CVE List - 2023 / October
Showing 2201 - 2300 of 2690 CVEs for October 2023 (Page 23 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-46374 | 2023-10-26 | ZenTao Enterprise Edition version 4.1.3 and before is vulnerable to Cross Site Scripting (XSS). |
| CVE-2023-46435 | 2023-10-26 | Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. |
| CVE-2023-46449 | 2023-10-26 | Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via... |
| CVE-2023-46450 | 2023-10-26 | Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. |
| CVE-2023-46491 | 2023-10-26 | ZenTao Biz version 4.1.3 and before has a Cross Site Scripting (XSS) vulnerability in the Version Library. |
| CVE-2023-46754 | 2023-10-26 | The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values. |
| CVE-2023-43208 | 2023-10-26 | NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679. |
| CVE-2023-46752 | 2023-10-26 | An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data, leading to a crash. |
| CVE-2023-46753 | 2023-10-26 | An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes, e.g., one with only an unknown transit attribute. |
| CVE-2023-46667 | 2023-10-26 | Fleet Server Insertion of Sensitive Information into Log File |
| CVE-2023-31422 | 2023-10-26 | Kibana Insertion of Sensitive Information into Log File |
| CVE-2023-31421 | 2023-10-26 | Beats, Elastic Agent, APM Server, and Fleet Server Improper Certificate Validation issue |
| CVE-2023-5139 | 2023-10-26 | Potential buffer overflow vulnerability in the Zephyr STM32 Crypto driver |
| CVE-2023-5798 | 2023-10-26 | Assistant < 1.4.4 - Editor+ SSRF |
| CVE-2023-46072 | 2023-10-26 | WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5802 | 2023-10-26 | WordPress WP Knowledgebase Plugin <= 1.3.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46074 | 2023-10-26 | WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-30492 | 2023-10-26 | WordPress Minimum Purchase for WooCommerce Plugin <= 2.0.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5780 | 2023-10-26 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-46075 | 2023-10-26 | WordPress Contact Form Builder, Contact Widget Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46076 | 2023-10-26 | WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.102 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46077 | 2023-10-26 | WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46081 | 2023-10-26 | WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32116 | 2023-10-26 | WordPress Custom post types Plugin <= 4.0.12 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46094 | 2023-10-26 | WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46088 | 2023-10-26 | WordPress WP Full Stripe Free Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5781 | 2023-10-26 | Tongda OA 2017 delete_webmail.php DELETE_STR sql injection |
| CVE-2023-41095 | 2023-10-26 | Keys Stored in Plaintext on Secure Vault High for Silabs OpenThread devices |
| CVE-2023-41096 | 2023-10-26 | Keys Stored in Plaintext on Secure Vault High for Silabs Ember ZNet devices |
| CVE-2023-46090 | 2023-10-26 | WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5782 | 2023-10-26 | Tongda OA 2017 General News delete_query.php sql injection |
| CVE-2023-5783 | 2023-10-26 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-46238 | 2023-10-26 | XSS with User Avatar image in ZITADEL |
| CVE-2023-5784 | 2023-10-26 | Netentsec NS-ASG Application Security Gateway uploadfirewall.php sql injection |
| CVE-2023-46234 | 2023-10-26 | browserify-sign vulnerable via an upper bound check issue in `dsaVerify` that leads to a signature forgery attack |
| CVE-2023-5785 | 2023-10-26 | Netentsec NS-ASG Application Security Gateway addaddress_interpret.php sql injection |
| CVE-2023-5786 | 2023-10-26 | GeoServer GeoWebCache rest.html direct request |
| CVE-2023-5787 | 2023-10-26 | Shaanxi Chanming Education Technology Score Query System sql injection |
| CVE-2023-5789 | 2023-10-26 | Dragon Path 707GR1 Ping Diagnostics cross site scripting |
| CVE-2023-5790 | 2023-10-26 | SourceCodester File Manager App add-file.php unrestricted upload |
| CVE-2023-42769 | 2023-10-26 | Sielco Radio Link and Analog FM Transmitters Improper Access Control |
| CVE-2023-46666 | 2023-10-26 | Elastic Sharepoint Online Python Connector Improper Access Control |
| CVE-2023-45317 | 2023-10-26 | Sielco Radio Link and Analog FM Transmitters Cross-Site Request Forgery |
| CVE-2023-5622 | 2023-10-26 | Privilege Escalation |
| CVE-2023-45228 | 2023-10-26 | Sielco Radio Link and Analog FM Transmitters Improper Access Control |
| CVE-2023-41966 | 2023-10-26 | Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions |
| CVE-2023-5623 | 2023-10-26 | Privilege Escalation |
| CVE-2023-5791 | 2023-10-26 | SourceCodester Sticky Notes App add-note.php cross site scripting |
| CVE-2023-5792 | 2023-10-26 | SourceCodester Sticky Notes App delete-note.php sql injection |
| CVE-2023-5624 | 2023-10-26 | Blind SQL Injection |
| CVE-2023-5793 | 2023-10-26 | flusity CMS Dashboard customblock.php loadCustomBlocCreateForm cross site scripting |
| CVE-2023-5794 | 2023-10-26 | PHPGurukul Online Railway Catering System Login index.php sql injection |
| CVE-2023-31419 | 2023-10-26 | Elasticsearch StackOverflow vulnerability |
| CVE-2023-5795 | 2023-10-26 | CodeAstro POS System Profile Picture profil unrestricted upload |
| CVE-2023-5796 | 2023-10-26 | CodeAstro POS System Logo setting unrestricted upload |
| CVE-2023-31418 | 2023-10-26 | Elasticsearch uncontrolled resource consumption |
| CVE-2023-31417 | 2023-10-26 | Elasticsearch Insertion of sensitive information in audit logs |
| CVE-2023-31416 | 2023-10-26 | Elastic Cloud on Kubernetes (ECK) secret token configuration issue |
| CVE-2023-44267 | 2023-10-26 | Online Art Gallery v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-39936 | 2023-10-26 | Ashlar-Vellum Graphite Out-of-bounds Read |
| CVE-2023-39427 | 2023-10-26 | Ashlar-Vellum Cobalt, Xenon, Argon, Lithium Out-of-bounds Write |
| CVE-2023-0897 | 2023-10-26 | Session FIxation in Sielco PolyEco1000 |
| CVE-2023-5754 | 2023-10-26 | Improper Restriction of Excessive Authentication Attempts in Sielco PolyEco1000 |
| CVE-2023-46661 | 2023-10-26 | Improper Access Control in Sielco PolyEco1000 |
| CVE-2023-46662 | 2023-10-26 | Improper Access Control in Sielco PolyEco1000 |
| CVE-2023-5804 | 2023-10-26 | PHPGurukul Nipah Virus Testing Management System login.php sql injection |
| CVE-2023-46663 | 2023-10-26 | Improper Access Control in Sielco PolyEco1000 |
| CVE-2023-46664 | 2023-10-26 | Improper Access Control in Sielco PolyEco1000 |
| CVE-2023-46747 | 2023-10-26 | BIG-IP Configuration utility unauthenticated remote code execution vulnerability |
| CVE-2023-46748 | 2023-10-26 | BIG-IP Configuration utility authenticated SQL injection vulnerability |
| CVE-2023-46665 | 2023-10-26 | Improper Access Control in Sielco PolyEco1000 |
| CVE-2023-5805 | 2023-10-26 | SourceCodester Simple Real Estate Portal System view_estate.php sql injection |
| CVE-2022-34832 | 2023-10-27 | An issue was discovered in VERMEG AgileReporter 21.3. XXE can occur via an XML document to the Analysis component. |
| CVE-2022-34833 | 2023-10-27 | An issue was discovered in VERMEG AgileReporter 21.3. An admin can enter an XSS payload in the Analysis component. |
| CVE-2022-34834 | 2023-10-27 | An issue was discovered in VERMEG AgileReporter 21.3. Attackers can gain privileges via an XSS payload in an Add Comment action to the Activity log. |
| CVE-2023-35794 | 2023-10-27 | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint (spawned console) can be accessed without authentication. Specifically, there is no session cookie validation on the... |
| CVE-2023-45499 | 2023-10-27 | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain hardcoded credentials. |
| CVE-2023-46375 | 2023-10-27 | ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF). |
| CVE-2023-46376 | 2023-10-27 | Zentao Biz version 8.7 and before is vulnerable to Information Disclosure. |
| CVE-2023-46393 | 2023-10-27 | gougucms v4.08.18 was discovered to contain a password reset poisoning vulnerability which allows attackers to arbitrarily reset users' passwords via a crafted packet. |
| CVE-2023-46394 | 2023-10-27 | A stored cross-site scripting (XSS) vulnerability in /home/user/edit_submit of gougucms v4.08.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the headimgurl parameter. |
| CVE-2023-46407 | 2023-10-27 | FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. |
| CVE-2023-46490 | 2023-10-27 | SQL Injection vulnerability in Cacti v1.2.25 allows a remote attacker to obtain sensitive information via the form_actions() function in the managers.php function. |
| CVE-2023-46503 | 2023-10-27 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a remote attacker to execute arbitrary code via the reader management and book input modules. |
| CVE-2023-46504 | 2023-10-27 | Cross Site Scripting (XSS) vulnerability in PwnCYN YXBOOKCMS v.1.0.2 allows a physically proximate attacker to execute arbitrary code via the library name function in the general settings component. |
| CVE-2023-46505 | 2023-10-27 | Cross Site Scripting vulnerability in FanCMS v.1.0.0 allows an attacker to execute arbitrary code via the content1 parameter in the demo.php file. |
| CVE-2023-46509 | 2023-10-27 | An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. |
| CVE-2023-46510 | 2023-10-27 | An issue in ZIONCOM (Hong Kong) Technology Limited A7000R v.4.1cu.4154 allows an attacker to execute arbitrary code via the cig-bin/cstecgi.cgi to the settings/setPasswordCfg function. |
| CVE-2023-46587 | 2023-10-27 | Buffer Overflow vulnerability in XnView Classic v.2.51.5 allows a local attacker to execute arbitrary code via a crafted TIF file. |
| CVE-2023-46813 | 2023-10-27 | An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation... |
| CVE-2023-46815 | 2023-10-27 | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request,... |
| CVE-2023-46816 | 2023-10-27 | An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection (SSTI) vulnerability has been identified in the GecControl action. By using a... |
| CVE-2023-46818 | 2023-10-27 | An issue was discovered in ISPConfig before 3.2.11p1. PHP code injection can be achieved in the language file editor by an admin if admin_allow_langedit is enabled. |
| CVE-2023-46852 | 2023-10-27 | In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. |
| CVE-2023-46853 | 2023-10-27 | In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \n is used instead of \r\n. |
| CVE-2023-45498 | 2023-10-27 | VinChin Backup & Recovery v5.0.*, v6.0.*, v6.7.*, and v7.0.* was discovered to contain a command injection vulnerability. |
| CVE-2023-5810 | 2023-10-27 | flusity CMS posts.php loadPostAddForm cross site scripting |
| CVE-2023-5811 | 2023-10-27 | flusity CMS posts.php loadPostAddForm cross site scripting |
| CVE-2023-5812 | 2023-10-27 | flusity CMS upload.php handleFileUpload unrestricted upload |
| CVE-2023-5813 | 2023-10-27 | SourceCodester Task Reminder System sql injection |