CVE List - 2023 / October
Showing 1601 - 1700 of 2690 CVEs for October 2023 (Page 17 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5059 | 2023-10-19 | Santesoft Sante FFT Imaging Out-of-bounds Read |
| CVE-2023-39431 | 2023-10-19 | Santesoft Sante DICOM Viewer Pro Out-of-bounds Write |
| CVE-2023-35986 | 2023-10-19 | Santesoft Sante DICOM Viewer Pro Stack-based Buffer Overflow |
| CVE-2023-40153 | 2023-10-19 | Cross-site Scripting in DEXMA DEXGate |
| CVE-2023-41088 | 2023-10-19 | Cleartext Transmission of Sensitive Information in DEXMA DEXGate |
| CVE-2023-41089 | 2023-10-19 | Improper Authentication in DEXMA DEXGate |
| CVE-2023-42435 | 2023-10-19 | Cross-Site Request Forgery in DEXMA DEXGate |
| CVE-2023-42666 | 2023-10-19 | Exposure of Sensitive Information to an Unauthorized Actor in DEXMA DEXGate |
| CVE-2023-45825 | 2023-10-19 | Token in custom credentials object can leak through logs in ydb-go-sdk |
| CVE-2023-45826 | 2023-10-19 | Authenticated SQL Injection in leantime |
| CVE-2023-45809 | 2023-10-19 | Disclosure of user names via admin bulk action views in wagtail |
| CVE-2023-45820 | 2023-10-19 | Directus crashes on invalid WebSocket message |
| CVE-2023-38584 | 2023-10-19 | Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow |
| CVE-2023-40145 | 2023-10-19 | Weintek cMT3000 HMI Web CGI OS Command Injection |
| CVE-2023-43492 | 2023-10-19 | Weintek cMT3000 HMI Web CGI Stack-based Buffer Overflow |
| CVE-2023-45821 | 2023-10-19 | Incorrect Docker Hub registry check in Artifact Hub |
| CVE-2023-45822 | 2023-10-19 | Unsafe rego built-in allowed in Artifact Hub |
| CVE-2023-45823 | 2023-10-19 | Arbitrary file read in Artifact Hub |
| CVE-2023-45815 | 2023-10-19 | Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context in ArchiveBox |
| CVE-2023-45819 | 2023-10-19 | Cross-site Scripting vulnerability in TinyMCE notificationManager.open API |
| CVE-2023-45818 | 2023-10-19 | Cross-site Scripting vulnerability in TinyMCE undo/redo, getContent API, resetContent API, and Autosave plugin |
| CVE-2023-44385 | 2023-10-19 | Client-Side Request Forgery in Home Assistant iOS/macOS native Apps |
| CVE-2023-41898 | 2023-10-19 | Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android |
| CVE-2023-41899 | 2023-10-19 | Partial Server-Side Request Forgery in Home Assistant Core |
| CVE-2023-41897 | 2023-10-19 | Lack of XFO header allows clickjacking in Home Assistant Core |
| CVE-2023-41896 | 2023-10-19 | Fake websocket server installation permits full takeover in Home Assistant Core |
| CVE-2023-41895 | 2023-10-19 | Cross-site Scripting via auth_callback login in Home Assistant Core |
| CVE-2023-41894 | 2023-10-19 | Local-only webhooks externally accessible via SniTun in Home Assistant Core |
| CVE-2023-41893 | 2023-10-19 | Account takeover via auth_callback login in Home Assistant Core |
| CVE-2023-46115 | 2023-10-19 | Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli |
| CVE-2023-32786 | 2023-10-20 | In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into downstream tasks. |
| CVE-2023-37824 | 2023-10-20 | Sitolog sitologapplicationconnect v7.8.a and before was discovered to contain a SQL injection vulnerability via the component /activate_hook.php. |
| CVE-2023-38191 | 2023-10-20 | An issue was discovered in SuperWebMailer 9.00.0.01710. It allows spamtest_external.php XSS via a crafted filename. |
| CVE-2023-39680 | 2023-10-20 | Sollace Unicopia version 1.1.1 and before was discovered to deserialize untrusted data, allowing attackers to execute arbitrary code. |
| CVE-2023-40361 | 2023-10-20 | SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. To exploit this, an attacker needs access as a low-privileged user to the underlying DOMOS system. Every... |
| CVE-2023-43346 | 2023-10-20 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages... |
| CVE-2023-43353 | 2023-10-20 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component. |
| CVE-2023-43354 | 2023-10-20 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component. |
| CVE-2023-43355 | 2023-10-20 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences... |
| CVE-2023-43356 | 2023-10-20 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component. |
| CVE-2023-43357 | 2023-10-20 | Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the Manage Shortcuts component. |
| CVE-2023-45394 | 2023-10-20 | Stored Cross-Site Scripting (XSS) vulnerability in the Company field in the "Request a Quote" Section of Small CRM v3.0 allows an attacker to store and execute malicious javascript code in... |
