CVE List - 2023 / November
Showing 1701 - 1800 of 2443 CVEs for November 2023 (Page 18 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5799 | 2023-11-20 | WP Hotel Booking < 2.0.9 - Contributor+ Arbitrary Post Deletion |
| CVE-2023-5651 | 2023-11-20 | WP Hotel Booking < 2.0.8 - Subscriber+ Arbitrary Post Deletion |
| CVE-2023-5610 | 2023-11-20 | Seraphinite Accelerator < 2.20.29 - Authenticated Arbitrary Redirect |
| CVE-2023-5509 | 2023-11-20 | myStickymenu < 2.6.5 - Subscriber+ Arbitrary Form Leads Deletion |
| CVE-2023-5119 | 2023-11-20 | Forminator and Forminator Pro < 1.27.0 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-5640 | 2023-11-20 | Article Analytics <= 1.0 - Unauthenticated SQL injection |
| CVE-2023-5343 | 2023-11-20 | Popup Box < 3.7.9 - Admin+ Stored XSS |
| CVE-2021-27429 | 2023-11-20 | Texas Instruments TI-RTOS Integer Overflow or Wraparound |
| CVE-2021-22636 | 2023-11-20 | Texas Instruments TI-RTOS Integer Overflow or Wraparound |
| CVE-2023-6062 | 2023-11-20 | Arbitrary File Write |
| CVE-2023-6178 | 2023-11-20 | An arbitrary file write vulnerability exists where an authenticated attacker... |
| CVE-2023-6199 | 2023-11-20 | Book Stack v23.10.2 - LFR via Blind SSRF |
| CVE-2023-48310 | 2023-11-20 | Ability to DoS the testing infrastructure by overwriting files |
| CVE-2023-6144 | 2023-11-20 | Dev Blog v1.0 - ATO |
| CVE-2023-6142 | 2023-11-20 | Dev Blog v1.0 - Stored XSS |
| CVE-2023-45886 | 2023-11-21 | The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6... |
| CVE-2023-46935 | 2023-11-21 | eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can... |
| CVE-2023-48124 | 2023-11-21 | Cross Site Scripting in SUP Online Shopping v.1.0 allows a... |
| CVE-2023-49104 | 2023-11-21 | An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when... |
| CVE-2023-49105 | 2023-11-21 | An issue was discovered in ownCloud owncloud/core before 10.13.1. An... |
| CVE-2023-49103 | 2023-11-21 | An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1... |
| CVE-2023-40151 | 2023-11-21 | Red Lion Controls Sixnet RTU Exposed Dangerous Method Or Function |
| CVE-2023-42770 | 2023-11-21 | Red Lion Controls Sixnet RTU Authentication Bypass Using An Alternative Path Or Channel |
| CVE-2023-5274 | 2023-11-21 | Improper Input Validation vulnerability in simulation function of GX Works2... |
| CVE-2023-5275 | 2023-11-21 | Improper Input Validation vulnerability in simulation function of GX Works2... |
| CVE-2023-4424 | 2023-11-21 | bt: hci: DoS and possible RCE |
| CVE-2023-21416 | 2023-11-21 | Sandro Poppi, member of the AXIS OS Bug Bounty Program,... |
| CVE-2023-21417 | 2023-11-21 | Sandro Poppi, member of the AXIS OS Bug Bounty Program,... |
| CVE-2023-21418 | 2023-11-21 | Sandro Poppi, member of the AXIS OS Bug Bounty Program,... |
| CVE-2023-5553 | 2023-11-21 | During internal Axis Security Development Model (ASDM) threat-modelling, a flaw... |
| CVE-2023-4149 | 2023-11-21 | WAGO: OS Command Injection Vulnerability in Managed Switch |
| CVE-2023-5776 | 2023-11-21 | The Post Meta Data Manager plugin for WordPress is vulnerable... |
| CVE-2023-5599 | 2023-11-21 | Stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x |
| CVE-2023-5598 | 2023-11-21 | Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x |
| CVE-2023-28802 | 2023-11-21 | Disable Zscaler using machine tunnel restart |
| CVE-2023-6235 | 2023-11-21 | Arbitrary code execution in Duet Display |
| CVE-2023-6204 | 2023-11-21 | On some systems—depending on the graphics settings and drivers—it was... |
| CVE-2023-6205 | 2023-11-21 | It was possible to cause the use of a MessagePort... |
| CVE-2023-6206 | 2023-11-21 | The black fade animation when exiting fullscreen is roughly the... |
| CVE-2023-6207 | 2023-11-21 | Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability... |
| CVE-2023-6208 | 2023-11-21 | When using X11, text selected by the page using the... |
| CVE-2023-6209 | 2023-11-21 | Relative URLs starting with three slashes were incorrectly parsed, and... |
| CVE-2023-6210 | 2023-11-21 | When an https: web page created a pop-up from a... |
| CVE-2023-6211 | 2023-11-21 | If an attacker needed a user to load an insecure... |
| CVE-2023-6212 | 2023-11-21 | Memory safety bugs present in Firefox 119, Firefox ESR 115.4,... |
| CVE-2023-6213 | 2023-11-21 | Memory safety bugs present in Firefox 119. Some of these... |
| CVE-2023-49060 | 2023-11-21 | An attacker could have accessed internal pages or data by... |
| CVE-2023-49061 | 2023-11-21 | An attacker could have performed HTML template injection via Reader... |
| CVE-2021-27502 | 2023-11-21 | Texas Instruments TI-RTOS Integer Overflow or Wraparound |
| CVE-2021-27504 | 2023-11-21 | Texas Instruments FREERTOS Integer Overflow or Wraparound |
| CVE-2023-22521 | 2023-11-21 | This High severity RCE (Remote Code Execution) vulnerability was introduced... |
