Lista CVE - 2023 / Ottobre
Visualizzazione 1901 - 2000 di 2690 CVE per Ottobre 2023 (Pagina 20 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-25032 | 2023-10-24 | WordPress Print, PDF, Email by PrintFriendly Plugin <= 5.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45756 | 2023-10-24 | WordPress ApplyOnline – Application Form Builder and Manager Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45758 | 2023-10-24 | WordPress Amministrazione Trasparente Plugin <= 8.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45759 | 2023-10-24 | WordPress Peter’s Custom Anti-Spam Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39924 | 2023-10-24 | WordPress Simple File List Plugin <= 6.1.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45761 | 2023-10-24 | WordPress Sendle Shipping Plugin <= 5.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45764 | 2023-10-24 | WordPress Scroll post excerpt Plugin <= 8.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45767 | 2023-10-24 | WordPress Simple Tweet Plugin <= 1.4.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45768 | 2023-10-24 | WordPress Next Page Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45769 | 2023-10-24 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45832 | 2023-10-24 | WordPress WP GoToWebinar Plugin <= 14.45 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45770 | 2023-10-24 | WordPress Fast WP Speed Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45772 | 2023-10-24 | WordPress Proofreading Plugin <= 1.0.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45829 | 2023-10-24 | WordPress Newsletter & Bulk Email Sender Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45833 | 2023-10-24 | WordPress LeadSquared Suite Plugin <= 0.7.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-45835 | 2023-10-24 | WordPress Libsyn Publisher Hub Plugin <= 1.4.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5721 | 2023-10-24 | It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an insufficient activation-delay. This vulnerability affects Firefox < 119, Firefox... |
| CVE-2023-5722 | 2023-10-24 | Using iterative requests an attacker was able to learn the size of an opaque response, as well as the contents of a server-supplied Vary header. This vulnerability affects Firefox <... |
| CVE-2023-5723 | 2023-10-24 | An attacker with temporary script access to a site could have set a cookie containing invalid characters using `document.cookie` that could have led to unknown errors. This vulnerability affects Firefox... |
| CVE-2023-5724 | 2023-10-24 | Drivers are not always robust to extremely large draw calls and in some cases this scenario could have led to a crash. This vulnerability affects Firefox < 119, Firefox ESR... |
| CVE-2023-5725 | 2023-10-24 | A malicious installed WebExtension could open arbitrary URLs, which under the right circumstance could be leveraged to collect sensitive user data. This vulnerability affects Firefox < 119, Firefox ESR <... |
| CVE-2023-5726 | 2023-10-24 | A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. *Note: This issue only... |
| CVE-2023-5727 | 2023-10-24 | The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. *Note: This issue only affected Windows operating... |
| CVE-2023-5728 | 2023-10-24 | During garbage collection extra operations were performed on a object that should not be. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 119, Firefox... |
| CVE-2023-5729 | 2023-10-24 | A malicious web site can enter fullscreen mode while simultaneously triggering a WebAuthn prompt. This could have obscured the fullscreen notification and could have been leveraged in a spoofing attack.... |
| CVE-2023-5730 | 2023-10-24 | Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some... |
| CVE-2023-5731 | 2023-10-24 | Memory safety bugs present in Firefox 118. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited... |
| CVE-2023-5732 | 2023-10-24 | An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects Firefox < 117, Firefox ESR <... |
| CVE-2023-45837 | 2023-10-24 | WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46068 | 2023-10-24 | WordPress Maileon Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46069 | 2023-10-24 | WordPress Ajax Archive Calendar Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46070 | 2023-10-24 | WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46071 | 2023-10-24 | WordPress Protección de Datos RGPD Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5745 | 2023-10-24 | The Reusable Text Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'text-blocks' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output... |
| CVE-2023-5127 | 2023-10-24 | The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping... |
| CVE-2023-5085 | 2023-10-24 | The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and output... |
| CVE-2023-5110 | 2023-10-24 | The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input sanitization and output... |
| CVE-2023-5126 | 2023-10-24 | The Delete Me plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'plugin_delete_me' shortcode in versions up to, and including, 3.0 due to insufficient input sanitization and output escaping... |
| CVE-2023-5740 | 2023-10-24 | The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to... |
| CVE-2023-5744 | 2023-10-24 | The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient... |
| CVE-2023-20273 | 2023-10-24 | A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due... |
| CVE-2023-46128 | 2023-10-24 | Exposure of hashed user passwords via REST API in Nautobot |
| CVE-2023-5363 | 2023-10-24 | Incorrect cipher key & IV length processing |
| CVE-2023-5753 | 2023-10-24 | Potential buffer overflow vulnerabilities in the Zephyr Bluetooth subsystem |
| CVE-2023-42031 | 2023-10-24 | IBM CICS TX denial of service |
| CVE-2023-43506 | 2023-10-24 | Local Privilege Escalation in ClearPass OnGuard Linux Agent |
