45331">
2293.    <title>CVE-2023-45331</title>
2294.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45331</link>
2295.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2296.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2297.  </item>
2298.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45332">
2299.    <title>CVE-2023-45332</title>
2300.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45332</link>
2301.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'deleted' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2302.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2303.  </item>
2304.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45333">
2305.    <title>CVE-2023-45333</title>
2306.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45333</link>
2307.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'verified' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2308.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2309.  </item>
2310.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45334">
2311.    <title>CVE-2023-45334</title>
2312.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45334</link>
2313.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2314.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2315.  </item>
2316.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45335">
2317.    <title>CVE-2023-45335</title>
2318.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45335</link>
2319.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2320.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2321.  </item>
2322.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45336">
2323.    <title>CVE-2023-45336</title>
2324.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45336</link>
2325.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2326.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2327.  </item>
2328.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45337">
2329.    <title>CVE-2023-45337</title>
2330.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45337</link>
2331.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2332.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2333.  </item>
2334.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45338">
2335.    <title>CVE-2023-45338</title>
2336.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45338</link>
2337.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2338.    <dc:date>2023-11-02T15:15:08Z</dc:date>
2339.  </item>
2340.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45339">
2341.    <title>CVE-2023-45339</title>
2342.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45339</link>
2343.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'type' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2344.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2345.  </item>
2346.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45340">
2347.    <title>CVE-2023-45340</title>
2348.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45340</link>
2349.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2350.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2351.  </item>
2352.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45341">
2353.    <title>CVE-2023-45341</title>
2354.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45341</link>
2355.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2356.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2357.  </item>
2358.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45342">
2359.    <title>CVE-2023-45342</title>
2360.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45342</link>
2361.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2362.    <dc:date>2023-11-02T14:15:12Z</dc:date>
2363.  </item>
2364.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45343">
2365.    <title>CVE-2023-45343</title>
2366.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45343</link>
2367.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2368.    <dc:date>2023-11-02T14:15:13Z</dc:date>
2369.  </item>
2370.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45344">
2371.    <title>CVE-2023-45344</title>
2372.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45344</link>
2373.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2374.    <dc:date>2023-11-02T14:15:13Z</dc:date>
2375.  </item>
2376.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45345">
2377.    <title>CVE-2023-45345</title>
2378.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45345</link>
2379.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2380.    <dc:date>2023-11-02T15:15:08Z</dc:date>
2381.  </item>
2382.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45346">
2383.    <title>CVE-2023-45346</title>
2384.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45346</link>
2385.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2386.    <dc:date>2023-11-02T15:15:08Z</dc:date>
2387.  </item>
2388.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45347">
2389.    <title>CVE-2023-45347</title>
2390.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45347</link>
2391.    <description>Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.</description>
2392.    <dc:date>2023-11-02T15:15:08Z</dc:date>
2393.  </item>
2394.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4535">
2395.    <title>CVE-2023-4535</title>
2396.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4535</link>
2397.    <description>An out-of-bounds read vulnerability was found in OpenSC packages within the MyEID driver when handling symmetric key encryption. Exploiting this flaw requires an attacker to have physical access to the computer and a specially crafted USB device or smart card. This flaw allows the attacker to manipulate APDU responses and potentially gain unauthorized access to sensitive data, compromising the system's security.</description>
2398.    <dc:date>2023-11-06T17:15:12Z</dc:date>
2399.  </item>
2400.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45360">
2401.    <title>CVE-2023-45360</title>
2402.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45360</link>
2403.    <description>An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is XSS in youhavenewmessagesmanyusers and youhavenewmessages i18n messages. This is related to MediaWiki:Youhavenewmessagesfromusers.</description>
2404.    <dc:date>2023-11-03T05:15:30Z</dc:date>
2405.  </item>
2406.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45362">
2407.    <title>CVE-2023-45362</title>
2408.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45362</link>
2409.    <description>An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka &amp;quot;X intermediate revisions by the same user not shown&amp;quot;) ignores username suppression. This is an information leak.</description>
2410.    <dc:date>2023-11-03T05:15:30Z</dc:date>
2411.  </item>
2412.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45556">
2413.    <title>CVE-2023-45556</title>
2414.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45556</link>
2415.    <description>Cross Site Scripting vulnerability in Mybb Mybb Forums v.1.8.33 allows a local attacker to execute arbitrary code via the theme Name parameter in the theme management component.</description>
2416.    <dc:date>2023-11-06T22:15:07Z</dc:date>
2417.  </item>
2418.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45657">
2419.    <title>CVE-2023-45657</title>
2420.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45657</link>
2421.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSIMYTH Nexter allows SQL Injection.This issue affects Nexter: from n/a through 2.0.3.</description>
2422.    <dc:date>2023-11-06T09:15:08Z</dc:date>
2423.  </item>
2424.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45827">
2425.    <title>CVE-2023-45827</title>
2426.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45827</link>
2427.    <description>Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.</description>
2428.    <dc:date>2023-11-06T18:15:08Z</dc:date>
2429.  </item>
2430.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45830">
2431.    <title>CVE-2023-45830</title>
2432.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45830</link>
2433.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.</description>
2434.    <dc:date>2023-11-06T09:15:08Z</dc:date>
2435.  </item>
2436.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4591">
2437.    <title>CVE-2023-4591</title>
2438.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4591</link>
2439.    <description>A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the /tools/webinterface/index.php?page parameter by sending a GET request. This vulnerability could lead to the loading of a PHP file on the server, leading to a critical webshell exploit.</description>
2440.    <dc:date>2023-11-03T12:15:08Z</dc:date>
2441.  </item>
2442.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4592">
2443.    <title>CVE-2023-4592</title>
2444.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4592</link>
2445.    <description>A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload through the /tools/webinterface/index.php parameter and retrieve the cookie session details of an authenticated user, resulting in a session hijacking.</description>
2446.    <dc:date>2023-11-03T12:15:08Z</dc:date>
2447.  </item>
2448.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46084">
2449.    <title>CVE-2023-46084</title>
2450.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46084</link>
