CVE List - 2023 / November
Showing 1501 - 1600 of 2443 CVEs for November 2023 (Page 16 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-47242 | 2023-11-16 | WordPress ANAC XML Bandi di Gara Plugin <= 7.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47240 | 2023-11-16 | WordPress CBX Map for Google Map & OpenStreetMap Plugin <= 1.1.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47239 | 2023-11-16 | WordPress Easy PayPal Shopping Cart Plugin <= 1.1.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-28621 | 2023-11-16 | WordPress Raise Mag Theme <= 1.0.7 and Wishful Blog theme <= 2.0.1 are vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-39926 | 2023-11-16 | WordPress Under Construction / Maintenance Mode from Acurax Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-34375 | 2023-11-16 | WordPress Seo By 10Web Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-36026 | 2023-11-16 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| CVE-2023-36008 | 2023-11-16 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2023-32957 | 2023-11-16 | WordPress Team Members Showcase Plugin <= 1.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32796 | 2023-11-16 | WordPress WooCommerce Product Enquiry Plugin <= 2.3.4 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46214 | 2023-11-16 | Remote code execution (RCE) in Splunk Enterprise through Insecure XML Parsing |
| CVE-2023-46213 | 2023-11-16 | Cross-site Scripting (XSS) on “Show Syntax Highlighted” View in Search Page |
| CVE-2023-6020 | 2023-11-16 | Ray Static File Local File Include |
| CVE-2023-6014 | 2023-11-16 | MLflow Authentication Bypass |
| CVE-2023-40314 | 2023-11-16 | Cross-site scripting in bootstrap.jsp |
| CVE-2023-47642 | 2023-11-16 | Stream description leaks to ex-subscribers in Zulip |
| CVE-2023-48222 | 2023-11-16 | Authenticated users can view or delete jobs they do not have authorization for in Rundeck |
| CVE-2023-47112 | 2023-11-16 | Authenticated users can view job names and groups they do not have authorization to view in Rundeck |
| CVE-2023-47688 | 2023-11-16 | WordPress Youtube SpeedLoad Plugin <= 0.6.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47687 | 2023-11-16 | WordPress Woo Custom and Sequential Order Number Plugin <= 2.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47686 | 2023-11-16 | WordPress Arigato Autoresponder and Newsletter Plugin <= 2.7.2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48237 | 2023-11-16 | overflow in shift_line in vim |
| CVE-2023-48236 | 2023-11-16 | overflow in get_number in vim |
| CVE-2023-48235 | 2023-11-16 | overflow in ex address parsing in vim |
| CVE-2023-48234 | 2023-11-16 | overflow in nv_z_get_count in vim |
| CVE-2023-48233 | 2023-11-16 | overflow with count for :s command in vim |
| CVE-2023-48232 | 2023-11-16 | Floating point Exception in adjust_plines_for_skipcol() in vim |
| CVE-2023-48231 | 2023-11-16 | Use-After-Free in win_close() in vim |
| CVE-2020-11447 | 2023-11-17 | An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number... |
| CVE-2020-11448 | 2023-11-17 | An issue was discovered on Bell HomeHub 3000 SG48222070 devices. There is XSS related to the email field and the login page. |
| CVE-2023-38313 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before 10.1.2. it has a do_binauth NULL pointer dereference that can be triggered with a crafted GET HTTP request with a missing... |
| CVE-2023-38314 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a NULL pointer dereference in preauthenticated() that can be triggered with a crafted GET HTTP request with... |
| CVE-2023-38315 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a try_to_authenticate NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing... |
| CVE-2023-38316 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS commands by inserting them into the URL... |
| CVE-2023-38320 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a show_preauthpage NULL pointer dereference that can be triggered with a crafted GET HTTP with a missing... |
| CVE-2023-38322 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. It has a do_binauth NULL pointer dereference that be triggered with a crafted GET HTTP request with a missing... |
| CVE-2023-38324 | 2023-11-17 | An issue was discovered in OpenNDS before 10.1.2. It allows users to skip the splash page sequence (and directly authenticate) when it is using the default FAS key and OpenNDS... |
| CVE-2023-41101 | 2023-11-17 | An issue was discovered in the captive portal in OpenNDS before version 10.1.3. get_query in http_microhttpd.c does not validate the length of the query string of GET requests. This leads... |
| CVE-2023-41102 | 2023-11-17 | An issue was discovered in the captive portal in OpenNDS before version 10.1.3. It has multiple memory leaks due to not freeing up allocated memory. This may lead to a... |
| CVE-2023-43177 | 2023-11-17 | CrushFTP prior to 10.5.1 is vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes. |
| CVE-2023-44796 | 2023-11-17 | Cross Site Scripting (XSS) vulnerability in LimeSurvey before version 6.2.9-230925 allows a remote attacker to escalate privileges via a crafted script to the _generaloptions_panel.php component. |
| CVE-2023-45382 | 2023-11-17 | In the module "SoNice Retour" (sonice_retour) up to version 2.1.0 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. Due to... |
| CVE-2023-45387 | 2023-11-17 | In the module "Product Catalog (CSV, Excel, XML) Export PRO" (exportproducts) in versions up to 5.0.0 from MyPrestaModules for PrestaShop, a guest can perform SQL injection via `exportProduct::_addDataToDb().` |
| CVE-2023-46402 | 2023-11-17 | git-urls 1.0.0 allows ReDOS (Regular Expression Denial of Service) in urls.go. |
