CVE List - 2023 / October
Showing 2601 - 2690 of 2690 CVEs for October 2023 (Page 27 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-47095 | 2023-10-31 | A Stored Cross-Site Scripting (XSS) vulnerability in the Custom fields... |
| CVE-2023-47096 | 2023-10-31 | A Reflected Cross-Site Scripting (XSS) vulnerability in the Cloudmin Services... |
| CVE-2023-47097 | 2023-10-31 | A Stored Cross-Site Scripting (XSS) vulnerability in the Server Template... |
| CVE-2023-47098 | 2023-10-31 | A Stored Cross-Site Scripting (XSS) vulnerability in the Manage Extra... |
| CVE-2023-47099 | 2023-10-31 | A Stored Cross-Site Scripting (XSS) vulnerability in the Create Virtual... |
| CVE-2023-47174 | 2023-10-31 | Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework... |
| CVE-2023-38994 | 2023-10-31 | The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS... |
| CVE-2023-5862 | 2023-10-31 | Missing Authorization in hamza417/inure |
| CVE-2023-5861 | 2023-10-31 | Cross-site Scripting (XSS) - Stored in microweber/microweber |
| CVE-2023-5863 | 2023-10-31 | Cross-site Scripting (XSS) - Reflected in thorsten/phpmyfaq |
| CVE-2023-5864 | 2023-10-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-5865 | 2023-10-31 | Insufficient Session Expiration in thorsten/phpmyfaq |
| CVE-2023-5867 | 2023-10-31 | Cross-site Scripting (XSS) - Stored in thorsten/phpmyfaq |
| CVE-2023-5866 | 2023-10-31 | Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in thorsten/phpmyfaq |
| CVE-2023-46210 | 2023-10-31 | WordPress WC Captcha Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5873 | 2023-10-31 | Cross-site Scripting (XSS) - Stored in pimcore/pimcore |
| CVE-2023-5428 | 2023-10-31 | The Image vertical reel scroll slideshow plugin for WordPress is... |
| CVE-2023-5464 | 2023-10-31 | The Jquery accordion slideshow plugin for WordPress is vulnerable to... |
| CVE-2023-5412 | 2023-10-31 | The Image horizontal reel scroll slideshow plugin for WordPress is... |
| CVE-2023-5435 | 2023-10-31 | The Up down image slideshow gallery plugin for WordPress is... |
| CVE-2023-5434 | 2023-10-31 | The Superb slideshow gallery plugin for WordPress is vulnerable to... |
| CVE-2023-5430 | 2023-10-31 | The Jquery news ticker plugin for WordPress is vulnerable to... |
| CVE-2023-5439 | 2023-10-31 | The Wp photo text slider 50 plugin for WordPress is... |
| CVE-2023-5429 | 2023-10-31 | The Information Reel plugin for WordPress is vulnerable to SQL... |
| CVE-2023-5431 | 2023-10-31 | The Left right image slideshow gallery plugin for WordPress is... |
| CVE-2023-5438 | 2023-10-31 | The wp image slideshow plugin for WordPress is vulnerable to... |
| CVE-2023-5437 | 2023-10-31 | The WP fade in text news plugin for WordPress is... |
| CVE-2023-5436 | 2023-10-31 | The Vertical marquee plugin for WordPress is vulnerable to SQL... |
| CVE-2023-5433 | 2023-10-31 | The Message ticker plugin for WordPress is vulnerable to SQL... |
| CVE-2023-46312 | 2023-10-31 | WordPress Smart Online Order for Clover Plugin <= 1.5.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2015-0897 | 2023-10-31 | LINE for Android version 5.0.2 and earlier and LINE for... |
| CVE-2015-2968 | 2023-10-31 | LINE@ for Android version 1.0.0 and LINE@ for iOS version... |
| CVE-2023-46313 | 2023-10-31 | WordPress Zotpress Plugin <= 7.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46622 | 2023-10-31 | WordPress WPPizza Plugin <= 3.18.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-40681 | 2023-10-31 | WordPress Groundhogg Plugin <= 2.7.11.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2022-3007 | 2023-10-31 | Unauthorized Access Vulnerability in Syska SW100 Smartwatch |
| CVE-2023-5073 | 2023-10-31 | The iframe forms plugin for WordPress is vulnerable to Stored... |
| CVE-2023-5114 | 2023-10-31 | The idbbee plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2023-5099 | 2023-10-31 | The HTML filter and csv-file search plugin for WordPress is... |
| CVE-2016-1203 | 2023-10-31 | Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and... |
| CVE-2023-5116 | 2023-10-31 | The Live updates from Excel plugin for WordPress is vulnerable... |
| CVE-2023-25045 | 2023-10-31 | WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection |
| CVE-2023-25047 | 2023-10-31 | WordPress RSVPMarker Plugin <= 9.9.3 is vulnerable to SQL Injection |
| CVE-2023-24000 | 2023-10-31 | WordPress GamiPress Plugin <= 2.5.7 is vulnerable to SQL Injection |
| CVE-2023-5229 | 2023-10-31 | E2Pdf < 1.20.20 - Admin+ Stored Cross-Site Scriping |
| CVE-2023-5360 | 2023-10-31 | Royal Elementor Addons and Templates < 1.3.79 - Unauthenticated Arbitrary File Upload |
| CVE-2023-5458 | 2023-10-31 | CITS Support svg, webp Media and TTF,OTF File Upload < 3.0 - Author+ Stored XSS via SVG |
| CVE-2023-4823 | 2023-10-31 | WP Meta and Date Remover < 2.2.0 - Subscriber+ Stored XSS |
| CVE-2023-5307 | 2023-10-31 | Photos and Files Contest Gallery – Contact Form < 21.2.8.1 - Unauthenticated Stored XSS via HTTP Headers |
| CVE-2023-5243 | 2023-10-31 | Login screen manager <= 3.5.2 - Admin+ Stored XSS |
| CVE-2023-5238 | 2023-10-31 | EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter |
| CVE-2023-5098 | 2023-10-31 | Campaign Monitor Forms < 2.5.6 - Subscriber+ Arbitrary Options Update |
| CVE-2023-5519 | 2023-10-31 | EventPrime < 3.2.0 - Booking Creation via CSRF |
| CVE-2023-5237 | 2023-10-31 | Memberlite Shortcodes < 1.3.9 - Contributor+ Stored XSS via Shortcode |
| CVE-2023-4390 | 2023-10-31 | Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-5211 | 2023-10-31 | Fattura24 < 6.2.8 - Reflected Cross-Site Scripting |
| CVE-2023-4251 | 2023-10-31 | EventPrime < 3.2.0 - Booking Creation via CSRF |
| CVE-2023-4836 | 2023-10-31 | WordPress File Sharing Plugin < 2.0.5 - Subscriber+ Sensitive Data and Files Exposure via IDOR |
| CVE-2023-4250 | 2023-10-31 | EventPrime < 3.2.0 - Reflected XSS |
| CVE-2023-28777 | 2023-10-31 | WordPress LearnDash LMS Plugin <= 4.5.3 is vulnerable to SQL Injection |
| CVE-2023-31212 | 2023-10-31 | WordPress Contact Form Entries Plugin <= 1.3.0 is vulnerable to SQL Injection |
| CVE-2023-40050 | 2023-10-31 | Automate Vulnerable to Malicious Content Uploaded Through Embedded Compliance Application |
| CVE-2023-42658 | 2023-10-31 | InSpec Archive Command Vulnerable to Maliciously Crafted Profile |
| CVE-2023-33927 | 2023-10-31 | WordPress Multiple Page Generator Plugin – MPG Plugin <= 3.3.19 is vulnerable to SQL Injection |
| CVE-2023-35879 | 2023-10-31 | WordPress WooCommerce Product Vendors Plugin <= 2.1.78 is vulnerable to SQL Injection |
| CVE-2023-36508 | 2023-10-31 | WordPress Contact Form to DB by BestWebSoft Plugin <= 1.7.1 is vulnerable to SQL Injection |
| CVE-2023-46235 | 2023-10-31 | FOG stored XSS on log screen via unsanitized request logging |
| CVE-2023-24410 | 2023-10-31 | WordPress FluentForm Plugin <= 4.3.25 is vulnerable to SQL Injection |
| CVE-2023-22518 | 2023-10-31 | All versions of Confluence Data Center and Server are affected... |
| CVE-2023-46236 | 2023-10-31 | FOG SSRF via unauthenticated endpoint(s) |
| CVE-2023-37243 | 2023-10-31 | The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the... |
| CVE-2023-37966 | 2023-10-31 | WordPress User Activity Log Plugin <= 1.6.2 is vulnerable to SQL Injection |
| CVE-2023-46237 | 2023-10-31 | FOG path traversal via unauthenticated endpoint |
| CVE-2023-46239 | 2023-10-31 | quic-go vulnerable to pointer dereference that can lead to panic |
| CVE-2023-46240 | 2023-10-31 | CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment |
| CVE-2023-46245 | 2023-10-31 | Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File |
| CVE-2023-46248 | 2023-10-31 | Overwrite of builtin Cody commands facilitates RCE |
| CVE-2023-46249 | 2023-10-31 | authentik potential installation takeover when default admin user is deleted |
| CVE-2023-46250 | 2023-10-31 | pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF |
| CVE-2023-46255 | 2023-10-31 | `SPICEDB_DATASTORE_CONN_URI` is leaked when URI cannot be parsed |
| CVE-2023-46256 | 2023-10-31 | PX4-Autopilot Heap Buffer Overflow Bug |
| CVE-2023-46723 | 2023-10-31 | lte-pic32-writer's sendto.txt may disclose URL and the API key |
| CVE-2023-46722 | 2023-10-31 | Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews |
| CVE-2023-5739 | 2023-10-31 | Certain versions of HP PC Hardware Diagnostics Windows are potentially... |
| CVE-2023-43796 | 2023-10-31 | Synapse vulnerable to leak of remote user device information |
| CVE-2023-3676 | 2023-10-31 | Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation |
| CVE-2023-3955 | 2023-10-31 | Kubernetes - Windows nodes - Insufficient input sanitization leads to privilege escalation |
| CVE-2023-20886 | 2023-10-31 | VMware Workspace ONE UEM console contains an open redirect vulnerability.... |
| CVE-2023-44484 | 2023-10-31 | Online Blood Donation Management System v1.0 - Stored Cross-Site Scripting (XSS) |
| CVE-2023-46278 | 2023-10-31 | Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.1.0 to... |