| CVE-2023-22516 | 2023-11-21 | This High severity RCE (Remote Code Execution) vulnerability was introduced... |
| CVE-2023-5055 | 2023-11-21 | L2CAP: Possible Stack based buffer overflow in le_ecred_reconf_req() |
| CVE-2021-38405 | 2023-11-21 | Siemens Solid Edge, JT2Go, and Teamcenter Visualization Improper Restriction of Operations within the Bounds of a Memory Buffer |
| CVE-2023-20265 | 2023-11-21 | A vulnerability in the web-based management interface of a small... |
| CVE-2023-20208 | 2023-11-21 | A vulnerability in the web-based management interface of Cisco ISE... |
| CVE-2023-20272 | 2023-11-21 | A vulnerability in the web-based management interface of Cisco Identity... |
| CVE-2023-20274 | 2023-11-21 | A vulnerability in the installer script of Cisco AppDynamics PHP... |
| CVE-2023-47643 | 2023-11-21 | SuiteCRM has Unauthenticated Graphql Introspection Enabled |
| CVE-2023-48226 | 2023-11-21 | OpenReplay HTML Injection vulnerability |
| CVE-2023-6238 | 2023-11-21 | Kernel: nvme: memory corruption via unprivileged user passthrough |
| CVE-2023-48228 | 2023-11-21 | OAuth2: PKCE can be fully circumvented |
| CVE-2023-48230 | 2023-11-21 | Cap'n Proto WebSocket message can cause crash |
| CVE-2023-48299 | 2023-11-21 | TorchServe ZipSlip |
| CVE-2023-48239 | 2023-11-21 | Nextcloud Server users can make external storage mount points inaccessible for other users |
| CVE-2023-48301 | 2023-11-21 | Nextcloud Server HTML injection in search UI when selecting a circle with HTML in the display name |
| CVE-2023-6248 | 2023-11-21 | Data leakage and arbitrary remote code execution in Syrus cloud devices |
| CVE-2023-48302 | 2023-11-21 | Nextcloud Server vulnerable to Self XSS when pasting HTML into Text app with Ctrl+Shift+V |
| CVE-2023-48303 | 2023-11-21 | Nextcloud Server admins can change authentication details of user configured external storage |
| CVE-2023-48304 | 2023-11-21 | Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user |
| CVE-2023-48305 | 2023-11-21 | Nextcloud Server user_ldap app logs user passwords in the log file on level debug |
| CVE-2023-48306 | 2023-11-21 | Nextcloud Server DNS pin middleware can be tricked into DNS rebinding allowing SSRF |
| CVE-2023-48307 | 2023-11-21 | Nextcloud Mail app vulnerable to Server-Side Request Forgery |
| CVE-2023-48699 | 2023-11-21 | fastbots Eval Injection vulnerability |
| CVE-2023-48700 | 2023-11-21 | Clear Text Credentials Exposed via Onboarding Task |
| CVE-2023-48701 | 2023-11-21 | Statamic CMS vulnerable to Cross-site Scripting via uploaded assets |
| CVE-2023-43887 | 2023-11-22 | Libde265 v1.0.12 was discovered to contain multiple buffer overflows via... |
| CVE-2023-45377 | 2023-11-22 | In the module "Chronopost Official" (chronopost) for PrestaShop, a guest... |
| CVE-2023-46357 | 2023-11-22 | In the module "Cross Selling in Modal Cart" (motivationsale) <... |
| CVE-2023-46814 | 2023-11-22 | A binary hijacking vulnerability exists within the VideoLAN VLC media... |
| CVE-2023-47014 | 2023-11-22 | A Cross-Site Request Forgery (CSRF) vulnerability in Sourcecodester Sticky Notes... |
| CVE-2023-47016 | 2023-11-22 | radare2 5.8.9 has an out-of-bounds read in r_bin_object_set_items in libr/bin/bobj.c,... |
| CVE-2023-47250 | 2023-11-22 | In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access... |
| CVE-2023-47251 | 2023-11-22 | In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory... |
| CVE-2023-47312 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access... |
| CVE-2023-47313 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to Directory Traversal.... |
| CVE-2023-47314 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to cross-site scripting... |
| CVE-2023-47315 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access... |
| CVE-2023-47316 | 2023-11-22 | Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access... |
| CVE-2023-47350 | 2023-11-22 | Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System... |
| CVE-2023-47380 | 2023-11-22 | Admidio v4.2.12 and below is vulnerable to Cross Site Scripting... |
| CVE-2023-47392 | 2023-11-22 | An access control issue in Mercedes me IOS APP v1.34.0... |
| CVE-2023-47393 | 2023-11-22 | An access control issue in Mercedes me IOS APP v1.34.0... |
| CVE-2023-47467 | 2023-11-22 | Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged... |
| CVE-2023-48105 | 2023-11-22 | An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime... |
| CVE-2023-48106 | 2023-11-22 | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker... |
| CVE-2023-48107 | 2023-11-22 | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker... |
| CVE-2023-48161 | 2023-11-22 | Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a... |
| CVE-2023-48646 | 2023-11-22 | Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to... |
| CVE-2023-49102 | 2023-11-22 | NZBGet 21.1 allows authenticated remote code execution because the unarchive... |