2451.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in bPlugins LLC Icons Font Loader allows SQL Injection.This issue affects Icons Font Loader: from n/a through 1.1.2.</description>
2452.    <dc:date>2023-11-06T10:15:07Z</dc:date>
2453.  </item>
2454.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46176">
2455.    <title>CVE-2023-46176</title>
2456.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46176</link>
2457.    <description>IBM MQ Appliance 9.3 CD could allow a local attacker to gain elevated privileges on the system, caused by improper validation of security keys.  IBM X-Force ID:  269535.</description>
2458.    <dc:date>2023-11-03T01:15:08Z</dc:date>
2459.  </item>
2460.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4625">
2461.    <title>CVE-2023-4625</title>
2462.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4625</link>
2463.    <description>Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules Web server function allows a remote unauthenticated attacker to prevent legitimate users from logging into the Web server function for a certain period after the attacker has attempted to log in illegally by continuously attempting unauthorized login to the Web server function. The impact of this vulnerability will persist while the attacker continues to attempt unauthorized login.</description>
2464.    <dc:date>2023-11-06T05:15:15Z</dc:date>
2465.  </item>
2466.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46251">
2467.    <title>CVE-2023-46251</title>
2468.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46251</link>
2469.    <description>MyBB is a free and open source forum software. Custom MyCode (BBCode) for the visual editor (_SCEditor_) doesn't escape input properly when rendering HTML, resulting in a DOM-based XSS vulnerability. This weakness can be exploited by pointing a victim to a page where the visual editor is active (e.g. as a post or Private Message) and operates on a maliciously crafted MyCode message. This may occur on pages where message content is pre-filled using a GET/POST parameter, or on reply pages where a previously saved malicious message is quoted. The impact is be mitigated when: 1. the visual editor is disabled globally (_Admin CP ? Configuration ? Settings ? Clickable Smilies and BB Code: [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_ is set to _Off_), or 2. the visual editor is disabled for individual user accounts (_User CP ? Your Profile ? Edit Options_: _Show the MyCode formatting options on the posting pages_ checkbox is not checked). MyBB 1.8.37 resolves this issue with the commit `6dcaf0b4d`. Users are advised to upgrade. Users unable to upgrade may mitigate the impact without upgrading MyBB by changing the following setting (_Admin CP ? Configuration ? Settings_):
2470. - _Clickable Smilies and BB Code ? [Clickable MyCode Editor](https://github.com/mybb/mybb/blob/mybb_1836/install/resources/settings.xml#L2087-L2094)_: _Off_. Similarly, individual MyBB forum users are able to disable the visual editor by diabling the account option (_User CP ? Your Profile ? Edit Options_) _Show the MyCode formatting options on the posting pages_.</description>
2471.    <dc:date>2023-11-06T18:15:08Z</dc:date>
2472.  </item>
2473.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46254">
2474.    <title>CVE-2023-46254</title>
2475.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46254</link>
2476.    <description>capsule-proxy is a reverse proxy for Capsule kubernetes multi-tenancy framework. A bug in the RoleBinding reflector used by `capsule-proxy` gives ServiceAccount tenant owners the right to list Namespaces of other tenants backed by the same owner kind and name. For example consider two tenants `solar` and `wind`. Tenant `solar`, owned by a ServiceAccount named `tenant-owner` in the Namespace `solar`. Tenant `wind`, owned by a ServiceAccount named `tenant-owner` in the Namespace `wind`. The Tenant owner `solar` would be able to list the namespaces of the Tenant `wind` and vice-versa, although this is not correct. The bug introduces an exfiltration vulnerability since allows the listing of Namespace resources of other Tenants, although just in some specific conditions: 1. `capsule-proxy` runs with the `--disable-caching=false` (default value: `false`) and 2. Tenant owners are ServiceAccount, with the same resource name, but in different Namespaces. This vulnerability doesn't allow any privilege escalation on the outer tenant Namespace-scoped resources, since the Kubernetes RBAC is enforcing this. This issue has been addressed in version 0.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.</description>
2477.    <dc:date>2023-11-06T19:15:09Z</dc:date>
2478.  </item>
2479.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46327">
2480.    <title>CVE-2023-46327</title>
2481.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46327</link>
2482.    <description>Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. and Xerox Corporation provide a facility to export the contents of their Address Book with encrypted form, but the encryption strength is insufficient. With the knowledge of the encryption process and the encryption key, the information such as the server credentials may be obtained from the exported Address Book data. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References].</description>
2483.    <dc:date>2023-11-02T03:15:10Z</dc:date>
2484.  </item>
2485.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46352">
2486.    <title>CVE-2023-46352</title>
2487.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46352</link>
2488.    <description>In the module &amp;quot;Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module&amp;quot; (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can access exports from the module which can lead to a leak of personal information from ps_customer table such as name / surname / email.</description>
2489.    <dc:date>2023-11-02T22:15:09Z</dc:date>
2490.  </item>
2491.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46380">
2492.    <title>CVE-2023-46380</title>
2493.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46380</link>
2494.    <description>LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices send password-change requests via cleartext HTTP.</description>
2495.    <dc:date>2023-11-04T23:15:07Z</dc:date>
2496.  </item>
2497.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46381">
2498.    <title>CVE-2023-46381</title>
2499.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46381</link>
2500.    <description>LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices lack authentication for the preinstalled version of LWEB-802 via an lweb802_pre/ URI. An unauthenticated attacker can edit any project (or create a new project) and control its GUI.</description>
2501.    <dc:date>2023-11-04T23:15:07Z</dc:date>
2502.  </item>
2503.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46382">
2504.    <title>CVE-2023-46382</title>
2505.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46382</link>
2506.    <description>LOYTEC LINX-212 firmware 6.2.4 and LVIS-3ME12-A1 firmware 6.2.2 and LIOB-586 firmware 6.2.3 devices use cleartext HTTP for login.</description>
2507.    <dc:date>2023-11-04T23:15:08Z</dc:date>
2508.  </item>
2509.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46404">
2510.    <title>CVE-2023-46404</title>
2511.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46404</link>
2512.    <description>PCRS &amp;lt;= 3.11 (d0de1e) &amp;acirc;&amp;euro;&amp;oelig;Questions&amp;acirc;&amp;euro;&amp;#65533; page and &amp;acirc;&amp;euro;&amp;oelig;Code editor&amp;acirc;&amp;euro;&amp;#65533; page are vulnerable to remote code execution (RCE) by escaping Python sandboxing.</description>
2513.    <dc:date>2023-11-03T16:15:31Z</dc:date>
2514.  </item>
2515.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46428">
2516.    <title>CVE-2023-46428 (hadsky)</title>
2517.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46428</link>
2518.    <description>An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file.</description>
2519.    <dc:date>2023-11-01T21:15:08Z</dc:date>
2520.  </item>
2521.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46448">
2522.    <title>CVE-2023-46448</title>
2523.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46448</link>
2524.    <description>Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images.</description>
2525.    <dc:date>2023-11-01T22:15:08Z</dc:date>
2526.  </item>
2527.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46475">
2528.    <title>CVE-2023-46475</title>
2529.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46475</link>
2530.    <description>A Stored Cross-Site Scripting vulnerability was discovered in ZenTao 18.3 where a user can create a project, and in the name field of the project, they can inject malicious JavaScript code.</description>
2531.    <dc:date>2023-11-02T13:15:08Z</dc:date>
2532.  </item>
2533.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46482">
2534.    <title>CVE-2023-46482</title>
2535.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46482</link>
2536.    <description>SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component.</description>
2537.    <dc:date>2023-11-01T19:15:45Z</dc:date>
2538.  </item>
2539.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46517">
2540.    <title>CVE-2023-46517</title>
2541.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46517</link>
2542.    <description>** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.</description>
