CVE List - 2023 / October
Showing 1201 - 1300 of 2690 CVEs for October 2023 (Page 13 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-45752 | 2023-10-16 | WordPress Post Gallery Plugin <= 2.3.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45753 | 2023-10-16 | WordPress which template file Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45763 | 2023-10-16 | WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45831 | 2023-10-16 | WordPress AMP WP Plugin <= 1.5.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-45836 | 2023-10-16 | WordPress Ultimate Taxonomy Manager Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-44229 | 2023-10-16 | WordPress Tiny Carousel Horizontal Slider Plugin <= 8.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44984 | 2023-10-16 | WordPress bbp style pack Plugin <= 5.6.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44985 | 2023-10-16 | WordPress BuddyMeet Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44986 | 2023-10-16 | WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.15.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-44987 | 2023-10-16 | WordPress Timely Booking Button Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46066 | 2023-10-16 | WordPress Mediabay Plugin <= 1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5575 | 2023-10-16 | Improper access control in the permission inheritance in Devolutions Server... |
| CVE-2023-46087 | 2023-10-16 | WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-20198 | 2023-10-16 | Cisco is providing an update for the ongoing investigation into... |
| CVE-2023-45685 | 2023-10-16 | Arbitrary file write via "zip slip" in Titan MFT and Titan SFTP servers |
| CVE-2023-45686 | 2023-10-16 | Arbitrary file write via WebDAV path traversal in Titan MFT and Titan SFTP servers |
| CVE-2023-45687 | 2023-10-16 | Authentication bypass via session fixation in Titan MFT and Titan SFTP servers |
| CVE-2023-45688 | 2023-10-16 | Information leak via path traversal in Titan MFT and Titan SFTP servers |
| CVE-2023-45689 | 2023-10-16 | Arbitrary file read via path traversal in Titan MFT and Titan SFTP servers |
| CVE-2023-45690 | 2023-10-16 | Information leak via default file permissions on Titan MFT and Titan SFTP servers |
| CVE-2023-40180 | 2023-10-16 | Denial of service vulnerability in silverstripe-graphql via recursive queries |
| CVE-2023-45683 | 2023-10-16 | Cross site scripting via missing binding syntax validation In ACS location in github.com/crewjam/saml |
| CVE-2023-45669 | 2023-10-16 | Improper signature counter value handling in webauthn4j-spring-security |
| CVE-2023-45660 | 2023-10-16 | Require strict cookies for image proxy requests in Nextcloud Mail |
| CVE-2023-45151 | 2023-10-16 | OAuth2 client_secret stored in plain text in the Nextcloud database |
| CVE-2023-45148 | 2023-10-16 | Rate limiter not working reliable when Memcached is installed in Nextcloud |
| CVE-2023-45149 | 2023-10-16 | Password of talk conversations can be bruteforced in Nextcloud |
| CVE-2023-45150 | 2023-10-16 | Inviting excessive long email addresses to a calendar event makes the Nextcloud server unresponsive |
| CVE-2023-4290 | 2023-10-16 | WP Matterport Shortcode < 2.1.7 - Reflected XSS |
| CVE-2023-4971 | 2023-10-16 | Weaver Xtreme Theme Support < 6.3.1 - Admin+ PHP Object Injection |
| CVE-2023-5177 | 2023-10-16 | Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure |
| CVE-2023-4819 | 2023-10-16 | Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2023-4862 | 2023-10-16 | File Manager Pro < 1.8.1 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-5087 | 2023-10-16 | PageLayer < 1.7.8 - Author+ Stored XSS |
| CVE-2023-4950 | 2023-10-16 | Funnelforms Free < 3.4 Unauthenticated Stored Cross-Site Scripting |
| CVE-2023-4643 | 2023-10-16 | Enable Media Replace < 4.1.3 - Author+ PHP Object Injection |
| CVE-2023-4776 | 2023-10-16 | WPSchoolPress < 2.2.5 - Teacher+ SQLi |
| CVE-2023-5167 | 2023-10-16 | User Activity Log Pro < 2.3.4 - Unauthenticated Stored Cross-Site Scripting via User Agent |
| CVE-2023-4388 | 2023-10-16 | EventON < 2.2 - Admin+ Stored XSS |
| CVE-2023-4687 | 2023-10-16 | PageLayer < 1.7.7 - Unauthenticated Stored XSS |
| CVE-2023-4795 | 2023-10-16 | Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS |
| CVE-2023-4783 | 2023-10-16 | Magee Shortcodes <= 2.1.1 - Contributor+ Stored XSS via shortcode |
| CVE-2023-4691 | 2023-10-16 | Bookly < 22.4 - Admin+ SQLi |
| CVE-2023-3154 | 2023-10-16 | NextGEN Gallery < 3.39 - Admin+ PHAR Deserialization |
| CVE-2023-4805 | 2023-10-16 | Tutor LMS < 2.3.0 - Subscriber+ Stored Cross-Site Scripting |
| CVE-2023-3155 | 2023-10-16 | NextGEN Gallery < 3.39 - Admin+ Arbitrary File Read and Delete |
| CVE-2023-5003 | 2023-10-16 | Active Directory Integration < 4.1.10 - Unauthenticated Log Disclosure |