| CVE-2023-48024 | 2023-11-17 | Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c |
| CVE-2023-48025 | 2023-11-17 | Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c |
| CVE-2023-48185 | 2023-11-17 | Directory Traversal vulnerability in TerraMaster v.s1.0 through v.2.295 allows a remote attacker to obtain sensitive information via a crafted GET request. |
| CVE-2023-48648 | 2023-11-17 | Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access... |
| CVE-2023-48649 | 2023-11-17 | Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name. |
| CVE-2023-48655 | 2023-11-17 | An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. |
| CVE-2023-48656 | 2023-11-17 | An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses. |
| CVE-2023-48657 | 2023-11-17 | An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters. |
| CVE-2023-48658 | 2023-11-17 | An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space. |
| CVE-2023-48659 | 2023-11-17 | An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing. |
| CVE-2023-48028 | 2023-11-17 | kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages,... |
| CVE-2023-48029 | 2023-11-17 | Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits... |
| CVE-2023-48031 | 2023-11-17 | OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the... |
| CVE-2023-38130 | 2023-11-17 | Cross-site request forgery (CSRF) vulnerability in CubeCart prior to 6.5.3 allows a remote unauthenticated attacker to delete data in the system. |
| CVE-2023-42428 | 2023-11-17 | Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. |
| CVE-2023-47283 | 2023-11-17 | Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. |
| CVE-2023-47675 | 2023-11-17 | CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary OS command. |
| CVE-2023-39544 | 2023-11-17 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to... |
| CVE-2023-39545 | 2023-11-17 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to... |
| CVE-2023-39546 | 2023-11-17 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to... |
| CVE-2023-39547 | 2023-11-17 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to... |
| CVE-2023-39548 | 2023-11-17 | CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to... |
| CVE-2023-47797 | 2023-11-17 | Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the `p_l_back_url_title`... |
| CVE-2023-44325 | 2023-11-17 | ZDI-CAN-21666: Adobe Animate FLA File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-44326 | 2023-11-17 | ZDI-CAN-21866: Adobe Dimension GLTF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-47757 | 2023-11-17 | WordPress AWeber Plugin <= 7.3.9 is vulnerable to Broken Access Control |
| CVE-2023-5444 | 2023-11-17 | CSRF in ePO leading to privilege escalation |
| CVE-2023-5445 | 2023-11-17 | An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL... |
| CVE-2023-47067 | 2023-11-17 | ZDI-CAN-21706: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-47069 | 2023-11-17 | ZDI-CAN-21703: Adobe After Effects M4A File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-47073 | 2023-11-17 | ZDI-CAN-21709: Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-47070 | 2023-11-17 | ZDI-CAN-21708: Adobe After Effects MP4 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability |
| CVE-2023-47066 | 2023-11-17 | ZDI-CAN-21705: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-47072 | 2023-11-17 | ZDI-CAN-21790: Adobe After Effects MP4 File Uninitialized Variable Information Disclosure Vulnerability |
| CVE-2023-47071 | 2023-11-17 | ZDI-CAN-21704: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability |
| CVE-2023-47068 | 2023-11-17 | ZDI-CAN-21702: Adobe After Effects MP4 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability |
| CVE-2023-44324 | 2023-11-17 | ZDI-CAN-21344: Adobe FrameMaker Publishing Server Authentication Bypass Vulnerability |
| CVE-2023-22273 | 2023-11-17 | ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability |
| CVE-2023-22274 | 2023-11-17 | ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability |
| CVE-2023-22268 | 2023-11-17 | ZDI-CAN-21308: Adobe RoboHelp Server getRHSGroupsForRoles SQL Injection Information Disclosure Vulnerability |
| CVE-2023-22272 | 2023-11-17 | ZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability |
| CVE-2023-22275 | 2023-11-17 | ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability |
| CVE-2023-44350 | 2023-11-17 | ColdFusion | Deserialization of Untrusted Data (CWE-502) |
| CVE-2023-44353 | 2023-11-17 | ColdFusion WDDX Deserialization Gadgets |
| CVE-2023-44352 | 2023-11-17 | Unauthenticate Reflected XSS on Adobe Coldfusion 2018 - 2021 - 2023 last version |
| CVE-2023-26347 | 2023-11-17 | CVE-2023-38205 issues | ColdFusion Admin Panel Access |
| CVE-2023-44355 | 2023-11-17 | ColdFusion | Improper Input Validation (CWE-20) |
| CVE-2023-44351 | 2023-11-17 | Adobe ColdFusion RCE Security Vulnerability |
| CVE-2023-26364 | 2023-11-17 | Denial of Service of regular expression in package @adobe/css-tools |
| CVE-2023-6179 | 2023-11-17 | Incorrect Permission assignment to program executable folders |
| CVE-2023-6188 | 2023-11-17 | GetSimpleCMS theme-edit.php code injection |
| CVE-2023-48295 | 2023-11-17 | Cross-site Scripting at Device groups Deletion feature in LibreNMS |
| CVE-2023-48294 | 2023-11-17 | Broken Access control on Graphs Feature in LibreNMS |
| CVE-2023-48238 | 2023-11-17 | JWT Algorithm Confusion in json-web-token library |
| CVE-2023-46745 | 2023-11-17 | Rate limiting Bypass on login page in libreNMS |
| CVE-2023-40809 | 2023-11-18 | OpenCRX version 5.2.0 is vulnerable to HTML injection via the Activity Search Criteria-Activity Number. |