LiveActive security incident?Get immediate response
CVE archive

September 2023

Browse CVE records published in September 2023, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 2396 matching CVEs · Page 1 of 48.

Unknown · CVSS Not scored

CVE-2023-40985: An issue was discovered in Webmin 2.100.

An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.

Published Sep 15, 2023 · Updated Jul 9, 2026

Unknown · CVSS Not scored

CVE-2023-40932: A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attac...

A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.

Published Sep 19, 2023 · Updated Jul 9, 2026

Medium · CVSS 4.8

CVE-2023-4039: GCC's-fstack-protector fails to guard dynamically-sized local variables on AArch64

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself.

Published Sep 13, 2023 · Updated Jun 23, 2026