Lista CVE - 2023 / Ottobre
Visualizzazione 2601 - 2690 di 2690 CVE per Ottobre 2023 (Pagina 27 di 27)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-47096 | 2023-10-31 | A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services Client under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Cloudmin... |
| CVE-2023-47097 | 2023-10-31 | A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template under System Setting in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the Template name... |
| CVE-2023-47098 | 2023-10-31 | A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra Admins under Administration Options in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via the real... |
| CVE-2023-47099 | 2023-10-31 | A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual Server in Virtualmin 7.7 allows remote attackers to inject arbitrary web script or HTML via Description field while creating the... |
| CVE-2023-47174 | 2023-10-31 | Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Also, within the... |
| CVE-2023-38994 | 2023-10-31 | The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with local ssh access... |
| CVE-2023-5862 | 2023-10-31 | Missing Authorization in hamza417/inure |
| CVE-2023-5861 | 2023-10-31 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2023-5863 | 2023-10-31 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq |
| CVE-2023-5864 | 2023-10-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-5865 | 2023-10-31 | Insufficient Session Expiration in thorsten/phpmyfaq |
| CVE-2023-5867 | 2023-10-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-5866 | 2023-10-31 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq |
| CVE-2023-46210 | 2023-10-31 | WordPress WC Captcha Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5873 | 2023-10-31 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-5428 | 2023-10-31 | The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on... |
| CVE-2023-5464 | 2023-10-31 | The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user... |
| CVE-2023-5412 | 2023-10-31 | The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on... |
| CVE-2023-5435 | 2023-10-31 | The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on... |
| CVE-2023-5434 | 2023-10-31 | The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user... |
| CVE-2023-5430 | 2023-10-31 | The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user... |
| CVE-2023-5439 | 2023-10-31 | The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on... |
| CVE-2023-5429 | 2023-10-31 | The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied... |
| CVE-2023-5431 | 2023-10-31 | The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on... |
| CVE-2023-5438 | 2023-10-31 | The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user... |
| CVE-2023-5437 | 2023-10-31 | The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on... |
| CVE-2023-5436 | 2023-10-31 | The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied... |
| CVE-2023-5433 | 2023-10-31 | The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied... |
| CVE-2023-46312 | 2023-10-31 | WordPress Smart Online Order for Clover Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2015-0897 | 2023-10-31 | LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result,... |
| CVE-2015-2968 | 2023-10-31 | LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be... |
| CVE-2023-46313 | 2023-10-31 | WordPress Zotpress Plugin <= 7.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46622 | 2023-10-31 | WordPress WPPizza Plugin <= 3.18.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40681 | 2023-10-31 | WordPress Groundhogg Plugin <= 2.7.11.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-3007 | 2023-10-31 | Unauthorized Access Vulnerability in Syska SW100 Smartwatch |
| CVE-2023-5073 | 2023-10-31 | The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output... |
| CVE-2023-5114 | 2023-10-31 | The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output... |
| CVE-2023-5099 | 2023-10-31 | The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode.... |
| CVE-2016-1203 | 2023-10-31 | Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful... |
| CVE-2023-5116 | 2023-10-31 | The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient input... |
| CVE-2023-25045 | 2023-10-31 | WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection |
| CVE-2023-25047 | 2023-10-31 | WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection |
| CVE-2023-24000 | 2023-10-31 | WordPress GamiPress Plugin <= 2.5.7 is vulnerable to SQL Injection |
| CVE-2023-5229 | 2023-10-31 | E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping |
| CVE-2023-5360 | 2023-10-31 | Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload |
| CVE-2023-5458 | 2023-10-31 | CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG |
| CVE-2023-4823 | 2023-10-31 | WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS |
| CVE-2023-5307 | 2023-10-31 | Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers |
| CVE-2023-5243 | 2023-10-31 | Login screen manager <= 3.5.2 - Admin+ Stored XSS |
| CVE-2023-5238 | 2023-10-31 | EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter |
| CVE-2023-5098 | 2023-10-31 | Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update |
| CVE-2023-5519 | 2023-10-31 | EventPrime < 3.2.0 - Booking Creation via CSRF |
| CVE-2023-5237 | 2023-10-31 | Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-4390 | 2023-10-31 | Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-5211 | 2023-10-31 | Fattura24 < 6.2.8 - Reflected Cross-Site Scripting |