| CVE-2023-4798 | 2023-10-16 | User Avatar - Reloaded < 1.2.2 - Contributor+ Stored XSS |
| CVE-2023-5561 | 2023-10-16 | WordPress < 6.3.2 - Unauthenticated Post Author Email Disclosure |
| CVE-2023-4666 | 2023-10-16 | Form-Maker < 1.15.20 - Unauthenticated Arbitrary File Upload |
| CVE-2023-3707 | 2023-10-16 | ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Content Disclosure |
| CVE-2023-5057 | 2023-10-16 | ActivityPub for WordPress < 1.0.0 - Contributor+ Stored XSS |
| CVE-2023-4646 | 2023-10-16 | Simple Posts Ticker < 1.1.6 - Contributor+ Stored XSS |
| CVE-2023-3746 | 2023-10-16 | ActivityPub for WordPress < 1.0.1 - Contributor+ Stored XSS |
| CVE-2023-3706 | 2023-10-16 | ActivityPub for WordPress < 1.0.0 - Subscriber+ Arbitrary Post Title Disclosure |
| CVE-2023-4811 | 2023-10-16 | WordPress File Upload < 4.23.3 - Author+ Stored Cross-Site Scripting |
| CVE-2023-5133 | 2023-10-16 | User Activity Log Pro < 2.3.4 - IP Spoofing |
| CVE-2023-3279 | 2023-10-16 | NextGEN Gallery < 3.39 - Admin+ Local File Inclusion |
| CVE-2023-4800 | 2023-10-16 | DoLogin Security < 3.7.1 - Subscriber+ IP Address leak |
| CVE-2023-4725 | 2023-10-16 | Simple Posts Ticker < 1.1.6 - Admin+ Stored XSS |
| CVE-2023-4861 | 2023-10-16 | File Manager Pro < 1.8.1 - Admin+ Remote Code Execution |
| CVE-2023-4820 | 2023-10-16 | PowerPress Podcasting < 11.0.12 - Contributor+ Stored XSS |
| CVE-2023-4933 | 2023-10-16 | WP Job Openings < 3.4.3 - Sensitive Data Exposure via Directory Listing |
| CVE-2023-4821 | 2023-10-16 | Drag and Drop Multiple File Upload < 1.1.1 - Unauthenticated Stored Cross-Site Scripting |
| CVE-2023-4289 | 2023-10-16 | WP Matterport Shortcode < 2.1.8 - Contributor+ Stored XSS via shortcode |
| CVE-2023-5089 | 2023-10-16 | Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page) |
| CVE-2023-45147 | 2023-10-16 | Arbitrary keys can be added to a topic's custom fields by any user in Discourse |
| CVE-2023-45144 | 2023-10-16 | Remote code execution from login screen through unescaped URL parameter in OAuth Identity XWiki App |
| CVE-2023-45128 | 2023-10-16 | CSRF Token Reuse Vulnerability in fiber |
| CVE-2023-30987 | 2023-10-16 | IBM Db2 denial of service |
| CVE-2023-45141 | 2023-10-16 | CSRF Token Validation Vulnerability in fiber |
| CVE-2023-38720 | 2023-10-16 | IBM Db2 denial of service |
| CVE-2023-42459 | 2023-10-16 | Malformed DATA submessage leads to bad-free error in Fast-DDS |
| CVE-2023-44394 | 2023-10-16 | Disclosure of project names to unauthorized users in MantisBT |
| CVE-2023-43659 | 2023-10-16 | Cross-site Scripting via email preview when CSP disabled in Discourse |
| CVE-2023-43814 | 2023-10-16 | Exposure of poll options and votes to unauthorized users in Discourse |
| CVE-2023-44388 | 2023-10-16 | Malicious requests can fill up the log files resulting in a deinal of service in Discourse |
| CVE-2023-44391 | 2023-10-16 | Prevent unauthorized access to summary details in Discourse |
| CVE-2023-45131 | 2023-10-16 | Unauthenticated access to new private chat messages in Discourse |
| CVE-2023-38740 | 2023-10-16 | IBM Db2 denial of service |
| CVE-2023-38728 | 2023-10-16 | IBM Db2 denial of service |
| CVE-2023-43658 | 2023-10-16 | Improper escaping of user input in discourse-calendar |
| CVE-2023-45807 | 2023-10-16 | OpenSearch Issue with tenant read-only permissions |
| CVE-2023-40374 | 2023-10-16 | IBM Db2 denial of service |
| CVE-2023-30991 | 2023-10-16 | IBM Db2 denial of service |
| CVE-2023-40372 | 2023-10-16 | IBM Db2 denial of service |
| CVE-2023-38719 | 2023-10-16 | IBM Db2 denial of service |
| CVE-2023-40373 | 2023-10-16 | IBM Db2 denial of service |
| CVE-2011-10004 | 2023-10-16 | reciply Plugin uploadImage.php unrestricted upload |
| CVE-2012-10016 | 2023-10-16 | Halulu simple-download-button-shortcode Plugin Download simple-download-button_dl.php information disclosure |
| CVE-2023-45659 | 2023-10-16 | Session is not expiring after password reset in Engelsystem |
| CVE-2023-45152 | 2023-10-16 | Blind Server Side Request Forgery (SSRF) in remote schedule import feature in Engelsystem |
| CVE-2023-4215 | 2023-10-16 | Advantech WebAccess Debug Messages Revealing Unnecessary Information |
| CVE-2023-27132 | 2023-10-17 | TSplus Remote Work 16.0.0.0 places a cleartext password on the... |
| CVE-2023-27133 | 2023-10-17 | TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js,... |
| CVE-2023-36321 | 2023-10-17 | Connected Vehicle Systems Alliance (COVESA) up to v2.18.8 was discovered... |
| CVE-2023-39902 | 2023-10-17 | A software vulnerability has been identified in the U-Boot Secondary... |
| CVE-2023-41629 | 2023-10-17 | A lack of input sanitizing in the file download feature... |
| CVE-2023-41630 | 2023-10-17 | eSST Monitoring v2.147.1 was discovered to contain a remote code... |
| CVE-2023-41631 | 2023-10-17 | eSST Monitoring v2.147.1 was discovered to contain a remote code... |