2543.    <dc:date>2023-11-03T05:15:30Z</dc:date>
2544.  </item>
2545.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46595">
2546.    <title>CVE-2023-46595</title>
2547.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46595</link>
2548.    <description>Net-NTLM leak in Fireflow A32.20 and A32.50 allows an attacker&amp;Acirc;&amp;nbsp;to obtain victim&amp;acirc;&amp;euro;&amp;trade;s domain credentials and Net-NTLM hash which can lead&amp;Acirc;&amp;nbsp;to relay domain attacks.</description>
2549.    <dc:date>2023-11-02T08:15:08Z</dc:date>
2550.  </item>
2551.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46695">
2552.    <title>CVE-2023-46695</title>
2553.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46695</link>
2554.    <description>An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. The NFKC normalization is slow on Windows. As a consequence, django.contrib.auth.forms.UsernameField is subject to a potential DoS (denial of service) attack via certain inputs with a very large number of Unicode characters.</description>
2555.    <dc:date>2023-11-02T06:15:08Z</dc:date>
2556.  </item>
2557.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46724">
2558.    <title>CVE-2023-46724</title>
2559.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46724</link>
2560.    <description>Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages.</description>
2561.    <dc:date>2023-11-01T20:15:08Z</dc:date>
2562.  </item>
2563.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46725">
2564.    <title>CVE-2023-46725</title>
2565.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46725</link>
2566.    <description>FoodCoopShop is open source software for food coops and local shops. Versions starting with 3.2.0 prior to 3.6.1 are vulnerable to server-side request forgery. In the Network module, a manufacturer account can use the `/api/updateProducts.json` endpoint to make the server send a request to an arbitrary host. This means that the server can be used as a proxy into the internal network where the server is. Furthermore, the checks on a valid image are not adequate, leading to a time of check time of use issue. For example, by using a custom server that returns 200 on HEAD requests, then return a valid image on first GET request and then a 302 redirect to final target on second GET request, the server will copy whatever file is at the redirect destination, making this a full SSRF. Version 3.6.1 fixes this vulnerability.</description>
2567.    <dc:date>2023-11-02T15:15:08Z</dc:date>
2568.  </item>
2569.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46728">
2570.    <title>CVE-2023-46728</title>
2571.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46728</link>
2572.    <description>Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a NULL pointer dereference bug Squid is vulnerable to a Denial of Service attack against Squid's Gopher gateway. The gopher protocol is always available and enabled in Squid prior to Squid 6.0.1. Responses triggering this bug are possible to be received from any gopher server, even those without malicious intent. Gopher support has been removed in Squid version 6.0.1. Users are advised to upgrade. Users unable to upgrade should reject all gopher URL requests.</description>
2573.    <dc:date>2023-11-06T18:15:08Z</dc:date>
2574.  </item>
2575.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46731">
2576.    <title>CVE-2023-46731</title>
2577.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46731</link>
2578.    <description>XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins).</description>
2579.    <dc:date>2023-11-06T19:15:09Z</dc:date>
2580.  </item>
2581.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46732">
2582.    <title>CVE-2023-46732</title>
2583.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46732</link>
2584.    <description>XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability.</description>
2585.    <dc:date>2023-11-06T19:15:09Z</dc:date>
2586.  </item>
2587.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46775">
2588.    <title>CVE-2023-46775</title>
2589.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46775</link>
2590.    <description>Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.18 versions.</description>
2591.    <dc:date>2023-11-06T11:15:09Z</dc:date>
2592.  </item>
2593.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46776">
2594.    <title>CVE-2023-46776</title>
2595.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46776</link>
2596.    <description>Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.5 versions.</description>
2597.    <dc:date>2023-11-06T12:15:08Z</dc:date>
2598.  </item>
2599.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46777">
2600.    <title>CVE-2023-46777</title>
2601.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46777</link>
2602.    <description>Cross-Site Request Forgery (CSRF) vulnerability in Custom Login Page | Temporary Users | Rebrand Login | Login Captcha plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.1.3 versions.</description>
2603.    <dc:date>2023-11-06T12:15:08Z</dc:date>
2604.  </item>
2605.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46778">
2606.    <title>CVE-2023-46778</title>
2607.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46778</link>
2608.    <description>Cross-Site Request Forgery (CSRF) vulnerability in TheFreeWindows Auto Limit Posts Reloaded plugin &amp;lt;=&amp;Acirc;&amp;nbsp;2.5 versions.</description>
2609.    <dc:date>2023-11-06T12:15:08Z</dc:date>
2610.  </item>
2611.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46779">
2612.    <title>CVE-2023-46779</title>
2613.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46779</link>
2614.    <description>Cross-Site Request Forgery (CSRF) vulnerability in EasyRecipe plugin &amp;lt;=&amp;Acirc;&amp;nbsp;3.5.3251 versions.</description>
2615.    <dc:date>2023-11-06T12:15:08Z</dc:date>
2616.  </item>
2617.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46780">
2618.    <title>CVE-2023-46780</title>
2619.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46780</link>
2620.    <description>Cross-Site Request Forgery (CSRF) vulnerability in Alter plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.0 versions.</description>
2621.    <dc:date>2023-11-06T12:15:08Z</dc:date>
2622.  </item>
2623.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46781">
2624.    <title>CVE-2023-46781</title>
2625.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46781</link>
2626.    <description>Cross-Site Request Forgery (CSRF) vulnerability in Roland Murg Current Menu Item for Custom Post Types plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.5 versions.</description>
2627.    <dc:date>2023-11-06T12:15:08Z</dc:date>
2628.  </item>
2629.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46782">
2630.    <title>CVE-2023-46782</title>
2631.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46782</link>
2632.    <description>Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Yee MomentoPress for Momento360 plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.0.1 versions.</description>
2633.    <dc:date>2023-11-06T10:15:07Z</dc:date>
2634.  </item>
2635.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46783">
2636.    <title>CVE-2023-46783</title>
2637.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46783</link>
2638.    <description>Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Bright Plugins Pre-Orders for WooCommerce plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.2.13 versions.</description>
2639.    <dc:date>2023-11-06T10:15:08Z</dc:date>
2640.  </item>
2641.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46802">
2642.    <title>CVE-2023-46802</title>
2643.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46802</link>
2644.    <description>e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.</description>
2645.    <dc:date>2023-11-06T02:15:07Z</dc:date>
2646.  </item>
2647.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46817">
2648.    <title>CVE-2023-46817</title>
2649.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46817</link>
2650.    <description>An issue was discovered in phpFox before 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated attackers to inject arbitrary PHP objects into the application scope, allowing them to perform a variety of attacks, such as executing arbitrary PHP code.</description>
2651.    <dc:date>2023-11-03T05:15:30Z</dc:date>
2652.  </item>
2653.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46821">
2654.    <title>CVE-2023-46821</title>
2655.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46821</link>
2656.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Milan Petrovic GD Security Headers allows auth. (admin+) SQL Injection.This issue affects GD Security Headers: from n/a through 1.7.</description>
2657.    <dc:date>2023-11-06T10:15:08Z</dc:date>
2658.  </item>
2659.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46822">
2660.    <title>CVE-2023-46822</title>
2661.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46822</link>
2662.    <description>Unauth. Reflected Cross-Site Scripting') vulnerability in Visser Labs Store Exporter for WooCommerce &amp;acirc;&amp;euro;&amp;ldquo; Export Products, Export Orders, Export Subscriptions, and More plugin &amp;lt;=&amp;Acirc;&amp;nbsp;2.7.2 versions.</description>
2663.    <dc:date>2023-11-06T10:15:08Z</dc:date>
2664.  </item>
