CVE List - 2023 / October
Showing 601 - 700 of 2690 CVEs for October 2023 (Page 7 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-41694 | 2023-10-10 | WordPress Realbig Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41697 | 2023-10-10 | WordPress Easy WP Cleaner Plugin <= 1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41730 | 2023-10-10 | WordPress SendPress Newsletters Plugin <= 1.22.3.31 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41850 | 2023-10-10 | WordPress Outbound Link Manager Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41851 | 2023-10-10 | WordPress WP Custom Post Template Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41852 | 2023-10-10 | WordPress MailMunch – Grow your Email List Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41853 | 2023-10-10 | WordPress WP iCal Availability Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41854 | 2023-10-10 | WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41858 | 2023-10-10 | WordPress Order Delivery Date for WP e-Commerce Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-41876 | 2023-10-10 | WordPress WP Gallery Metabox Plugin <= 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44257 | 2023-10-10 | WordPress Mang Board WP Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44259 | 2023-10-10 | WordPress Mediavine Control Panel Plugin <= 2.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44261 | 2023-10-10 | WordPress Block Plugin Update Plugin <= 3.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5498 | 2023-10-10 | Cross-Site Request Forgery (CSRF) in chiefonboarding/chiefonboarding |
| CVE-2023-4837 | 2023-10-10 | Cross-site request forgery (CSRF) in SmodBIP |
| CVE-2022-30527 | 2023-10-10 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow... |
| CVE-2023-30900 | 2023-10-10 | A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this... |
| CVE-2023-35796 | 2023-10-10 | A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a... |
| CVE-2023-36380 | 2023-10-10 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated... |
| CVE-2023-37194 | 2023-10-10 | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All... |
| CVE-2023-37195 | 2023-10-10 | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All... |
| CVE-2023-38640 | 2023-10-10 | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow... |
| CVE-2023-42796 | 2023-10-10 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to... |
| CVE-2023-43623 | 2023-10-10 | A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix... |
| CVE-2023-43625 | 2023-10-10 | A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection... |
| CVE-2023-44081 | 2023-10-10 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds... |
| CVE-2023-44082 | 2023-10-10 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds... |
| CVE-2023-44083 | 2023-10-10 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds... |
| CVE-2023-44084 | 2023-10-10 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds... |
| CVE-2023-44085 | 2023-10-10 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds... |
| CVE-2023-44086 | 2023-10-10 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds... |
| CVE-2023-44087 | 2023-10-10 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds... |
| CVE-2023-44315 | 2023-10-10 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to... |
| CVE-2023-45204 | 2023-10-10 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability... |
| CVE-2023-45205 | 2023-10-10 | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow... |
| CVE-2023-45601 | 2023-10-10 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions... |
| CVE-2023-43785 | 2023-10-10 | Libx11: out-of-bounds memory access in _xkbreadkeysyms() |
| CVE-2023-43786 | 2023-10-10 | Libx11: stack exhaustion from infinite recursion in putsubimage() |
| CVE-2023-43787 | 2023-10-10 | Libx11: integer overflow in xcreateimage() leading to a heap overflow |
| CVE-2023-43788 | 2023-10-10 | Libxpm: out of bounds read in xpmcreatexpmimagefrombuffer() |
| CVE-2023-5450 | 2023-10-10 | BIG-IP Edge Client for macOS vulnerability |
| CVE-2023-39447 | 2023-10-10 | BIG-IP APM Guided Configuration vulnerability |
| CVE-2023-40534 | 2023-10-10 | BIG-IP HTTP/2 vulnerability |
| CVE-2023-40537 | 2023-10-10 | Multi-blade VIPRION Configuration utility session cookie vulnerability |
| CVE-2023-40542 | 2023-10-10 | BIG-IP TCP Profile vulnerability |
| CVE-2023-41085 | 2023-10-10 | BIG-IP IPSEC vulnerability |
| CVE-2023-41253 | 2023-10-10 | BIG-IP DNS TSIG Key vulnerability |
| CVE-2023-41373 | 2023-10-10 | BIG-IP Configuration Utility vulnerability |
| CVE-2023-41964 | 2023-10-10 | BIG-IP and BIG-IQ Database Variable vulnerability |
| CVE-2023-42768 | 2023-10-10 | BIG-IP iControl REST vulnerability |
