Common Vulnerabilities and Exposures (CVE)

CVE-2023-46958

Jul 9, 2026 00:28:47 UTC

An issue in lmxcms v.1.41 allows a remote attacker to execute arbitrary code via a crafted script to the admin.php file.

CVE-2023-46952

Jul 9, 2026 00:28:45 UTC

Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.

CVE-2023-46474

Jul 9, 2026 00:28:44 UTC

File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file.

CVE-2023-46360

Jul 9, 2026 00:28:43 UTC

Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier is vulnerable to Execution with Unnecessary Privileges.

CVE-2023-46359

Jul 9, 2026 00:28:42 UTC

An OS command injection vulnerability in Hardy Barth cPH2 eCharge Ladestation v1.87.0 and earlier, may allow an unauthenticated remote attacker to execute arbitrary commands on the system via a specifically crafted arguments passed to the c...

CVE-2023-46344

Jul 9, 2026 00:28:41 UTC

A vulnerability in Solar-Log Base 15 Firmware 6.0.1 Build 161, and possibly other Solar-Log Base products, allows an attacker to escalate their privileges by exploiting a stored cross-site scripting (XSS) vulnerability in the switch group f...

CVE-2023-46010

Jul 9, 2026 00:28:39 UTC

An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.

CVE-2023-45992

Jul 9, 2026 00:28:38 UTC

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin managem...

CVE-2023-45559

Jul 9, 2026 00:28:37 UTC

An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.

CVE-2023-45379

Jul 9, 2026 00:28:36 UTC

In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection.

CVE-2023-43896

Jul 9, 2026 00:28:34 UTC

A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.

CVE-2023-43856

Jul 9, 2026 00:28:33 UTC

Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.

CVE-2023-43336

Jul 9, 2026 00:28:32 UTC

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to extension=101.

CVE-2023-43303

Jul 9, 2026 00:28:31 UTC

An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token (via captured network traffic).

CVE-2023-43278

Jul 9, 2026 00:28:29 UTC

A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.