| CVE-2023-45471 | 2023-10-20 | The QAD Search Server is vulnerable to Stored Cross-Site Scripting (XSS) in versions up to, and including, 1.0.0.315 due to insufficient checks on indexes. This makes it possible for unauthenticated... |
| CVE-2023-46277 | 2023-10-20 | please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. (If both TIOCSTI and TIOCLINUX are disabled, this cannot be exploited.) |
| CVE-2023-46287 | 2023-10-20 | XSS exists in NagVis before 1.9.38 via the select function in share/server/core/functions/html.php. |
| CVE-2023-34052 | 2023-10-20 | VMware Aria Operations for Logs contains a deserialization vulnerability. A malicious actor with non-administrative access to the local system can trigger the deserialization of data which could result in authentication... |
| CVE-2023-34051 | 2023-10-20 | VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote... |
| CVE-2023-5614 | 2023-10-20 | The Theme Switcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'theme_switcha_list' shortcode in all versions up to, and including, 3.3 due to insufficient input sanitization... |
| CVE-2023-5613 | 2023-10-20 | The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization... |
| CVE-2023-5668 | 2023-10-20 | The WhatsApp Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'whatsapp' shortcode in all versions up to, and including, 1.0.1 due to insufficient input... |
| CVE-2023-5071 | 2023-10-20 | The Sitekit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sitekit_iframe' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This... |
| CVE-2023-4598 | 2023-10-20 | The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied... |
| CVE-2020-36698 | 2023-10-20 | The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. This is due to missing capability checks... |
| CVE-2023-4482 | 2023-10-20 | The Auto Amazon Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the style parameter in versions up to, and including, 5.3.1 due to insufficient input sanitization and... |
| CVE-2023-5308 | 2023-10-20 | The Podcast Subscribe Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'podcast_subscribe' shortcode in versions up to, and including, 1.4.8 due to insufficient input sanitization and output... |
| CVE-2023-4402 | 2023-10-20 | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. This allows... |
| CVE-2023-4942 | 2023-10-20 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_visibility function.... |
| CVE-2023-4947 | 2023-10-20 | The WooCommerce EAN Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_ean_data AJAX action in versions up to... |
| CVE-2023-4975 | 2023-10-20 | The Website Builder by SeedProd plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.15.13.1. This is due to missing or incorrect nonce validation... |
| CVE-2023-4943 | 2023-10-20 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_visibility function. This makes... |
| CVE-2022-4954 | 2023-10-20 | The Waiting: One-click countdowns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown name in versions up to, and including, 0.6.2 due to insufficient input sanitization and... |
| CVE-2023-5050 | 2023-10-20 | The Leaflet Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping. This... |
| CVE-2023-4940 | 2023-10-20 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function.... |
| CVE-2023-5200 | 2023-10-20 | The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on... |
| CVE-2023-5120 | 2023-10-20 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image file path parameter in versions up to, and including, 0.9.89 due to... |
| CVE-2023-4919 | 2023-10-20 | The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `iframe` shortcode in versions up to, and including, 4.6 due to insufficient input sanitization and output escaping.... |
| CVE-2023-4271 | 2023-10-20 | The Photospace Responsive plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘psres_button_size’ parameter in versions up to, and including, 2.1.1 due to insufficient input sanitization and output... |
| CVE-2023-4937 | 2023-10-20 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_apply_default_combination function.... |
| CVE-2023-5414 | 2023-10-20 | The Icegram Express plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 5.6.23 via the show_es_logs function. This allows administrator-level attackers to read the contents... |
