Lista CVE - 2023 / Novembre
Visualizzazione 1601 - 1700 di 2443 CVE per Novembre 2023 (Pagina 17 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-40810 | 2023-11-18 | OpenCRX version 5.2.0 is vulnerable to HTML injection via Product Name Field. |
| CVE-2023-40812 | 2023-11-18 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Group Name Field. |
| CVE-2023-40813 | 2023-11-18 | OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Saved Search Creation. |
| CVE-2023-40814 | 2023-11-18 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Accounts Name Field. |
| CVE-2023-40815 | 2023-11-18 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Category Creation Name Field. |
| CVE-2023-40816 | 2023-11-18 | OpenCRX version 5.2.0 is vulnerable to HTML injection via Activity Milestone Name Field. |
| CVE-2023-40817 | 2023-11-18 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Product Configuration Name Field. |
| CVE-2023-48017 | 2023-11-18 | Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. |
| CVE-2023-48736 | 2023-11-18 | In International Color Consortium DemoIccMAX 3e7948b, CIccCLUT::Interp2d in IccTagLut.cpp in libSampleICC.a has an out-of-bounds read. |
| CVE-2023-4214 | 2023-11-18 | The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code,... |
| CVE-2023-6187 | 2023-11-18 | The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This... |
| CVE-2023-40363 | 2023-11-18 | IBM InfoSphere Information Server privilege escalation |
| CVE-2023-38361 | 2023-11-18 | IBM CICS TX Advanced information disclosure |
| CVE-2023-47685 | 2023-11-18 | WordPress Preloader Matrix Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47672 | 2023-11-18 | WordPress WP Category Post List Widget Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47671 | 2023-11-18 | WordPress Vertical scroll recent post Plugin <= 14.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47670 | 2023-11-18 | WordPress Korea SNS Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47667 | 2023-11-18 | WordPress WP Full Stripe Free plugin <= 7.0.16 - Cross Site Request Forgery (CSRF) vulnerability on every Setting Save |
| CVE-2023-47666 | 2023-11-18 | WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47664 | 2023-11-18 | WordPress Plainview Protect Passwords Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47655 | 2023-11-18 | WordPress ANAC XML Bandi di Gara Plugin <= 7.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47651 | 2023-11-18 | WordPress WP Links Page Plugin <= 4.9.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47650 | 2023-11-18 | WordPress Add Local Avatar Plugin <= 12.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47649 | 2023-11-18 | WordPress Best Restaurant Menu by PriceListo Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47644 | 2023-11-18 | WordPress ProfileGrid Plugin <= 5.6.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47556 | 2023-11-18 | WordPress Device Theme Switcher Plugin <= 3.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47553 | 2023-11-18 | WordPress UserHeat Plugin Plugin <= 1.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47552 | 2023-11-18 | WordPress Image Hover Effects Plugin <= 5.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47551 | 2023-11-18 | WordPress Donations Made Easy – Smart Donations Plugin <= 4.0.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47531 | 2023-11-18 | WordPress Droit Dark Mode Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47519 | 2023-11-18 | WordPress WooCommerce Product Table Lite Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47243 | 2023-11-18 | WordPress MSHOP MY SITE Plugin <= 1.1.6 is vulnerable to Broken Access Control |
| CVE-2023-41129 | 2023-11-18 | WordPress Patreon WordPress Plugin <= 1.8.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25985 | 2023-11-18 | WordPress WordPress Tooltips Plugin <= 8.2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32514 | 2023-11-18 | WordPress Google Site Verification plugin using Meta Tag Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32504 | 2023-11-18 | WordPress Wise Chat Plugin <= 3.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32245 | 2023-11-18 | WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2023-31089 | 2023-11-18 | WordPress Video XML Sitemap Generator Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31075 | 2023-11-18 | WordPress Easy Hide Login Plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28780 | 2023-11-18 | WordPress Yoast SEO: Local Plugin <= 14.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5341 | 2023-11-19 | Imagemagick: heap use-after-free in coders/bmp.c |
| CVE-2023-38879 | 2023-11-20 | The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of 'DownloadWindow.php'. |
| CVE-2023-38880 | 2023-11-20 | The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Whenever an admin generates a database backup, the backup is... |
| CVE-2023-38881 | 2023-11-20 | A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user,... |
| CVE-2023-38882 | 2023-11-20 | A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user,... |
| CVE-2023-38883 | 2023-11-20 | A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a user,... |