2665.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46823">
2666.    <title>CVE-2023-46823</title>
2667.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46823</link>
2668.    <description>Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum ImageLinks Interactive Image Builder for WordPress allows SQL Injection.This issue affects ImageLinks Interactive Image Builder for WordPress: from n/a through 1.5.4.</description>
2669.    <dc:date>2023-11-06T10:15:08Z</dc:date>
2670.  </item>
2671.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46824">
2672.    <title>CVE-2023-46824</title>
2673.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46824</link>
2674.    <description>Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Om Ak Solutions Slick Popup: Contact Form 7 Popup Plugin plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.7.14 versions.</description>
2675.    <dc:date>2023-11-06T10:15:08Z</dc:date>
2676.  </item>
2677.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46846">
2678.    <title>CVE-2023-46846</title>
2679.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46846</link>
2680.    <description>SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems.</description>
2681.    <dc:date>2023-11-03T08:15:07Z</dc:date>
2682.  </item>
2683.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46847">
2684.    <title>CVE-2023-46847</title>
2685.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46847</link>
2686.    <description>Squid is vulnerable to a Denial of Service,  where a remote attacker can perform buffer overflow attack by writing up to 2 MB of arbitrary data to heap memory when Squid is configured to accept HTTP Digest Authentication.</description>
2687.    <dc:date>2023-11-03T08:15:08Z</dc:date>
2688.  </item>
2689.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46848">
2690.    <title>CVE-2023-46848</title>
2691.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46848</link>
2692.    <description>Squid is vulnerable to Denial of Service,  where a remote attacker can perform DoS by sending ftp:// URLs in HTTP Request messages or constructing ftp:// URLs from FTP Native input.</description>
2693.    <dc:date>2023-11-03T08:15:08Z</dc:date>
2694.  </item>
2695.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46911">
2696.    <title>CVE-2023-46911</title>
2697.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46911</link>
2698.    <description>There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend.</description>
2699.    <dc:date>2023-11-01T17:15:11Z</dc:date>
2700.  </item>
2701.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46925">
2702.    <title>CVE-2023-46925</title>
2703.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46925</link>
2704.    <description>Reportico 7.1.21 is vulnerable to Cross Site Scripting (XSS).</description>
2705.    <dc:date>2023-11-02T17:15:11Z</dc:date>
2706.  </item>
2707.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46927">
2708.    <title>CVE-2023-46927</title>
2709.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46927</link>
2710.    <description>GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box.</description>
2711.    <dc:date>2023-11-01T15:15:08Z</dc:date>
2712.  </item>
2713.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46928">
2714.    <title>CVE-2023-46928</title>
2715.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46928</link>
2716.    <description>GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42.</description>
2717.    <dc:date>2023-11-01T15:15:08Z</dc:date>
2718.  </item>
2719.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46930">
2720.    <title>CVE-2023-46930</title>
2721.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46930</link>
2722.    <description>GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14.</description>
2723.    <dc:date>2023-11-01T14:15:38Z</dc:date>
2724.  </item>
2725.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46931">
2726.    <title>CVE-2023-46931</title>
2727.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46931</link>
2728.    <description>GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box.</description>
2729.    <dc:date>2023-11-01T14:15:38Z</dc:date>
2730.  </item>
2731.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46947">
2732.    <title>CVE-2023-46947</title>
2733.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46947</link>
2734.    <description>Subrion 4.2.1 has a remote command execution vulnerability in the backend.</description>
2735.    <dc:date>2023-11-03T13:15:08Z</dc:date>
2736.  </item>
2737.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46954">
2738.    <title>CVE-2023-46954</title>
2739.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46954</link>
2740.    <description>SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter.</description>
2741.    <dc:date>2023-11-03T03:15:07Z</dc:date>
2742.  </item>
2743.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46958">
2744.    <title>CVE-2023-46958</title>
2745.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46958</link>
2746.    <description>An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.</description>
2747.    <dc:date>2023-11-02T22:15:09Z</dc:date>
2748.  </item>
2749.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46963">
2750.    <title>CVE-2023-46963</title>
2751.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46963</link>
2752.    <description>An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function.</description>
2753.    <dc:date>2023-11-04T23:15:08Z</dc:date>
2754.  </item>
2755.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46964">
2756.    <title>CVE-2023-46964</title>
2757.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46964</link>
2758.    <description>Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of back-end filtering.</description>
2759.    <dc:date>2023-11-05T00:15:08Z</dc:date>
2760.  </item>
2761.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46980">
2762.    <title>CVE-2023-46980</title>
2763.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46980</link>
2764.    <description>An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.</description>
2765.    <dc:date>2023-11-03T16:15:31Z</dc:date>
2766.  </item>
2767.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46981">
2768.    <title>CVE-2023-46981</title>
2769.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46981</link>
2770.    <description>SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list.</description>
2771.    <dc:date>2023-11-05T00:15:08Z</dc:date>
2772.  </item>
2773.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4699">
2774.    <title>CVE-2023-4699</title>
2775.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4699</link>
2776.    <description>Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules and MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to reset the memory of the products to factory default state and cause denial-of-service (DoS) condition on the products by sending specific packets.</description>
2777.    <dc:date>2023-11-06T06:15:41Z</dc:date>
2778.  </item>
2779.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4700">
2780.    <title>CVE-2023-4700</title>
2781.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4700</link>
2782.    <description>An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments, bypassing any required approvals.</description>
2783.    <dc:date>2023-11-06T18:15:08Z</dc:date>
2784.  </item>
2785.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47004">
2786.    <title>CVE-2023-47004</title>
2787.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47004</link>
2788.    <description>Buffer Overflow vulnerability in Redis RedisGraph v.2.x through v.2.12.8 and fixed in v.2.12.9 allows an attacker to execute arbitrary code via the code logic after valid authentication.</description>
2789.    <dc:date>2023-11-06T22:15:08Z</dc:date>
2790.  </item>
2791.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47177">
2792.    <title>CVE-2023-47177</title>
2793.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47177</link>
2794.    <description>Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Yakir Sitbon, Ariel Klikstein Linker plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.2.1 versions.</description>
2795.    <dc:date>2023-11-06T10:15:08Z</dc:date>
2796.  </item>
2797.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47182">
2798.    <title>CVE-2023-47182</title>
2799.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47182</link>
2800.    <description>Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin &amp;lt;=&amp;Acirc;&amp;nbsp;3.5.2 versions.</description>
2801.    <dc:date>2023-11-06T10:15:08Z</dc:date>
2802.  </item>
2803.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47184">
2804.    <title>CVE-2023-47184</title>
2805.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47184</link>
2806.    <description>Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Proper Fraction LLC. Admin Bar &amp;amp; Dashboard Access Control plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.2.8 versions.</description>
2807.    <dc:date>2023-11-06T10:15:08Z</dc:date>
2808.  </item>
2809.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47185">
2810.    <title>CVE-2023-47185</title>
2811.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47185</link>
2812.    <description>Unauth. Stored Cross-Site Scripting (XSS) vulnerability in gVectors Team Comments &amp;acirc;&amp;euro;&amp;rdquo; wpDiscuz plugin &amp;lt;=&amp;Acirc;&amp;nbsp;7.6.11 versions.</description>