| CVE-2023-5576 | 2023-10-20 | The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext... |
| CVE-2020-36706 | 2023-10-20 | The Simple:Press – WordPress Forum Plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ~/admin/resources/jscript/ajaxupload/sf-uploader.php file in versions up to, and including,... |
| CVE-2023-4920 | 2023-10-20 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_save_options function.... |
| CVE-2021-4353 | 2023-10-20 | The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthenticated settings export in versions up to, and including, 2.4.1. This is due to missing authorization on the... |
| CVE-2023-4274 | 2023-10-20 | The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 0.9.89. This allows authenticated attackers with administrative privileges to delete... |
| CVE-2023-4935 | 2023-10-20 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the create_profile function.... |
| CVE-2021-4335 | 2023-10-20 | The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized access to data and modification of plugin settings due to a missing capability check on multiple AJAX functions in... |
| CVE-2023-4488 | 2023-10-20 | The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.9.7 via the editor-view.php file. This allows unauthenticated attackers to include and... |
| CVE-2023-4968 | 2023-10-20 | The WPLegalPages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wplegalpage' shortcode in versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on... |
| CVE-2022-4712 | 2023-10-20 | The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1.... |
| CVE-2023-2325 | 2023-10-20 | Stored XSS Vulnerability in M-Files Classic Web |
| CVE-2023-5523 | 2023-10-20 | M-Files Web Companion allows Remote Code Execution |
| CVE-2023-5524 | 2023-10-20 | M-Files Web Companion allows Remote Code Execution for some filetypes |
| CVE-2022-4943 | 2023-10-20 | The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This... |
| CVE-2023-4961 | 2023-10-20 | The Poptin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'poptin-form' shortcode in versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on... |
| CVE-2023-4923 | 2023-10-20 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_delete function.... |
| CVE-2023-4924 | 2023-10-20 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to missing capability checks on the woobe_bulkoperations_delete function. This makes it... |
| CVE-2023-5534 | 2023-10-20 | The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.8.9 and 4.9.2. This is due to missing or incorrect nonce validation... |
| CVE-2023-5615 | 2023-10-20 | The Skype Legacy Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skype-status' shortcode in all versions up to, and including, 3.1 due to insufficient input... |
| CVE-2020-36714 | 2023-10-20 | The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. This makes it... |
| CVE-2022-3342 | 2023-10-20 | The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including, 5.3.1. While the function performs... |
| CVE-2023-3998 | 2023-10-20 | The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This... |
| CVE-2023-4796 | 2023-10-20 | The Booster for WooCommerce for WordPress is vulnerable to Information Disclosure via the 'wcj_wp_option' shortcode in versions up to, and including, 7.1.0 due to insufficient controls on the information retrievable... |
| CVE-2023-5533 | 2023-10-20 | The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to missing capability checks on the corresponding functions in versions up to, and including, 4.8.9... |
| CVE-2020-36751 | 2023-10-20 | The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-4926 | 2023-10-20 | The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulk_delete_products function.... |
| CVE-2023-5337 | 2023-10-20 | The Contact form Form For All plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formforall' shortcode in versions up to, and including, 1.2 due to insufficient input sanitization... |
| CVE-2023-4386 | 2023-10-20 | The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. This allows... |
| CVE-2022-2441 | 2023-10-20 | The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users... |
| CVE-2023-3869 | 2023-10-20 | The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This... |
| CVE-2023-4941 | 2023-10-20 | The BEAR for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.1.3.3. This is due to a missing capability check on the woobe_bulkoperations_swap function. This makes... |