| CVE-2023-38884 | 2023-11-20 | An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>' |
| CVE-2023-38885 | 2023-11-20 | OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. This may allow an attacker to trick an authenticated user into performing any kind... |
| CVE-2023-46470 | 2023-11-20 | Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser. |
| CVE-2023-46990 | 2023-11-20 | Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. |
| CVE-2023-47172 | 2023-11-20 | Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, and WithSecure Elements Endpoint Protection 17 and... |
| CVE-2023-47311 | 2023-11-20 | An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking. |
| CVE-2023-47417 | 2023-11-20 | Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload. |
| CVE-2023-48039 | 2023-11-20 | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. |
| CVE-2023-48051 | 2023-11-20 | An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. |
| CVE-2023-48090 | 2023-11-20 | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329. |
| CVE-2023-48109 | 2023-11-20 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2023-48110 | 2023-11-20 | Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2023-48111 | 2023-11-20 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . This vulnerability allows attackers to cause a Denial of Service (DoS)... |
| CVE-2023-48176 | 2023-11-20 | An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). |
| CVE-2023-48192 | 2023-11-20 | An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. |
| CVE-2023-38823 | 2023-11-20 | Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. |
| CVE-2023-46471 | 2023-11-20 | Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer. |
| CVE-2023-46700 | 2023-11-20 | SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary... |
| CVE-2023-47175 | 2023-11-20 | Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an arbitrary... |
| CVE-2023-3379 | 2023-11-20 | WAGO: Improper Privilege Management in web-based management |
| CVE-2023-46302 | 2023-11-20 | Apache Submarine: Fix CVE-2022-1471 SnakeYaml unsafe deserialization |
| CVE-2022-46337 | 2023-11-20 | Apache Derby: LDAP injection vulnerability in authenticator |
| CVE-2023-3116 | 2023-11-20 | Liteos-A has a incorrect default permissions vulnerability |
| CVE-2023-43612 | 2023-11-20 | Hiview has an improper preservation of permissions vulnerability |
| CVE-2023-46705 | 2023-11-20 | Arkruntime has a type confusion vulnerability |
| CVE-2023-6045 | 2023-11-20 | Arkruntime has a type confusion vulnerability |
| CVE-2023-42774 | 2023-11-20 | Liteos-A has a incorrect default permissions vulnerability |
| CVE-2023-46100 | 2023-11-20 | Cert manager has a use of uninitialized resource vulnerability |
| CVE-2023-47217 | 2023-11-20 | Arkruntime has a buffer overflow vulnerability |
| CVE-2023-5593 | 2023-11-20 | The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a crafted CREATE... |
| CVE-2023-47772 | 2023-11-20 | WordPress Slider Revolution Plugin <= 6.6.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-6196 | 2023-11-20 | The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on... |
| CVE-2023-6197 | 2023-11-20 | The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on... |
| CVE-2023-36013 | 2023-11-20 | PowerShell Information Disclosure Vulnerability |
| CVE-2023-35762 | 2023-11-20 | OS Command Injection in INEA ME RTU |
| CVE-2023-29155 | 2023-11-20 | INEA ME RTU Missing Authentication for Critical Function |
| CVE-2023-48218 | 2023-11-20 | Strapi Protected Populate Plugin leaking fields if the request fields where empty or only fields selected where not populatable |
| CVE-2023-48221 | 2023-11-20 | wire-avs remote format string vulnerability |
| CVE-2023-48223 | 2023-11-20 | fast-jwt JWT Algorithm Confusion |
| CVE-2023-48240 | 2023-11-20 | XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery |
| CVE-2023-48241 | 2023-11-20 | XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service |
| CVE-2023-48292 | 2023-11-20 | XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks |
| CVE-2023-48293 | 2023-11-20 | XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries |
| CVE-2023-48300 | 2023-11-20 | Embed Privacy missing escaping for show_all attribute in opt-out shortcode |
| CVE-2023-48309 | 2023-11-20 | next-auth vulnerable to possible user mocking that bypasses basic authentication |
| CVE-2023-5340 | 2023-11-20 | Five Star Restaurant Menu and Food Ordering < 2.4.11 - Unauthenticated PHP Object Injection |
| CVE-2023-4970 | 2023-11-20 | PubyDoc <= 2.0.6 - Admin+ Stored XSS |
| CVE-2023-5140 | 2023-11-20 | Bonus for Woo < 5.8.3 - Reflected Cross-Site Scripting |
| CVE-2023-4824 | 2023-11-20 | WooHoo Newspaper Magazine Theme <= 2.5.3 - Settings Update via CSRF |
| CVE-2023-4799 | 2023-11-20 | Magic Embeds < 3.1.2 - Contributor+ Stored XSS via shortcode |
| CVE-2023-4808 | 2023-11-20 | WP Post Popup <= 3.7.3 - Admin+ Stored XSS |
| CVE-2023-5652 | 2023-11-20 | WP Hotel Booking < 2.0.8 - Unauthenticated SQLi |
| CVE-2023-5609 | 2023-11-20 | Seraphinite Accelerator < 2.20.29 - Reflected XSS |
| CVE-2023-5799 | 2023-11-20 | WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion |