CVE List - 2023 / November
Showing 801 - 900 of 2443 CVEs for November 2023 (Page 9 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-34171 | 2023-11-09 | WordPress WP Report Post Plugin <= 2.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5542 | 2023-11-09 | Moodle: students can view other users in "only see own membership" groups |
| CVE-2023-34169 | 2023-11-09 | WordPress TS Webfonts for さくらのレンタルサーバ Plugin <= 3.1.2 is vulnerable to Broken Access Control |
| CVE-2023-34033 | 2023-11-09 | WordPress Ajax Pagination and Infinite Scroll Plugin <= 2.0.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5544 | 2023-11-09 | Moodle: stored xss and potential idor risk in wiki comments |
| CVE-2023-5545 | 2023-11-09 | Moodle: auto-populated h5p author name causes a potential information leak |
| CVE-2023-5546 | 2023-11-09 | Moodle: stored xss in quiz grading report via user id number |
| CVE-2023-5547 | 2023-11-09 | Moodle: xss risk when previewing data in course upload tool |
| CVE-2023-5548 | 2023-11-09 | Moodle: cache poisoning risk with endpoint revision numbers |
| CVE-2023-5549 | 2023-11-09 | Moodle: insufficient capability checks when updating the parent of a course category |
| CVE-2023-5550 | 2023-11-09 | Moodle: rce due to lfi risk in some misconfigured shared hosting environments |
| CVE-2023-5551 | 2023-11-09 | Moodle: forum summary report shows students from other groups when in separate groups mode |
| CVE-2023-5954 | 2023-11-09 | Vault Requests Triggering Policy Checks May Lead To Unbounded Memory Consumption |
| CVE-2023-34031 | 2023-11-09 | WordPress bbPress Toolkit Plugin <= 1.0.12 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34025 | 2023-11-09 | WordPress LWS Hide Login Plugin <= 2.1.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-34024 | 2023-11-09 | WordPress WP Full Auto Tags Manager Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32794 | 2023-11-09 | WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32745 | 2023-11-09 | WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32744 | 2023-11-09 | WordPress WooCommerce Product Recommendations Plugin < 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32739 | 2023-11-09 | WordPress WP Custom Cursors Plugin < 3.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32602 | 2023-11-09 | WordPress CALL ME NOW Plugin <= 3.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-4379 | 2023-11-09 | Incorrect Authorization in GitLab |
| CVE-2023-32594 | 2023-11-09 | WordPress Hyphenator Plugin <= 5.1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32592 | 2023-11-09 | WordPress Sunny Search Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32587 | 2023-11-09 | WordPress WP Reactions Lite Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32579 | 2023-11-09 | WordPress Forget About Shortcode Buttons Plugin <= 2.1.2 is vulnerable to Broken Access Control |
| CVE-2023-32512 | 2023-11-09 | WordPress ShortPixel Adaptive Images Plugin <= 3.7.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5543 | 2023-11-09 | Moodle: duplicating a bigbluebutton activity assigns the same meeting id |
| CVE-2023-32502 | 2023-11-09 | WordPress Pro Mime Types Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32501 | 2023-11-09 | WordPress VikBooking Hotel Booking Engine & PMS Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32500 | 2023-11-09 | WordPress WoodMart Theme <= 7.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32125 | 2023-11-09 | WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32093 | 2023-11-09 | WordPress TPG Redirect Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32092 | 2023-11-09 | WordPress Community by PeepSo Plugin <= 6.0.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31235 | 2023-11-09 | WordPress Participants Database Plugin <= 2.4.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2018-8863 | 2023-11-09 | Philips EncoreAnywhere Exposure of Sensitive Information to an Unauthorized Actor |
| CVE-2023-31093 | 2023-11-09 | WordPress Chronosly Events Calendar Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31088 | 2023-11-09 | WordPress Floating Action Button Plugin <=1.2.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31086 | 2023-11-09 | WordPress Simple Giveaways Plugin <= 2.46.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36014 | 2023-11-09 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability |
| CVE-2023-36024 | 2023-11-09 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-39796 | 2023-11-10 | SQL injection vulnerability in the miniform module in WBCE CMS... |
| CVE-2023-47246 | 2023-11-10 | In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads... |
| CVE-2023-47800 | 2023-11-10 | Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default... |
| CVE-2023-6069 | 2023-11-10 | Improper Link Resolution Before File Access in froxlor/froxlor |
| CVE-2023-46729 | 2023-11-10 | Sentry Next.js vulnerable to SSRF via Next.js SDK tunnel endpoint |
| CVE-2023-45167 | 2023-11-10 | IBM AIX denial of service |
| CVE-2023-6073 | 2023-11-10 | DoS and Control of Volume Settings for VW ID.3 ICAS3 IVI ECU |