| CVE-2023-43485 | 2023-10-10 | BIGIP and BIG-IQ TACACS+ audit log Vulnerability |
| CVE-2023-43611 | 2023-10-10 | BIG-IP Edge Client for macOS vulnerability |
| CVE-2023-43746 | 2023-10-10 | BIG-IP Appliance mode external monitor vulnerability |
| CVE-2023-45219 | 2023-10-10 | BIG-IP tmsh vulnerability |
| CVE-2023-45226 | 2023-10-10 | BIG-IP Next SPK SSH vulnerability |
| CVE-2023-4966 | 2023-10-10 | Unauthenticated sensitive information disclosure |
| CVE-2023-5499 | 2023-10-10 | Shenzhen Reachfar v28 information exposure |
| CVE-2023-30801 | 2023-10-10 | qBittorrent Web UI Default Credentials Lead to RCE |
| CVE-2023-44241 | 2023-10-10 | WordPress Keap Landing Pages Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44470 | 2023-10-10 | WordPress Kv TinyMCE Editor Add Fonts Plugin <= 1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5488 | 2023-10-10 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform updatelib.php unrestricted upload |
| CVE-2023-30802 | 2023-10-10 | Sangfor Next-Gen Application Firewall Source Code Disclosure |
| CVE-2023-30803 | 2023-10-10 | Sangfor Next-Gen Application Firewall Authentication Bypass |
| CVE-2023-30804 | 2023-10-10 | Sangfor Next-Gen Application Firewall Authenticated File Disclosure |
| CVE-2023-44471 | 2023-10-10 | WordPress Backend Localization Plugin <= 2.1.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30805 | 2023-10-10 | Sangfor Next-Gen Application Firewall Login Un Param Command Injection |
| CVE-2023-44475 | 2023-10-10 | WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30806 | 2023-10-10 | Sangfor Next-Gen Application Firewall PHPSESSID Command Injection |
| CVE-2023-44476 | 2023-10-10 | WordPress CopyRightPro Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5489 | 2023-10-10 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform uploadfile.php unrestricted upload |
| CVE-2023-44994 | 2023-10-10 | WordPress ShortCodes UI Plugin <= 1.9.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5490 | 2023-10-10 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform userattestation.php unrestricted upload |
| CVE-2023-5491 | 2023-10-10 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform updatelib.php unrestricted upload |
| CVE-2023-5492 | 2023-10-10 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform licence.php unrestricted upload |
| CVE-2023-44995 | 2023-10-10 | WordPress WooCommerce Login Redirect Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44996 | 2023-10-10 | WordPress Post View Count Plugin <= 1.8.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5493 | 2023-10-10 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform web.php unrestricted upload |
| CVE-2023-5494 | 2023-10-10 | Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform download.php os command injection |
| CVE-2023-5495 | 2023-10-10 | QDocs Smart School HTTP POST Request sql injection |
| CVE-2023-33301 | 2023-10-10 | An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. |
| CVE-2023-36555 | 2023-10-10 | An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the... |
| CVE-2023-44249 | 2023-10-10 | An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges... |
| CVE-2023-42787 | 2023-10-10 | A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low... |
| CVE-2023-42788 | 2023-10-10 | An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8,... |
| CVE-2023-40718 | 2023-10-10 | A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. |
| CVE-2023-41838 | 2023-10-10 | An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands... |
| CVE-2023-41841 | 2023-10-10 | An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. |
| CVE-2023-25604 | 2023-10-10 | An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. |
| CVE-2022-22298 | 2023-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0... |
| CVE-2023-36556 | 2023-10-10 | An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from... |
| CVE-2023-41675 | 2023-10-10 | A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow... |
| CVE-2023-37939 | 2023-10-10 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions,... |
| CVE-2023-36637 | 2023-10-10 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's... |
| CVE-2023-34992 | 2023-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through... |
| CVE-2023-42782 | 2023-10-10 | A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via... |
| CVE-2023-34988 | 2023-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized... |
| CVE-2023-34985 | 2023-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized... |
| CVE-2023-34986 | 2023-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized... |
| CVE-2023-34987 | 2023-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized... |
| CVE-2023-34989 | 2023-10-10 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized... |