LiveActive security incident?Get immediate response
CVE archive

March 2023

Browse CVE records published in March 2023, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 2468 matching CVEs · Page 1 of 50.

Medium · CVSS 5.4

CVE-2023-23326: A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7.

A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an administrator's session cookie and hijacking their session.

Published Mar 10, 2023 · Updated Jul 9, 2026

Critical · CVSS 9.3

CVE-2023-42789: A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, F...

A out-of-bounds write vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Published Mar 12, 2024 · Updated Jul 8, 2026

High · CVSS 7.7

CVE-2023-42790: A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through...

A stack-based buffer overflow vulnerability in Fortinet FortiOS 7.4.0 through 7.4.1, FortiOS 7.2.0 through 7.2.5, FortiOS 7.0.0 through 7.0.12, FortiOS 6.4.0 through 6.4.14, FortiOS 6.2.0 through 6.2.15, FortiProxy 7.4.0, FortiProxy 7.2.0 through 7.2.6, FortiProxy 7.0.0 through 7.0.12, FortiProxy 2.0.0 through 2.0.13, FortiSASE 23.2.b allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.

Published Mar 12, 2024 · Updated Jul 8, 2026

High · CVSS 7.5

CVE-2023-25262: Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF).

Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). TThe Reporting Designer (Web) offers the possibility to embed sources from external locations. If the user chooses an external location, the request to that resource is performed by the server rather than the client. Therefore, the server causes outbound traffic and potentially imports data. An attacker may also leverage this behaviour to exfiltrate data of machines on the internal network of the server hosting the Stimulsoft Reporting Designer (Web).

Published Mar 28, 2023 · Updated Jul 5, 2026

Unknown · CVSS Not scored

CVE-2023-25261: Certain Stimulsoft GmbH products are affected by: Remote Code Execution.

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. This affects Stimulsoft Designer (Desktop) 2023.1.4 and Stimulsoft Designer (Web) 2023.1.3 and Stimulsoft Viewer (Web) 2023.1.3. Access to the local file system is not prohibited in any way. Therefore, an attacker may include source code which reads or writes local directories and files. It is also possible for the attacker to prepare a report which has a variable that holds the gathered data and render it in the report.

Published Mar 27, 2023 · Updated Jul 5, 2026

High · CVSS 8.8

CVE-2023-43010: The issue was addressed with improved memory handling.

The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. Processing maliciously crafted web content may lead to memory corruption.

Published Mar 12, 2026 · Updated Jun 30, 2026

Critical · CVSS 9.8

CVE-2023-1152: SQLi in Utarit Persolus

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection. This issue affects Persolus: before 2.03.93.

Published Mar 17, 2023 · Updated Jun 1, 2026

Critical · CVSS 9.8

CVE-2023-1153: SQLi in Pacsrapor

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pacsrapor allows SQL Injection, Command Line Execution through SQL Injection. This issue affects Pacsrapor: before 1.22.

Published Mar 21, 2023 · Updated Jun 1, 2026

Medium · CVSS 6.1

CVE-2023-1154: XSS in Pacsrapor

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS. This issue affects Pacsrapor: before 1.22.

Published Mar 21, 2023 · Updated Jun 1, 2026

Critical · CVSS 9.8

CVE-2023-1198: SQLi in Saysis Starcities

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection. This issue affects Starcities: through 1.3.

Published Mar 10, 2023 · Updated Jun 1, 2026

Critical · CVSS 9.8

CVE-2023-1251: SQLi in Wolvox

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox. This issue affects Wolvox: before 8.02.03.

Published Mar 9, 2023 · Updated Jun 1, 2026