2813.    <dc:date>2023-11-06T11:15:09Z</dc:date>
2814.  </item>
2815.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47186">
2816.    <title>CVE-2023-47186</title>
2817.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47186</link>
2818.    <description>Cross-Site Request Forgery (CSRF) vulnerability in Kadence WP Kadence WooCommerce Email Designer plugin &amp;lt;=&amp;Acirc;&amp;nbsp;1.5.11 versions.</description>
2819.    <dc:date>2023-11-06T12:15:08Z</dc:date>
2820.  </item>
2821.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47204">
2822.    <title>CVE-2023-47204</title>
2823.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47204</link>
2824.    <description>Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code.</description>
2825.    <dc:date>2023-11-02T06:15:08Z</dc:date>
2826.  </item>
2827.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47233">
2828.    <title>CVE-2023-47233</title>
2829.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47233</link>
2830.    <description>The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. For physically proximate attackers with local access, this &amp;quot;could be exploited in a real world scenario.&amp;quot; This is related to brcmf_cfg80211_escan_timeout_worker in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c.</description>
2831.    <dc:date>2023-11-03T21:15:17Z</dc:date>
2832.  </item>
2833.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47234">
2834.    <title>CVE-2023-47234</title>
2835.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47234</link>
2836.    <description>An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).</description>
2837.    <dc:date>2023-11-03T21:15:17Z</dc:date>
2838.  </item>
2839.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47235">
2840.    <title>CVE-2023-47235</title>
2841.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47235</link>
2842.    <description>An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed, because the presence of EOR does not lead to a treat-as-withdraw outcome.</description>
2843.    <dc:date>2023-11-03T21:15:17Z</dc:date>
2844.  </item>
2845.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47249">
2846.    <title>CVE-2023-47249</title>
2847.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47249</link>
2848.    <description>In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read.</description>
2849.    <dc:date>2023-11-05T00:15:08Z</dc:date>
2850.  </item>
2851.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47253">
2852.    <title>CVE-2023-47253</title>
2853.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47253</link>
2854.    <description>Qualitor through 8.20 allows remote attackers to execute arbitrary code via PHP code in the html/ad/adpesquisasql/request/processVariavel.php gridValoresPopHidden parameter.</description>
2855.    <dc:date>2023-11-06T06:15:40Z</dc:date>
2856.  </item>
2857.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47258">
2858.    <title>CVE-2023-47258</title>
2859.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47258</link>
2860.    <description>Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter.</description>
2861.    <dc:date>2023-11-05T04:15:10Z</dc:date>
2862.  </item>
2863.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47259">
2864.    <title>CVE-2023-47259</title>
2865.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47259</link>
2866.    <description>Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter.</description>
2867.    <dc:date>2023-11-05T04:15:10Z</dc:date>
2868.  </item>
2869.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47260">
2870.    <title>CVE-2023-47260</title>
2871.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47260</link>
2872.    <description>Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails.</description>
2873.    <dc:date>2023-11-05T04:15:10Z</dc:date>
2874.  </item>
2875.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47271">
2876.    <title>CVE-2023-47271</title>
2877.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47271</link>
2878.    <description>PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the native import/export plugin) is an image file, before trying to use it for an issue cover image.</description>
2879.    <dc:date>2023-11-06T00:15:09Z</dc:date>
2880.  </item>
2881.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47272">
2882.    <title>CVE-2023-47272</title>
2883.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-47272</link>
2884.    <description>Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download).</description>
2885.    <dc:date>2023-11-06T00:15:09Z</dc:date>
2886.  </item>
2887.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4767">
2888.    <title>CVE-2023-4767</title>
2889.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4767</link>
2890.    <description>A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.csv.</description>
2891.    <dc:date>2023-11-03T11:15:08Z</dc:date>
2892.  </item>
2893.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4768">
2894.    <title>CVE-2023-4768</title>
2895.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4768</link>
2896.    <description>A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via the fileName parameter in /STATE_ID/1613157927228/InvSWMetering.pdf.</description>
2897.    <dc:date>2023-11-03T11:15:08Z</dc:date>
2898.  </item>
2899.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4769">
2900.    <title>CVE-2023-4769</title>
2901.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4769</link>
2902.    <description>A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. This vulnerability could allow an authenticated attacker to launch targeted attacks, such as a cross-port attack, service enumeration and other attacks via HTTP requests.</description>
2903.    <dc:date>2023-11-03T11:15:08Z</dc:date>
2904.  </item>
2905.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4810">
2906.    <title>CVE-2023-4810</title>
2907.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4810</link>
2908.    <description>The Responsive Pricing Table WordPress plugin before 5.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)</description>
2909.    <dc:date>2023-11-06T21:15:08Z</dc:date>
2910.  </item>
2911.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4858">
2912.    <title>CVE-2023-4858</title>
2913.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4858</link>
2914.    <description>The Simple Table Manager WordPress plugin through 1.5.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).</description>
2915.    <dc:date>2023-11-06T21:15:08Z</dc:date>
2916.  </item>
2917.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4910">
2918.    <title>CVE-2023-4910</title>
2919.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4910</link>
2920.    <description>A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.</description>
2921.    <dc:date>2023-11-06T13:15:10Z</dc:date>
2922.  </item>
2923.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4930">
2924.    <title>CVE-2023-4930</title>
2925.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4930</link>
2926.    <description>The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled.</description>
2927.    <dc:date>2023-11-06T21:15:09Z</dc:date>
2928.  </item>
2929.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4996">
2930.    <title>CVE-2023-4996</title>
2931.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4996</link>
2932.    <description>Netskope was made aware of a security vulnerability in its NSClient product for version 100 &amp;amp; prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. The root cause of the problem was a user control code when called by a Windows ServiceController did not validate the permissions associated with the user before executing the user control code. This user control code had permissions to terminate the NSClient service.&amp;Acirc;&amp;nbsp;</description>
2933.    <dc:date>2023-11-06T11:15:09Z</dc:date>
2934.  </item>
2935.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5035">
2936.    <title>CVE-2023-5035</title>
2937.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5035</link>
2938.    <description>A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.</description>
2939.    <dc:date>2023-11-02T17:15:11Z</dc:date>
2940.  </item>
2941.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5082">
2942.    <title>CVE-2023-5082</title>
2943.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5082</link>
2944.    <description>The History Log by click5 WordPress plugin before 1.0.13 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin users when using the Smash Balloon Social Photo Feed plugin alongside it.</description>
2945.    <dc:date>2023-11-06T21:15:09Z</dc:date>
2946.  </item>
2947.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088">
2948.    <title>CVE-2023-5088</title>
2949.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5088</link>
2950.    <description>A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.</description>
2951.    <dc:date>2023-11-03T14:15:08Z</dc:date>
2952.  </item>
2953.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5090">
2954.    <title>CVE-2023-5090</title>
2955.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5090</link>
2956.    <description>A flaw was found in KVM. An improper check in svm_set_x2apic_msr_interception() may allow direct access to host x2apic msrs when the guest resets its apic, potentially leading to a denial of service condition.</description>