| CVE-2023-47164 | 2023-11-10 | Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a... |
| CVE-2023-31078 | 2023-11-10 | WordPress WP BrowserUpdate Plugin <= 4.4.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-31077 | 2023-11-10 | WordPress Export WP Page to Static HTML/CSS Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30478 | 2023-11-10 | WordPress Newsletters Plugin <= 4.8.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29440 | 2023-11-10 | WordPress Simple Job Board Plugin <= 2.10.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29428 | 2023-11-10 | WordPress Superb Social Media Share Buttons and Follow Buttons Plugin <= 1.1.3 is vulnerable to Broken Access Control |
| CVE-2023-29426 | 2023-11-10 | WordPress Spreadshop Plugin Plugin <= 1.6.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6074 | 2023-11-10 | PHPGurukul Restaurant Table Booking System Booking Reservation check-status.php sql injection |
| CVE-2023-45806 | 2023-11-10 | Discourse vulnerable to DoS via Regexp Injection in Full Name |
| CVE-2023-45816 | 2023-11-10 | Unread bookmark reminder notifications that the user cannot access can be seen |
| CVE-2023-23367 | 2023-11-10 | QTS, QuTS hero, QuTScloud |
| CVE-2023-46130 | 2023-11-10 | Bypassing height value allowed in some theme components |
| CVE-2023-6075 | 2023-11-10 | PHPGurukul Restaurant Table Booking System Reservation Request index.php cross site scripting |
| CVE-2023-47119 | 2023-11-10 | HTML injection in oneboxed links |
| CVE-2023-47120 | 2023-11-10 | Discourse DoS through Onebox favicon URL |
| CVE-2023-47121 | 2023-11-10 | Discourse SSRF vulnerability in Embedding |
| CVE-2023-6076 | 2023-11-10 | PHPGurukul Restaurant Table Booking System Reservation Status booking-details.php information disclosure |
| CVE-2023-47614 | 2023-11-10 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor... |
| CVE-2023-39295 | 2023-11-10 | QuMagie |
| CVE-2023-41284 | 2023-11-10 | QuMagie |
| CVE-2023-41285 | 2023-11-10 | QuMagie |
| CVE-2023-47611 | 2023-11-10 | A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion... |
| CVE-2023-4949 | 2023-11-10 | Memory Corruption Vulnerability in Grub-Legacy's XFS Implementation |
| CVE-2023-46733 | 2023-11-10 | Symfony possible session fixation vulnerability |
| CVE-2023-46734 | 2023-11-10 | Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters |
| CVE-2023-46735 | 2023-11-10 | Symfony potential Cross-site Scripting in WebhookController |
| CVE-2023-47128 | 2023-11-10 | piccolo SQL Injection via named transaction savepoints |
| CVE-2023-47108 | 2023-11-10 | DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics |
| CVE-2023-47129 | 2023-11-10 | Statamic CMS remote code execution via front-end form uploads |
| CVE-2023-36027 | 2023-11-10 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-47122 | 2023-11-10 | Gitsign's Rekor public keys fetched from upstream API instead of local TUF client. |
| CVE-2023-4804 | 2023-11-10 | Quantum HD Unity |
| CVE-2023-47390 | 2023-11-11 | Headscale through 0.22.3 writes bearer tokens to info-level logs. |
| CVE-2023-46849 | 2023-11-11 | Using the --fragment option in certain configuration setups OpenVPN version... |
| CVE-2023-46850 | 2023-11-11 | Use after free in OpenVPN version 2.6.0 to 2.6.6 may... |
| CVE-2023-5959 | 2023-11-11 | Byzoro Smart S85F Management Platform login.php password recovery |
| CVE-2023-43057 | 2023-11-11 | IBM QRadar SIEM cross-site scripting |
| CVE-2023-6084 | 2023-11-12 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-47037 | 2023-11-12 | Apache Airflow missing fix for CVE-2023-40611 in 2.7.1 (DAG run broken access) |
| CVE-2023-42781 | 2023-11-12 | Apache Airflow: Permission verification bypass allows viewing dagruns of other dags |
| CVE-2023-29425 | 2023-11-12 | WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.23 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-29238 | 2023-11-12 | WordPress Whydonate – FREE Donate button Plugin <= 3.12.15 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28987 | 2023-11-12 | WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28930 | 2023-11-12 | WordPress Mobile Banner Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28696 | 2023-11-12 | WordPress I Recommend This Plugin <= 3.9.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28694 | 2023-11-12 | WordPress Wbcom Designs – BuddyPress Activity Social Share Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28618 | 2023-11-12 | WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28498 | 2023-11-12 | WordPress Hotel Booking Lite Plugin <= 4.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28497 | 2023-11-12 | WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28495 | 2023-11-12 | WordPress WP Shortcode by MyThemeShop Plugin <= 1.4.16 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28420 | 2023-11-12 | WordPress Custom Options Plus Plugin <= 1.8.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-28419 | 2023-11-12 | WordPress Force First and Last Name as Display Name Plugin <= 1.2 is vulnerable to Cross Site Request Forgery (CSRF) |