Lista CVE - 2023 / Novembre
Visualizzazione 2001 - 2100 di 2443 CVE per Novembre 2023 (Pagina 21 di 25)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2023-6274 | 2023-11-24 | Byzoro Smart S80 PHP File updatelib.php unrestricted upload |
| CVE-2023-6275 | 2023-11-24 | TOTVS Fluig Platform mobileredir openApp.jsp cross site scripting |
| CVE-2023-6276 | 2023-11-24 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-48712 | 2023-11-24 | User authorization bug leading to privilege escalation in warpgate |
| CVE-2023-48711 | 2023-11-24 | Server-Side Request Forgery (SSRF) Vulnerability in google-translate-api-browser |
| CVE-2023-48312 | 2023-11-24 | Authentication bypass using an empty token in capsule-proxy |
| CVE-2023-48708 | 2023-11-24 | Insertion of Sensitive Information into Log in codeigniter4/shield |
| CVE-2023-48707 | 2023-11-24 | Cleartext Storage of Sensitive Information in codeigniter4/shield |
| CVE-2023-6277 | 2023-11-24 | Libtiff: out-of-memory in tiffopen via a craft file |
| CVE-2023-6293 | 2023-11-24 | Prototype Pollution in robinbuschmann/sequelize-typescript |
| CVE-2023-49312 | 2023-11-26 | Precision Bridge PrecisionBridge.exe (aka the thick client) before 7.3.21 allows... |
| CVE-2023-49321 | 2023-11-26 | Certain WithSecure products allow a Denial of Service because scanning... |
| CVE-2023-49322 | 2023-11-26 | Certain WithSecure products allow a Denial of Service because there... |
| CVE-2023-6296 | 2023-11-26 | osCommerce Instant Message compare cross site scripting |
| CVE-2023-6297 | 2023-11-26 | PHPGurukul Nipah Virus Testing Management System Search Report Page patient-search-report.php cross site scripting |
| CVE-2023-6298 | 2023-11-26 | Apryse iText PdfDocument.java main array index |
| CVE-2023-6299 | 2023-11-26 | Apryse iText Reference Table PdfDocument.java memory leak |
| CVE-2023-6300 | 2023-11-26 | SourceCodester Best Courier Management System cross site scripting |
| CVE-2023-6301 | 2023-11-26 | SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting |
| CVE-2023-29770 | 2023-11-27 | In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker... |
| CVE-2023-42363 | 2023-11-27 | A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344... |
| CVE-2023-42364 | 2023-11-27 | A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause... |
| CVE-2023-42365 | 2023-11-27 | A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a... |
| CVE-2023-42366 | 2023-11-27 | A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token... |
| CVE-2023-46349 | 2023-11-27 | In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) <... |
| CVE-2023-46355 | 2023-11-27 | In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from... |
| CVE-2023-47437 | 2023-11-27 | A vulnerability has been identified in Pachno 1.0.6 allowing an... |
| CVE-2023-48034 | 2023-11-27 | An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker... |
| CVE-2023-48188 | 2023-11-27 | SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows... |
| CVE-2023-49028 | 2023-11-27 | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before... |
| CVE-2023-49029 | 2023-11-27 | Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before... |
| CVE-2023-49030 | 2023-11-27 | SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a... |
| CVE-2023-49040 | 2023-11-27 | An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker... |
| CVE-2023-49042 | 2023-11-27 | Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote... |
| CVE-2023-49043 | 2023-11-27 | Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote... |
| CVE-2023-49044 | 2023-11-27 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote... |
| CVE-2023-49046 | 2023-11-27 | Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote... |
| CVE-2023-49047 | 2023-11-27 | Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName... |
| CVE-2023-49316 | 2023-11-27 | In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees... |
| CVE-2023-46480 | 2023-11-27 | An issue in OwnCast v.0.1.1 allows a remote attacker to... |
| CVE-2023-6302 | 2023-11-27 | CSZCMS File Manager Page templates permission |
| CVE-2023-6303 | 2023-11-27 | CSZCMS Site Settings Page cross site scripting |
| CVE-2023-6304 | 2023-11-27 | Tecno 4G Portable WiFi TR118 Ping Tool goform_get_cmd_process os command injection |
| CVE-2023-6305 | 2023-11-27 | SourceCodester Free and Open Source Inventory Management System suppliar_data.php sql injection |
| CVE-2023-6306 | 2023-11-27 | SourceCodester Free and Open Source Inventory Management System member_data.php sql injection |
| CVE-2023-6307 | 2023-11-27 | jeecgboot JimuReport image path traversal |
| CVE-2023-6308 | 2023-11-27 | Xiamen Four-Faith Video Surveillance Management System Apache Struts unrestricted upload |
| CVE-2023-6309 | 2023-11-27 | moses-smt mosesdecoder trans_result.php os command injection |
| CVE-2023-6310 | 2023-11-27 | SourceCodester Loan Management System deleteBorrower.php delete_borrower sql injection |