| CVE-2023-43507 | 2023-10-24 | Authenticated SQL Injection Vulnerability in ClearPass Policy Manager Web-based Management Interface |
| CVE-2023-43508 | 2023-10-24 | Authorization Bypass Leading to Privilege Escalation in ClearPass Policy Manager Web-Based Management Interface |
| CVE-2023-43509 | 2023-10-24 | Unauthenticated Endpoint Allows Sending Arbitrary OnGuard Notifications |
| CVE-2023-43510 | 2023-10-24 | Authenticated Remote Command Injection in ClearPass Policy Manager Web-Based Management Interface Leading to Partial System Compromise |
| CVE-2023-39231 | 2023-10-24 | PingFederate PingOne MFA IK Device Pairing Second Factor Authentication Bypass |
| CVE-2023-5758 | 2023-10-24 | When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. This vulnerability affects Firefox for iOS... |
| CVE-2023-41339 | 2023-10-24 | Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF in GeoServer |
| CVE-2023-4606 | 2023-10-24 | An authenticated XCC user with Read-Only permission can change a different user’s password through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem v1 servers... |
| CVE-2023-4607 | 2023-10-24 | An authenticated XCC user can change permissions for any user through a crafted API command. |
| CVE-2023-4608 | 2023-10-24 | An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. This affects ThinkSystem v2 and v3 servers with XCC; ThinkSystem... |
| CVE-2023-3112 | 2023-10-24 | A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges. |
| CVE-2022-0353 | 2023-10-24 | A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative... |
| CVE-2022-3698 | 2023-10-24 | A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative... |
| CVE-2022-3699 | 2023-10-24 | A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code... |
| CVE-2023-39930 | 2023-10-24 | PingFederate PingID Radius PCV Authentication Bypass |
| CVE-2023-5752 | 2023-10-24 | Mercurial configuration injectable in repo revision when installing via pip |
| CVE-2023-5568 | 2023-10-24 | Samba: heap buffer overflow with freshness tokens in the heimdal kdc |
| CVE-2023-26219 | 2023-10-24 | TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability |
| CVE-2023-46126 | 2023-10-24 | Fides JavaScript Injection Vulnerability in Privacy Center URL |
| CVE-2023-43795 | 2023-10-24 | WPS Server Side Request Forgery in GeoServer |
| CVE-2023-46125 | 2023-10-24 | Fides Information Disclosure Vulnerability in Config API Endpoint |
| CVE-2023-46124 | 2023-10-24 | Server-Side Request Forgery Vulnerability in Custom Integration Upload |
| CVE-2023-46120 | 2023-10-24 | RabbitMQ Java client's lack of message size limitation leads to remote DoS attack |
| CVE-2023-46118 | 2023-10-24 | Denial of Service by publishing large messages over the HTTP API |
| CVE-2023-46136 | 2023-10-24 | Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning |
| CVE-2023-38845 | 2023-10-25 | An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. |
| CVE-2023-38846 | 2023-10-25 | An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. |
| CVE-2023-38847 | 2023-10-25 | An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. |
| CVE-2023-38848 | 2023-10-25 | An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. |
| CVE-2023-38849 | 2023-10-25 | An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. |
| CVE-2023-43905 | 2023-10-25 | Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. |
| CVE-2023-43906 | 2023-10-25 | Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. |
| CVE-2023-43961 | 2023-10-25 | An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. |
| CVE-2023-44794 | 2023-10-25 | An issue in Dromara SaToken version 1.36.0 and before allows a remote attacker to escalate privileges via a crafted payload to the URL. |
| CVE-2023-46345 | 2023-10-25 | Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c. |
| CVE-2023-46346 | 2023-10-25 | In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 4.1.1 from MyPrestaModules for PrestaShop, a guest can download personal information without restriction by performing... |
| CVE-2023-46347 | 2023-10-25 | In the module "Step by Step products Pack" (ndk_steppingpack) version 1.5.6 and before from NDK Design for PrestaShop, a guest can perform SQL injection. The method `NdkSpack::getPacks()` has sensitive SQL... |
| CVE-2023-46358 | 2023-10-25 | In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Method `ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate` has sensitive SQL calls that can... |
| CVE-2023-46396 | 2023-10-25 | Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters. |
| CVE-2023-46408 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 41DD80 function. |
| CVE-2023-46409 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ 41CC04 function. |
| CVE-2023-46410 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_ The 416F60 function. |
| CVE-2023-46411 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_415258 function. |
| CVE-2023-46412 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_41D998 function. |
| CVE-2023-46413 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a command execution vulnerability via the sub_4155DC function. |
| CVE-2023-46414 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ 41D494 function. |
| CVE-2023-46415 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41E588 function. |
| CVE-2023-46416 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_ The 41A414 function. |
| CVE-2023-46417 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415498 function. |
| CVE-2023-46418 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_412688 function. |
| CVE-2023-46419 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_415730 function. |
| CVE-2023-46420 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_41590C function. |
| CVE-2023-46421 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411D00 function. |
| CVE-2023-46422 | 2023-10-25 | TOTOLINK X6000R v9.4.0cu.652_B20230116 was discovered to contain a remote command execution (RCE) vulnerability via the sub_411994 function. |