2957.    <dc:date>2023-11-06T11:15:09Z</dc:date>
2958.  </item>
2959.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5178">
2960.    <title>CVE-2023-5178</title>
2961.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5178</link>
2962.    <description>A use-after-free vulnerability was found in drivers/nvme/target/tcp.c` in `nvmet_tcp_free_crypto` due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. This issue may allow a malicious user to cause a use-after-free and double-free problem, which may permit remote code execution or lead to local privilege escalation in case that the attacker already has local privileges.</description>
2963.    <dc:date>2023-11-01T17:15:11Z</dc:date>
2964.  </item>
2965.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5181">
2966.    <title>CVE-2023-5181</title>
2967.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5181</link>
2968.    <description>The WP Discord Invite WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)</description>
2969.    <dc:date>2023-11-06T21:15:09Z</dc:date>
2970.  </item>
2971.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5228">
2972.    <title>CVE-2023-5228</title>
2973.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5228</link>
2974.    <description>The User Registration WordPress plugin before 3.0.4.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).</description>
2975.    <dc:date>2023-11-06T21:15:09Z</dc:date>
2976.  </item>
2977.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5352">
2978.    <title>CVE-2023-5352</title>
2979.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5352</link>
2980.    <description>The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission.</description>
2981.    <dc:date>2023-11-06T21:15:09Z</dc:date>
2982.  </item>
2983.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5354">
2984.    <title>CVE-2023-5354</title>
2985.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5354</link>
2986.    <description>The Awesome Support WordPress plugin before 6.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.</description>
2987.    <dc:date>2023-11-06T21:15:09Z</dc:date>
2988.  </item>
2989.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5355">
2990.    <title>CVE-2023-5355</title>
2991.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5355</link>
2992.    <description>The Awesome Support WordPress plugin before 6.1.5 does not sanitize file paths when deleting temporary attachment files, allowing a ticket submitter to delete arbitrary files on the server.</description>
2993.    <dc:date>2023-11-06T21:15:09Z</dc:date>
2994.  </item>
2995.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5358">
2996.    <title>CVE-2023-5358</title>
2997.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5358</link>
2998.    <description>Improper access control in Report log filters feature in Devolutions Server 2023.2.10.0 and earlier allows attackers to retrieve logs from vaults or entries they are not allowed to access via the report request url query parameters.</description>
2999.    <dc:date>2023-11-01T18:15:09Z</dc:date>
3000.  </item>
3001.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5408">
3002.    <title>CVE-2023-5408</title>
3003.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5408</link>
3004.    <description>A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. A remote attacker who modifies the node role label could steer workloads from the control plane and etcd nodes onto different worker nodes and gain broader access to the cluster.</description>
3005.    <dc:date>2023-11-02T03:15:10Z</dc:date>
3006.  </item>
3007.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5454">
3008.    <title>CVE-2023-5454</title>
3009.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5454</link>
3010.    <description>The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts.</description>
3011.    <dc:date>2023-11-06T21:15:09Z</dc:date>
3012.  </item>
3013.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5480">
3014.    <title>CVE-2023-5480</title>
3015.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5480</link>
3016.    <description>Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High)</description>
3017.    <dc:date>2023-11-01T18:15:09Z</dc:date>
3018.  </item>
3019.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5482">
3020.    <title>CVE-2023-5482</title>
3021.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5482</link>
3022.    <description>Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)</description>
3023.    <dc:date>2023-11-01T18:15:09Z</dc:date>
3024.  </item>
3025.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5530">
3026.    <title>CVE-2023-5530</title>
3027.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5530</link>
3028.    <description>The Ninja Forms Contact Form WordPress plugin before 3.6.34 does not sanitize and escape its label fields, which could allow high privilege users such as admin to perform Stored XSS attacks. Only users with the unfiltered_html capability can perform this, and such users are already allowed to use JS in posts/comments etc however the vendor acknowledged and fixed the issue</description>
3029.    <dc:date>2023-11-06T21:15:10Z</dc:date>
3030.  </item>
3031.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5601">
3032.    <title>CVE-2023-5601</title>
3033.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5601</link>
3034.    <description>The WooCommerce Ninja Forms Product Add-ons WordPress plugin before 1.7.1 does not validate the file to be uploaded, allowing any unauthenticated users to upload arbitrary files to the server, leading to RCE.</description>
3035.    <dc:date>2023-11-06T21:15:10Z</dc:date>
3036.  </item>
3037.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5605">
3038.    <title>CVE-2023-5605</title>
3039.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5605</link>
3040.    <description>The URL Shortify WordPress plugin through 1.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)</description>
3041.    <dc:date>2023-11-06T21:15:10Z</dc:date>
3042.  </item>
3043.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5606">
3044.    <title>CVE-2023-5606</title>
3045.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5606</link>
3046.    <description>The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. NOTE: This vulnerability is a re-introduction of CVE-2023-4253.</description>
3047.    <dc:date>2023-11-02T09:15:08Z</dc:date>
3048.  </item>
3049.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5625">
3050.    <title>CVE-2023-5625</title>
3051.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5625</link>
3052.    <description>A regression was introduced in the Red Hat build of python-eventlet due to a change in the patch application strategy, resulting in a patch for CVE-2021-21419 not being applied for all builds of all products.</description>
3053.    <dc:date>2023-11-01T14:15:38Z</dc:date>
3054.  </item>
3055.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5627">
3056.    <title>CVE-2023-5627</title>
3057.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5627</link>
3058.    <description>A vulnerability has been identified in NPort 6000 Series, making the authentication mechanism vulnerable. This vulnerability arises from the incorrect implementation of sensitive information protection, potentially allowing malicious users to gain unauthorized access to the web service.</description>
3059.    <dc:date>2023-11-01T16:15:08Z</dc:date>
3060.  </item>
3061.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5678">
3062.    <title>CVE-2023-5678</title>
3063.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5678</link>
3064.    <description>Issue summary: Generating excessively long X9.42 DH keys or checking
3065. excessively long X9.42 DH keys or parameters may be very slow.
3066.  
3067. Impact summary: Applications that use the functions DH_generate_key() to
3068. generate an X9.42 DH key may experience long delays.  Likewise, applications
3069. that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()
3070. to check an X9.42 DH key or X9.42 DH parameters may experience long delays.
3071. Where the key or parameters that are being checked have been obtained from
3072. an untrusted source this may lead to a Denial of Service.
3073.  
3074. While DH_check() performs all the necessary checks (as of CVE-2023-3817),
3075. DH_check_pub_key() doesn't make any of these checks, and is therefore
3076. vulnerable for excessively large P and Q parameters.
3077.  
3078. Likewise, while DH_generate_key() performs a check for an excessively large
3079. P, it doesn't check for an excessively large Q.
3080.  
3081. An application that calls DH_generate_key() or DH_check_pub_key() and
3082. supplies a key or parameters obtained from an untrusted source could be
3083. vulnerable to a Denial of Service attack.
3084.  
3085. DH_generate_key() and DH_check_pub_key() are also called by a number of
3086. other OpenSSL functions.  An application calling any of those other
3087. functions may similarly be affected.  The other functions affected by this
3088. are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().
3089.  
3090. Also vulnerable are the OpenSSL pkey command line application when using the
3091. "-pubcheck" option, as well as the OpenSSL genpkey command line application.
3092.  
3093. The OpenSSL SSL/TLS implementation is not affected by this issue.
3094.  
3095. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.</description>
3096.    <dc:date>2023-11-06T16:15:42Z</dc:date>
3097.  </item>
3098.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5707">
3099.    <title>CVE-2023-5707</title>
3100.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5707</link>
3101.    <description>The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</description>
3102.    <dc:date>2023-11-03T13:15:08Z</dc:date>
3103.  </item>
3104.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5719">
3105.    <title>CVE-2023-5719</title>
3106.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5719</link>
3107.    <description>The Crimson 3.2 Windows-based configuration tool allows users with administrative access to define new passwords for users and to download the resulting security configuration to a device. If such a password contains the percent (%) character, invalid values will be included, potentially truncating the string if a NUL is encountered. If the simplified password is not detected by the administrator, the device might be left in a vulnerable state as a result of more-easily compromised credentials. Note that passwords entered via the Crimson system web server do not suffer from this vulnerability.</description>
3108.    <dc:date>2023-11-06T20:15:07Z</dc:date>
3109.  </item>
3110.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5763">
3111.    <title>CVE-2023-5763</title>
3112.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5763</link>
3113.    <description>In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or &amp;lt; 7u201, or &amp;lt; 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.</description>
3114.    <dc:date>2023-11-03T07:15:14Z</dc:date>
3115.  </item>
3116.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5765">
3117.    <title>CVE-2023-5765</title>
3118.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5765</link>
3119.    <description>Improper access control in the password analyzer feature in Devolutions Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to bypass permissions via data source switching.</description>
3120.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3121.  </item>
3122.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5766">
3123.    <title>CVE-2023-5766</title>
3124.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5766</link>
3125.    <description>A remote code execution vulnerability in Remote Desktop Manager 2023.2.33 and earlier on Windows allows an attacker to remotely execute code from another windows user session on the same host via a specially crafted TCP packet.</description>
3126.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3127.  </item>
3128.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5771">
3129.    <title>CVE-2023-5771</title>
3130.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5771</link>
3131.    <description>Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. An unauthenticated attacker can send a specially crafted email with HTML in the subject which triggers XSS when viewing quarantined messages.&amp;Acirc;&amp;nbsp;&amp;Acirc;&amp;nbsp;This issue affects Proofpoint Enterprise Protection: from 8.20.0 before patch 4796, from 8.18.6 before patch 4795 and all other prior versions.</description>
3132.    <dc:date>2023-11-06T21:15:10Z</dc:date>
3133.  </item>
3134.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5777">
3135.    <title>CVE-2023-5777</title>
3136.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5777</link>
3137.    <description>Weintek EasyBuilder Pro contains a vulnerability that, even when the private key is immediately deleted after the crash report transmission is finished, the private key is exposed to the public, which could result in obtaining remote control of the crash report server.</description>
3138.    <dc:date>2023-11-06T20:15:08Z</dc:date>
3139.  </item>
3140.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5823">
3141.    <title>CVE-2023-5823</title>
3142.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5823</link>
3143.    <description>Cross-Site Request Forgery (CSRF) vulnerability in ThemeKraft TK Google Fonts GDPR Compliant plugin &amp;lt;=&amp;Acirc;&amp;nbsp;2.2.11 versions.</description>
3144.    <dc:date>2023-11-06T12:15:08Z</dc:date>
3145.  </item>
3146.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5824">
3147.    <title>CVE-2023-5824</title>
3148.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5824</link>
3149.    <description>Squid is vulnerable to Denial of Service attack against HTTP and HTTPS clients due to an Improper Handling of Structural Elements bug.</description>
3150.    <dc:date>2023-11-03T08:15:08Z</dc:date>
3151.  </item>
3152.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5825">
3153.    <title>CVE-2023-5825</title>
3154.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5825</link>
3155.    <description>An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. A low-privileged attacker can point a CI/CD Component to an incorrect path and cause the server to exhaust all available memory through an infinite loop and cause Denial of Service.</description>
3156.    <dc:date>2023-11-06T11:15:09Z</dc:date>
3157.  </item>
3158.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5831">
3159.    <title>CVE-2023-5831</title>
3160.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5831</link>
3161.    <description>An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before 16.5.1 which have the `super_sidebar_logged_out` feature flag enabled. Affected versions with this default-disabled feature flag enabled may unintentionally disclose GitLab version metadata to unauthorized actors.</description>
3162.    <dc:date>2023-11-06T11:15:09Z</dc:date>
3163.  </item>
3164.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5846">
3165.    <title>CVE-2023-5846</title>
3166.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5846</link>
3167.    <description>Franklin Fueling System TS-550 versions prior to 1.9.23.8960 are vulnerable to attackers decoding admin credentials, resulting in unauthenticated access to the device.</description>
3168.    <dc:date>2023-11-02T17:15:11Z</dc:date>
3169.  </item>
3170.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5847">
3171.    <title>CVE-2023-5847</title>
3172.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5847</link>
3173.    <description>Under certain conditions, a low privileged attacker could load a specially crafted file during installation or upgrade to escalate privileges on Windows and Linux hosts.</description>
3174.    <dc:date>2023-11-01T16:15:08Z</dc:date>
3175.  </item>
3176.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5849">
3177.    <title>CVE-2023-5849</title>
3178.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5849</link>
3179.    <description>Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)</description>
3180.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3181.  </item>
3182.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5850">
3183.    <title>CVE-2023-5850</title>
3184.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5850</link>
3185.    <description>Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)</description>
3186.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3187.  </item>
3188.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5851">
3189.    <title>CVE-2023-5851</title>
3190.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5851</link>
3191.    <description>Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)</description>
3192.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3193.  </item>
3194.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5852">
3195.    <title>CVE-2023-5852</title>
3196.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5852</link>
3197.    <description>Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)</description>
3198.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3199.  </item>
3200.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5853">
3201.    <title>CVE-2023-5853</title>
3202.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5853</link>
3203.    <description>Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)</description>
3204.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3205.  </item>
3206.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5854">
3207.    <title>CVE-2023-5854</title>
3208.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5854</link>
3209.    <description>Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)</description>
3210.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3211.  </item>
3212.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5855">
3213.    <title>CVE-2023-5855</title>
3214.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5855</link>
3215.    <description>Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)</description>
3216.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3217.  </item>
3218.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5856">
3219.    <title>CVE-2023-5856</title>
3220.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5856</link>
3221.    <description>Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)</description>
3222.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3223.  </item>
3224.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5857">
3225.    <title>CVE-2023-5857</title>
3226.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5857</link>
3227.    <description>Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium)</description>
3228.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3229.  </item>
3230.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5858">
3231.    <title>CVE-2023-5858</title>
3232.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5858</link>
3233.    <description>Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)</description>
3234.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3235.  </item>
3236.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5859">
3237.    <title>CVE-2023-5859</title>
3238.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5859</link>
3239.    <description>Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low)</description>
3240.    <dc:date>2023-11-01T18:15:10Z</dc:date>
3241.  </item>
3242.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5860">
3243.    <title>CVE-2023-5860</title>
3244.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5860</link>
3245.    <description>The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.</description>
3246.    <dc:date>2023-11-02T12:15:09Z</dc:date>
3247.  </item>
3248.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5875">
3249.    <title>CVE-2023-5875</title>
3250.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5875</link>
