CVE List - 2023 / November
Showing 1801 - 1900 of 2443 CVEs for November 2023 (Page 19 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2021-22150 | 2023-11-22 | Kibana code execution issue |
| CVE-2021-22151 | 2023-11-22 | Kibana path traversal issue |
| CVE-2023-5299 | 2023-11-22 | Fuji Electric Tellus Lite V-Simulator Improper Access Control |
| CVE-2023-40152 | 2023-11-22 | Fuji Electric Tellus Lite V-Simulator Out-of-bounds Write |
| CVE-2023-35127 | 2023-11-22 | Fuji Electric Tellus Lite V-Simulator Stack-based Buffer Overflow |
| CVE-2021-22142 | 2023-11-22 | Kibana Reporting vulnerabilities |
| CVE-2021-22143 | 2023-11-22 | Elastic APM .NET Agent information disclosure |
| CVE-2021-37942 | 2023-11-22 | APM Java Agent Local Privilege Escalation |
| CVE-2021-37937 | 2023-11-22 | Elasticsearch privilege escalation |
| CVE-2022-35638 | 2023-11-22 | IBM Sterling B2B Integrator cross-site request forgery |
| CVE-2023-29069 | 2023-11-22 | A maliciously crafted DLL file can be forced to install onto a non-default location, and attacker can overwrite parts of the product with malicious DLLs. These files may then have... |
| CVE-2023-41145 | 2023-11-22 | Autodesk users who no longer have an active license for an account can still access cases for that account. |
| CVE-2023-41146 | 2023-11-22 | Autodesk Customer Support Portal allows cases created by users under an account to see cases created by other users on the same account. |
| CVE-2023-2447 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users'... |
| CVE-2023-2446 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to sensitive information disclosure via the 'userpro' shortcode in versions up to, and including 5.1.1. This is due to insufficient restriction on sensitive... |
| CVE-2023-5921 | 2023-11-22 | Function Bypass in Geodi |
| CVE-2023-6011 | 2023-11-22 | Stored XSS in Geodi |
| CVE-2023-37924 | 2023-11-22 | Apache Submarine: SQL injection from unauthorized login |
| CVE-2023-46673 | 2023-11-22 | It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. |
| CVE-2023-6117 | 2023-11-22 | M-Files REST API allows Denial of Service |
| CVE-2023-6189 | 2023-11-22 | Improper Permission Handling in M-Files Server |
| CVE-2023-5047 | 2023-11-22 | SQLi in DRDrive |
| CVE-2023-6253 | 2023-11-22 | Saved Uninstall Key in Digital Guardian Agent Uninstaller |
| CVE-2023-3103 | 2023-11-22 | Authentication Bypass by Spoofing in Unitree Robotics A1 |
| CVE-2023-5983 | 2023-11-22 | Information Disclosure in Botanik Software Pharmacy Automation |
| CVE-2023-3104 | 2023-11-22 | Missing Authentication for Critical Function in Unitree Robotics A1 |
| CVE-2023-43081 | 2023-11-22 | PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default permissions vulnerability in ddfscon component. A low Privileged local attacker could potentially exploit this vulnerability, leading to... |
| CVE-2023-28749 | 2023-11-22 | WordPress CM On Demand Search And Replace Plugin <= 1.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28747 | 2023-11-22 | WordPress CBX Currency Converter Plugin <= 3.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27633 | 2023-11-22 | WordPress Customify Plugin <= 2.10.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27446 | 2023-11-22 | WordPress DeepL Pro API translation Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27444 | 2023-11-22 | WordPress DecaLog Plugin <= 3.7.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27442 | 2023-11-22 | WordPress Leyka Plugin <= 3.29.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-2889 | 2023-11-22 | SQLi in Veon Computer's Service Tracking Software |
| CVE-2023-6252 | 2023-11-22 | Path traversal vulnerability in Chameleon Power products |
| CVE-2023-27451 | 2023-11-22 | WordPress Instant Images Plugin <= 5.1.0.2 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2023-27453 | 2023-11-22 | WordPress LWS Tools Plugin <= 2.3.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27461 | 2023-11-22 | WordPress When Last Login Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27458 | 2023-11-22 | WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.4.10 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-27457 | 2023-11-22 | WordPress Add Expires Headers & Optimized Minify Plugin <= 2.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26532 | 2023-11-22 | WordPress Social Auto Poster Plugin <= 2.1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26535 | 2023-11-22 | WordPress Sheets To WP Table Live Sync Plugin <= 2.12.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-26542 | 2023-11-22 | WordPress phpinfo() WP Plugin <= 4.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-48705 | 2023-11-22 | nautobot has XSS potential in custom links, job buttons, and computed fields |
| CVE-2023-5706 | 2023-11-22 | The VK Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk-blocks/ancestor-page-list' block in all versions up to, and including, 1.63.0.1 due to insufficient input sanitization... |
| CVE-2023-5667 | 2023-11-22 | The Tab Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.3 due to insufficient input sanitization and... |
| CVE-2023-2841 | 2023-11-22 | The Advanced Local Pickup for WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in versions up to, and including, 1.5.5 due to insufficient escaping... |
| CVE-2023-5417 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_update_category function in versions up to, and including, 3.4.... |
| CVE-2023-5096 | 2023-11-22 | The HTML filter and csv-file search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'csvsearch' shortcode in versions up to, and including, 2.7 due to insufficient... |
| CVE-2023-5822 | 2023-11-22 | The Drag and Drop Multiple File Upload - Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'dnd_upload_cf7_upload' function in... |
| CVE-2023-5537 | 2023-11-22 | The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function.... |
| CVE-2023-4686 | 2023-11-22 | The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to... |
| CVE-2023-5815 | 2023-11-22 | The News & Blog Designer Pack – WordPress Blog Plugin — (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post Ticker, Blog Post Masonry) plugin for WordPress is... |
| CVE-2023-5742 | 2023-11-22 | The EasyRotator for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easyrotator' shortcode in all versions up to, and including, 1.0.14 due to insufficient input... |
| CVE-2023-5386 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_posts function in versions up to, and including, 3.4.... |