| CVE-2023-6311 | 2023-11-27 | SourceCodester Loan Management System Loan Type Page delete_ltype.php delete_ltype sql injection |
| CVE-2023-6312 | 2023-11-27 | SourceCodester Loan Management System Users Page deleteUser.php delete_user sql injection |
| CVE-2023-6313 | 2023-11-27 | SourceCodester URL Shortener Long URL cross site scripting |
| CVE-2023-25632 | 2023-11-27 | The Android Mobile Whale browser app before 3.0.1.2 allows the... |
| CVE-2023-47865 | 2023-11-27 | Username and Icon override can be used by members when Hardened Mode is enabled |
| CVE-2023-45223 | 2023-11-27 | Users full name disclosure through Mattermost Boards with Show Full Name Option disabled |
| CVE-2023-48268 | 2023-11-27 | Denial of Service via Board Import Zip Bomb |
| CVE-2023-40703 | 2023-11-27 | Denial of Service via specially crafted block fields in Mattermost Boards |
| CVE-2023-35075 | 2023-11-27 | HTML injection via channel autocomplete |
| CVE-2023-48369 | 2023-11-27 | Log Flooding due to specially crafted requests in different endpoints |
| CVE-2023-43754 | 2023-11-27 | Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels |
| CVE-2023-6202 | 2023-11-27 | Insecure Direct Object Reference in /plugins/focalboard/ api/v2/users of Mattermost Boards |
| CVE-2023-47168 | 2023-11-27 | Open redirect in /oauth/<service>/mobile_login?redirect_to= |
| CVE-2023-6254 | 2023-11-27 | Password is send back to client |
| CVE-2023-49068 | 2023-11-27 | Apache DolphinScheduler: Information Leakage Vulnerability |
| CVE-2023-40610 | 2023-11-27 | Apache Superset: Privilege escalation with default examples database |
| CVE-2023-42501 | 2023-11-27 | Apache Superset: Unnecessary read permissions within the Gamma role |
| CVE-2023-5607 | 2023-11-27 | An improper limitation of a path name to a restricted... |
| CVE-2023-43701 | 2023-11-27 | Apache Superset: Stored XSS on API endpoint |
| CVE-2023-5871 | 2023-11-27 | Libnbd: malicious nbd server may crash libnbd |
| CVE-2023-4590 | 2023-11-27 | Buffer Overflow vulnerability in Frhed |
| CVE-2023-6287 | 2023-11-27 | Backup password in GET parameter |
| CVE-2023-4931 | 2023-11-27 | Uncontrolled search path element vulnerability in Plesk |
| CVE-2023-38573 | 2023-11-27 | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356... |
| CVE-2023-41257 | 2023-11-27 | A type confusion vulnerability exists in the way Foxit Reader... |
| CVE-2023-32616 | 2023-11-27 | A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356... |
| CVE-2023-35985 | 2023-11-27 | An arbitrary file creation vulnerability exists in the Javascript exportDataObject... |
| CVE-2023-40194 | 2023-11-27 | An arbitrary file creation vulnerability exists in the Javascript exportDataObject... |
| CVE-2023-39542 | 2023-11-27 | A code execution vulnerability exists in the Javascript saveAs API... |
| CVE-2023-31275 | 2023-11-27 | An uninitialized pointer use vulnerability exists in the functionality of... |
| CVE-2023-4642 | 2023-11-27 | kk Star Ratings < 5.4.6 - Rating Tampering via Race Condition |
| CVE-2023-5209 | 2023-11-27 | Bookly < 22.5 - Admin+ Stored XSS |
| CVE-2023-5906 | 2023-11-27 | Job Manager & Career < 1.4.4 - Directory listing to Sensitive Data Exposure |
| CVE-2023-4252 | 2023-11-27 | EventPrime <= 3.2.9 - Booking Pricing Bypass |
| CVE-2023-5560 | 2023-11-27 | WP-UserOnline < 2.88.3 - Unauthenticated Stored XSS |
| CVE-2023-5239 | 2023-11-27 | Security & Malware scan by CleanTalk < 2.121 - IP Spoofing |
| CVE-2023-5604 | 2023-11-27 | Asgaros Forum < 2.7.1 - Unauthenticated Arbitrary File Upload |
| CVE-2023-5653 | 2023-11-27 | WassUp Real Time Analytics <= 1.9.4.5 - Unauthenticated Stored XSS |
| CVE-2023-4297 | 2023-11-27 | Mmm Simple File List <= 2.3 - Subscriber+ Arbitrary Directory Listing |
| CVE-2023-5845 | 2023-11-27 | Simple Social Buttons < 5.1.1 - Unauthenticated Password Protected Post Access |
| CVE-2023-5737 | 2023-11-27 | WordPress Backup & Migration < 1.4.4 - Subscriber+ Plugin Settings Update |
| CVE-2023-5974 | 2023-11-27 | WPB Show Core <= 2.2 - Unauthenticated Server Side Request Forgery |
| CVE-2023-5325 | 2023-11-27 | Woocommerce Vietnam Checkout < 2.0.6 - Unauthenticated Stored XSS |
| CVE-2023-4922 | 2023-11-27 | WPB Show Core <= 2.2 - Unauthenticated Local File Inclusion |
| CVE-2023-5958 | 2023-11-27 | POST SMTP Mailer < 2.7.1 - Unauthenticated Cross-site Scripting |
| CVE-2023-4514 | 2023-11-27 | Mmm Simple File List <= 2.3 - Contributor+ Stored XSS |
| CVE-2023-5738 | 2023-11-27 | WordPress Backup & Migration < 1.4.5 - Subscriber+ Stored XSS |
| CVE-2023-5942 | 2023-11-27 | Medialist < 1.4.1 - Contributor+ Stored XSS |
| CVE-2023-2707 | 2023-11-27 | Appointment booking addon for Gravity Forms <= 1.9.5.1 - Admin+ Stored XSS |
| CVE-2023-5611 | 2023-11-27 | Seraphinite Accelerator < 2.20.32 - Unauthorised Settings Reset/Import |
| CVE-2023-5559 | 2023-11-27 | 10Web Booster < 2.24.18 - Unauthenticated Arbitrary Option Deletion |