3251.    <description>Mattermost Desktop fails to correctly&amp;Acirc;&amp;nbsp;handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server</description>
3252.    <dc:date>2023-11-02T09:15:08Z</dc:date>
3253.  </item>
3254.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5876">
3255.    <title>CVE-2023-5876</title>
3256.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5876</link>
3257.    <description>Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service.</description>
3258.    <dc:date>2023-11-02T09:15:08Z</dc:date>
3259.  </item>
3260.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5910">
3261.    <title>CVE-2023-5910</title>
3262.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5910</link>
3263.    <description>A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects some unknown processing of the file install.php of the component Web Config. The manipulation of the argument Site Title with the input &amp;lt;script&amp;gt;alert(1)&amp;lt;/script&amp;gt; leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-244229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</description>
3264.    <dc:date>2023-11-02T00:15:23Z</dc:date>
3265.  </item>
3266.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5916">
3267.    <title>CVE-2023-5916</title>
3268.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5916</link>
3269.    <description>A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability.</description>
3270.    <dc:date>2023-11-02T11:15:14Z</dc:date>
3271.  </item>
3272.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5917">
3273.    <title>CVE-2023-5917</title>
3274.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5917</link>
3275.    <description>A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10. This issue affects the function main of the file phpBB/includes/acp/acp_icons.php of the component Smiley Pack Handler. The manipulation of the argument pak leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.3.11 is able to address this issue. The patch is named ccf6e6c255d38692d72fcb613b113e6eaa240aac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-244307.</description>
3276.    <dc:date>2023-11-02T11:15:14Z</dc:date>
3277.  </item>
3278.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5918">
3279.    <title>CVE-2023-5918</title>
3280.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5918</link>
3281.    <description>A vulnerability, which was classified as critical, was found in SourceCodester Visitor Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-244308.</description>
3282.    <dc:date>2023-11-02T12:15:09Z</dc:date>
3283.  </item>
3284.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5919">
3285.    <title>CVE-2023-5919</title>
3286.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5919</link>
3287.    <description>A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-244310 is the identifier assigned to this vulnerability.</description>
3288.    <dc:date>2023-11-02T14:15:13Z</dc:date>
3289.  </item>
3290.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5920">
3291.    <title>CVE-2023-5920</title>
3292.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5920</link>
3293.    <description>Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input.</description>
3294.    <dc:date>2023-11-02T09:15:08Z</dc:date>
3295.  </item>
3296.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5923">
3297.    <title>CVE-2023-5923</title>
3298.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5923</link>
3299.    <description>A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244323.</description>
3300.    <dc:date>2023-11-02T19:15:41Z</dc:date>
3301.  </item>
3302.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5924">
3303.    <title>CVE-2023-5924</title>
3304.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5924</link>
3305.    <description>A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244324.</description>
3306.    <dc:date>2023-11-02T19:15:41Z</dc:date>
3307.  </item>
3308.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5925">
3309.    <title>CVE-2023-5925</title>
3310.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5925</link>
3311.    <description>A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244325 was assigned to this vulnerability.</description>
3312.    <dc:date>2023-11-02T20:15:10Z</dc:date>
3313.  </item>
3314.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5926">
3315.    <title>CVE-2023-5926</title>
3316.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5926</link>
3317.    <description>A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-244326 is the identifier assigned to this vulnerability.</description>
3318.    <dc:date>2023-11-02T20:15:10Z</dc:date>
3319.  </item>
3320.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5927">
3321.    <title>CVE-2023-5927</title>
3322.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5927</link>
3323.    <description>A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-244327.</description>
3324.    <dc:date>2023-11-02T20:15:10Z</dc:date>
3325.  </item>
3326.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5928">
3327.    <title>CVE-2023-5928</title>
3328.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5928</link>
3329.    <description>A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244328.</description>
3330.    <dc:date>2023-11-02T20:15:10Z</dc:date>
3331.  </item>
3332.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5929">
3333.    <title>CVE-2023-5929</title>
3334.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5929</link>
3335.    <description>A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/students/manage_academic.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-244329 was assigned to this vulnerability.</description>
3336.    <dc:date>2023-11-02T21:15:10Z</dc:date>
3337.  </item>
3338.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5930">
3339.    <title>CVE-2023-5930</title>
3340.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5930</link>
3341.    <description>A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-244330 is the identifier assigned to this vulnerability.</description>
3342.    <dc:date>2023-11-02T21:15:10Z</dc:date>
3343.  </item>
3344.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5945">
3345.    <title>CVE-2023-5945</title>
3346.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5945</link>
3347.    <description>The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsive_video_gallery_with_lightbox_video_management_func() function. This makes it possible for unauthenticated attackers to delete videos hosted from the video slider via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.</description>
3348.    <dc:date>2023-11-03T13:15:08Z</dc:date>
3349.  </item>
3350.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5946">
3351.    <title>CVE-2023-5946</title>
3352.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5946</link>
3353.    <description>The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</description>
3354.    <dc:date>2023-11-03T14:15:08Z</dc:date>
3355.  </item>
3356.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5948">
3357.    <title>CVE-2023-5948</title>
3358.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5948</link>
3359.    <description>Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91.</description>
3360.    <dc:date>2023-11-03T07:15:14Z</dc:date>
3361.  </item>
3362.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5950">
3363.    <title>CVE-2023-5950</title>
3364.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5950</link>
3365.    <description>Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. This vulnerability allows attackers to inject JS into the error path, potentially leading to unauthorized execution of scripts within a user's web browser.&amp;Acirc;&amp;nbsp;This vulnerability is fixed in&amp;Acirc;&amp;nbsp;version 0.7.0-04 and a&amp;Acirc;&amp;nbsp;patch is available to download. Patches are also available for version 0.6.9 (0.6.9-1).</description>
3366.    <dc:date>2023-11-06T15:15:14Z</dc:date>
3367.  </item>
3368.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5963">
3369.    <title>CVE-2023-5963</title>
3370.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5963</link>
3371.    <description>An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.</description>
3372.    <dc:date>2023-11-06T13:15:10Z</dc:date>
3373.  </item>
3374.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5964">
3375.    <title>CVE-2023-5964</title>
3376.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5964</link>
3377.    <description>The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions.
3378.  
3379. To remediate this issue DELETE the instruction&amp;Acirc;&amp;nbsp;&amp;acirc;&amp;euro;&amp;oelig;Show dialogue with caption %Caption% and message %Message%&amp;acirc;&amp;euro;&amp;#65533; from the list of instructions in the Settings UI, and replace it with the new instruction&amp;Acirc;&amp;nbsp;1E-Exchange-ShowNotification instruction available in the updated End-User Interaction product pack. The new instruction should show as&amp;Acirc;&amp;nbsp;&amp;acirc;&amp;euro;&amp;oelig;Show %Type% type notification with header %Header% and message %Message%&amp;acirc;&amp;euro;&amp;#65533; with a version of 7.1 or above.</description>
3380.    <dc:date>2023-11-06T13:15:10Z</dc:date>
3381.  </item>
3382.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5967">
3383.    <title>CVE-2023-5967</title>
3384.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5967</link>
3385.    <description>Mattermost fails to properly validate requests to the Calls plugin, allowing an attacker sending a request without a User Agent header to cause a panic and crash the Calls plugin</description>
3386.    <dc:date>2023-11-06T16:15:42Z</dc:date>
3387.  </item>
3388.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5968">
3389.    <title>CVE-2023-5968</title>
3390.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5968</link>
3391.    <description>Mattermost fails to properly sanitize the user object when updating the username, resulting in the password hash being included in the response body.&amp;Acirc;&amp;nbsp;</description>
3392.    <dc:date>2023-11-06T16:15:42Z</dc:date>
3393.  </item>
3394.  <item rdf:about="https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5969">
3395.    <title>CVE-2023-5969</title>
3396.    <link>https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5969</link>
3397.    <description>Mattermost fails to properly sanitize the request to&amp;Acirc;&amp;nbsp;/api/v4/redirect_location allowing an&amp;Acirc;&amp;nbsp;attacker,&amp;Acirc;&amp;nbsp;sending a specially crafted request to /api/v4/redirect_location,&amp;Acirc;&amp;nbsp;to fill up the memory due to caching large items.</description>
3398.    <dc:date>2023-11-06T16:15:42Z</dc:date>
3399.  </item>
3400. </rdf:RDF>
3401.