| CVE-2023-5662 | 2023-11-22 | The Sponsors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sponsors' shortcode in all versions up to, and including, 3.5.0 due to insufficient input sanitization and... |
| CVE-2023-5128 | 2023-11-22 | The TCD Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'map' shortcode in versions up to, and including, 1.8 due to insufficient input sanitization and output... |
| CVE-2023-5466 | 2023-11-22 | The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user... |
| CVE-2023-5419 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_test_mail function in versions up to, and including, 3.4.... |
| CVE-2023-6007 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions... |
| CVE-2023-6160 | 2023-11-22 | The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 7.4.2 via the maybe_serve_export function. This makes it... |
| CVE-2023-5415 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_add_category function in versions up to, and including, 3.4.... |
| CVE-2023-5048 | 2023-11-22 | The WDContactFormBuilder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Contact_Form_Builder' shortcode in versions up to, and including, 1.0.72 due to insufficient input sanitization and output escaping... |
| CVE-2023-5382 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-2440 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'admin_page', 'userpro_verify_user' and... |
| CVE-2023-6164 | 2023-11-22 | The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2... |
| CVE-2023-4726 | 2023-11-22 | The Ultimate Dashboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.7.7. due to insufficient input sanitization and output escaping.... |
| CVE-2023-2448 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'userpro_shortcode_template' function in versions up to, and including, 5.1.4. This... |
| CVE-2023-2438 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'userpro_save_userdata'... |
| CVE-2023-5411 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_save_post function in versions up to, and including, 3.4.... |
| CVE-2023-5338 | 2023-11-22 | The Theme Blvd Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping... |
| CVE-2023-5664 | 2023-11-22 | The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ggpkg' shortcode in all versions up to, and including, 2.2.8 due to insufficient input... |
| CVE-2023-5314 | 2023-11-22 | The WP EXtra plugin for WordPress is vulnerable to unauthorized access to restricted functionality due to a missing capability check on the 'test-email' section of the register() function in versions... |
| CVE-2023-5416 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_delete_category function in versions up to, and including, 3.4.... |
| CVE-2023-5234 | 2023-11-22 | The Related Products for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'woo-related' shortcode in versions up to, and including, 3.3.15 due to insufficient input sanitization and... |
| CVE-2023-2437 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.1. This is due to insufficient verification on the user being supplied during a... |
| CVE-2023-5469 | 2023-11-22 | The Drop Shadow Boxes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dropshadowbox' shortcode in versions up to, and including, 1.7.13 due to insufficient input sanitization and output... |
| CVE-2023-5163 | 2023-11-22 | The Weather Atlas Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortcode-weather-atlas' shortcode in versions up to, and including, 1.2.1 due to insufficient input sanitization and output... |
| CVE-2023-5465 | 2023-11-22 | The Popup with fancybox plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.5 due to insufficient escaping on the user... |
| CVE-2023-5387 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_af2_trigger_dark_mode function in versions up to, and including, 3.4.... |
| CVE-2023-5383 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the... |
| CVE-2023-5708 | 2023-11-22 | The WP Post Columns plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'column' shortcode in all versions up to, and including, 2.2 due to insufficient input... |
| CVE-2023-5715 | 2023-11-22 | The Website Optimization – Plerdy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tracking code settings in all versions up to, and including, 1.3.2 due to... |
| CVE-2023-2449 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 5.1.1. This is due to the plugin using native password reset functionality, with... |
| CVE-2023-5385 | 2023-11-22 | The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsf_copy_posts function in versions up to, and including, 3.4.... |
| CVE-2023-6009 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.4 due to insufficient restriction on the 'userpro_update_user_profile' function. This makes it possible for... |
| CVE-2023-6008 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions.... |
| CVE-2023-5704 | 2023-11-22 | The CPO Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.5.0 due to insufficient input sanitization and... |
| CVE-2023-2497 | 2023-11-22 | The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'import_settings'... |
| CVE-2023-43082 | 2023-11-22 | Dell Unity prior to 5.3 contains a 'man in the middle' vulnerability in the vmadapter component. If a customer has a certificate signed by a third-party public Certificate Authority, the... |
| CVE-2023-6156 | 2023-11-22 | Livestatus injection in availability timeline |
| CVE-2023-6157 | 2023-11-22 | Livestatus injection in ajax_search |
| CVE-2023-20084 | 2023-11-22 | A vulnerability in the endpoint software of Cisco Secure Endpoint for Windows could allow an authenticated, local attacker to evade endpoint protection within a limited time window. This vulnerability is... |
| CVE-2023-20240 | 2023-11-22 | Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.... |
| CVE-2023-20241 | 2023-11-22 | Multiple vulnerabilities in Cisco Secure Client Software, formerly AnyConnect Secure Mobility Client, could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system.... |
| CVE-2023-25987 | 2023-11-22 | WordPress YouTube Channel Plugin <= 3.23.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25986 | 2023-11-22 | WordPress PayGreen Plugin <= 4.10.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6263 | 2023-11-22 | Server Spoofing Vulnerability in NxCloud |
| CVE-2023-47755 | 2023-11-22 | WordPress WooCommerce Product Carousel Slider Plugin <= 3.3.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47758 | 2023-11-22 | WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF) |