| CVE-2023-4251 | 2023-10-31 | EventPrime < 3.2.0 - Booking Creation via CSRF |
| CVE-2023-4836 | 2023-10-31 | WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR |
| CVE-2023-4250 | 2023-10-31 | EventPrime < 3.2.0 - Reflected XSS |
| CVE-2023-28777 | 2023-10-31 | WordPress LearnDash LMS Plugin <= 4.5.3 is vulnerable to SQL Injection |
| CVE-2023-31212 | 2023-10-31 | WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection |
| CVE-2023-40050 | 2023-10-31 | Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application |
| CVE-2023-42658 | 2023-10-31 | InSpec Archive Command Vulnerable to Maliciously Crafted Profile |
| CVE-2023-33927 | 2023-10-31 | WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL Injection |
| CVE-2023-35879 | 2023-10-31 | WordPress WooCommerce Product Vendors Plugin <= 2.1.78 is vulnerable to SQL Injection |
| CVE-2023-36508 | 2023-10-31 | WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection |
| CVE-2023-46235 | 2023-10-31 | FOG stored XSS on log screen via unsanitized request logging |
| CVE-2023-24410 | 2023-10-31 | WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection |
| CVE-2023-22518 | 2023-10-31 | All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance... |
| CVE-2023-46236 | 2023-10-31 | FOG SSRF via unauthenticated endpoint(s) |
| CVE-2023-37243 | 2023-10-31 | The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Since the C:\Windows\Temp\Agent.Package.Availability folder inherits permissions from C:\Windows\Temp and Agent.Package.Availability.exe is susceptible to DLL hijacking, standard users can... |
| CVE-2023-37966 | 2023-10-31 | WordPress User Activity Log Plugin <= 1.6.2 is vulnerable to SQL Injection |
| CVE-2023-46237 | 2023-10-31 | FOG path traversal via unauthenticated endpoint |
| CVE-2023-46239 | 2023-10-31 | quic-go vulnerable to pointer dereference that can lead to panic |
| CVE-2023-46240 | 2023-10-31 | CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment |
| CVE-2023-46245 | 2023-10-31 | Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File |
| CVE-2023-46248 | 2023-10-31 | Overwrite of builtin Cody commands facilitates RCE |
| CVE-2023-46249 | 2023-10-31 | authentik potential installation takeover when default admin user is deleted |
| CVE-2023-46250 | 2023-10-31 | pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF |
| CVE-2023-46255 | 2023-10-31 | `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed |
| CVE-2023-46256 | 2023-10-31 | PX4-Autopilot Heap Buffer Overflow Bug |
| CVE-2023-46723 | 2023-10-31 | lte-pic32-writer's sendto.txt may disclose URL and the API key |
| CVE-2023-46722 | 2023-10-31 | Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews |
| CVE-2023-5739 | 2023-10-31 | Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. |
| CVE-2023-43796 | 2023-10-31 | Synapse vulnerable to leak of remote user device information |
| CVE-2023-3676 | 2023-10-31 | Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation |
| CVE-2023-3955 | 2023-10-31 | Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation |
| CVE-2023-20886 | 2023-10-31 | VMware Workspace ONE UEM console contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker and retrieve their SAML response to login... |
| CVE-2023-44484 | 2023-10-31 | Online Blood Donation Management System v1.0 - Stored Cross-Site Scripting (XSS) |
| CVE-2023-46278 | 2023-10-31 | Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to 4.1.1 allows a remote authenticated attacker to consume huge storage space or cause significantly delayed communication. |
| CVE-2023-39281 | 2023-11-01 | A stack buffer overflow vulnerability discovered in AsfSecureBootDxe in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to run arbitrary code execution during the DXE phase. |
| CVE-2023-44025 | 2023-11-01 | SQL injection vulnerability in addify Addifyfreegifts v.1.0.2 and before allows a remote attacker to execute arbitrary code via a crafted script to the getrulebyid function in the AddifyfreegiftsModel.php component. |
| CVE-2023-44954 | 2023-11-01 | Cross Site Scripting vulnerability in BigTree CMS v.4.5.7 allows a remote attacker to execute arbitrary code via the ID parameter in the Developer Settings functions. |
| CVE-2023-46428 | 2023-11-01 | An arbitrary file upload vulnerability in HadSky v7.12.10 allows attackers to execute arbitrary code via a crafted file. |
| CVE-2023-46448 | 2023-11-01 | Reflected Cross-Site Scripting (XSS) vulnerability in dmpop Mejiro Commit Versions Prior To 3096393 allows attackers to run arbitrary code via crafted string in metadata of uploaded images. |
| CVE-2023-46482 | 2023-11-01 | SQL injection vulnerability in wuzhicms v.4.1.0 allows a remote attacker to execute arbitrary code via the Database Backup Functionality in the coreframe/app/database/admin/index.php component. |
| CVE-2023-46911 | 2023-11-01 | There is a Cross Site Scripting (XSS) vulnerability in the choose_style_tree.do interface of Jspxcms v10.2.0 backend. |
| CVE-2023-46927 | 2023-11-01 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in gf_isom_use_compact_size gpac/src/isomedia/isom_write.c:3403:3 in gpac/MP4Box. |
| CVE-2023-46928 | 2023-11-01 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_media_change_pl /afltest/gpac/src/media_tools/isom_tools.c:3293:42. |
| CVE-2023-46930 | 2023-11-01 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a SEGV in gpac/MP4Box in gf_isom_find_od_id_for_track /afltest/gpac/src/isomedia/media_odf.c:522:14. |
| CVE-2023-46931 | 2023-11-01 | GPAC 2.3-DEV-rev605-gfc9e29089-master contains a heap-buffer-overflow in ffdmx_parse_side_data /afltest/gpac/src/filters/ff_dmx.c:202:14 in gpac/MP4Box. |