CWE-20 <span class="text-2xl md:text-3xl font-bold ml-2" style="color:var(--text-secondary)">— Improper Input Validation

CVE-2023-34440HIGHCVSS 7.5EG 7.5

Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access

2025-02-12

Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2023-34448HIGHCVSS 8.8EG 8.8

2023-06-14

Grav is a flat-file content management system. Prior to version 1.7.42, the patch for CVE-2022-2073, a server-side template injection vulnerability in Grav leveraging the default `filter()` function, did not block other built-in functions …

CVE-2023-34457MEDIUMCVSS 5.9EG 5.9

2023-07-05

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML …

CVE-2023-3456MEDIUMCVSS 5.3EG 5.3

2023-07-06

Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2023-3466HIGHCVSS 8.3EG 8.3

2023-07-19

Reflected Cross-Site Scripting (XSS)

CVE-2023-34983MEDIUMCVSS 4.3EG 6.5

2024-02-14

Improper input validation for some Intel(R) PROSet/Wireless and Intel(R) Killer(TM) Wi-Fi software before version 22.240 may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVE-2023-35136MEDIUMCVSS 5.5EG 5.5

2023-11-28

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5…

CVE-2023-35163MEDIUMCVSS 6.0EG 6.0

2023-06-23

Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing pa…

CVE-2023-35303HIGHCVSS 8.8EG 8.8

CVE-2023-35306MEDIUMCVSS 5.5EG 5.5

USB Audio Class System Driver Remote Code Execution Vulnerability

CVE-2023-35336MEDIUMCVSS 6.5EG 6.5

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability

CVE-2023-35349CRITICALCVSS 9.8EG 9.8

Windows MSHTML Platform Security Feature Bypass Vulnerability

CVE-2023-35365CRITICALCVSS 9.8EG 9.8

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2023-35366CRITICALCVSS 9.8EG 9.8

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2023-35367CRITICALCVSS 9.8EG 9.8

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

CVE-2023-35368HIGHCVSS 8.8EG 8.8

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

2023-08-08

Microsoft Exchange Remote Code Execution Vulnerability

CVE-2023-35376MEDIUMCVSS 6.5EG 6.5

2023-08-08

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2023-35377MEDIUMCVSS 6.5EG 6.5

2023-08-08

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2023-35619MEDIUMCVSS 5.3EG 5.3

2023-12-12

Microsoft Outlook for Mac Spoofing Vulnerability

CVE-2023-3568MEDIUMCVSS 6.3EG 4.8

2023-07-10

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

CVE-2023-35797CRITICALCVSS 9.8EG 9.8

2023-07-03

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check t…

CVE-2023-35798MEDIUMCVSS 4.3EG 4.3

2023-06-27

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it requires DAG code to use `get_sqlalchemy_con…

CVE-2023-35936MEDIUMCVSS 6.1EG 6.1

2023-07-05

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerabili…

CVE-2023-35944HIGHCVSS 8.2EG 8.2

2023-07-25

Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, a…

CVE-2023-36021HIGHCVSS 8.0EG 8.0

CVE-2023-36049HIGHCVSS 7.6EG 7.6

Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability

CVE-2023-36406MEDIUMCVSS 5.5EG 5.5

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVE-2023-36407HIGHCVSS 7.8EG 7.8

Windows Hyper-V Information Disclosure Vulnerability

CVE-2023-36462MEDIUMCVSS 5.4EG 5.4

Windows Hyper-V Elevation of Privilege Vulnerability

2023-07-06

Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitra…

CVE-2023-36466LOWCVSS 3.5EG 3.5

2023-07-14

Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The i…

CVE-2023-36505MEDIUMCVSS 6.8EG 6.8

2024-04-17

Improper Input Validation vulnerability in Saturday Drive Ninja Forms Contact Form.This issue affects Ninja Forms Contact Form : from n/a through 3.6.24.

CVE-2023-36563MEDIUMCVSS 6.5EG 9.0⚠ KEV

CVE-2023-36566MEDIUMCVSS 6.5EG 6.5

Microsoft WordPad Information Disclosure Vulnerability

CVE-2023-36585HIGHCVSS 7.5EG 7.5

Microsoft Common Data Model SDK Denial of Service Vulnerability

CVE-2023-36619CRITICALCVSS 9.8EG 9.8

Windows upnphost.dll Denial of Service Vulnerability

2023-10-04

Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.

CVE-2023-36674MEDIUMCVSS 5.3EG 5.3

2023-08-20

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthu…

CVE-2023-36697MEDIUMCVSS 6.8EG 6.8

CVE-2023-36706MEDIUMCVSS 6.5EG 6.5

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2023-36707MEDIUMCVSS 6.5EG 6.5

Windows Deployment Services Information Disclosure Vulnerability

CVE-2023-36719HIGHCVSS 7.8EG 8.4

Windows Deployment Services Denial of Service Vulnerability

CVE-2023-36731HIGHCVSS 7.8EG 7.8

Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability

CVE-2023-3676HIGHCVSS 8.8EG 8.8

Win32k Elevation of Privilege Vulnerability

2023-10-31

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they include Windows nodes.

CVE-2023-36761MEDIUMCVSS 6.5EG 9.0⚠ KEV

2023-09-12

Microsoft Word Information Disclosure Vulnerability

CVE-2023-36762HIGHCVSS 7.3EG 7.3

2023-09-12

Microsoft Word Remote Code Execution Vulnerability

CVE-2023-36767MEDIUMCVSS 4.3EG 4.3

2023-09-12

Microsoft Office Security Feature Bypass Vulnerability

CVE-2023-36821HIGHCVSS 8.8EG 8.8

2023-07-05

Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install pl…

CVE-2023-36860HIGHCVSS 7.1EG 7.1

CVE-2023-36872MEDIUMCVSS 5.5EG 5.5

Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via network access.