CVE List - 2023 / November
Showing 1901 - 2000 of 2443 CVEs for November 2023 (Page 20 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-47758 | 2023-11-22 | WordPress Multi Step Form Plugin <= 1.7.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47765 | 2023-11-22 | WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47775 | 2023-11-22 | WordPress wpDiscuz Plugin <= 7.6.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47781 | 2023-11-22 | WordPress Thrive Theme Builder Theme < 3.24.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2022-36777 | 2023-11-22 | IBM Cloud Pak for Security information disclosure |
| CVE-2023-47785 | 2023-11-22 | WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47791 | 2023-11-22 | WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-6264 | 2023-11-22 | Information leak in Content-Security-Policy header in Devolutions Server 2023.3.7.0 allows... |
| CVE-2023-47792 | 2023-11-22 | WordPress Big File Uploads Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-39925 | 2023-11-22 | WordPress Community by PeepSo Plugin <= 6.1.6.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-25682 | 2023-11-22 | IBM Sterling B2B Integrator information disclosure |
| CVE-2023-47819 | 2023-11-22 | WordPress Easy Call Now by ThikShare Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47824 | 2023-11-22 | WordPress Legal Pages Plugin <= 1.3.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47825 | 2023-11-22 | WordPress WP EXtra Plugin <= 6.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30496 | 2023-11-22 | WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-6265 | 2023-11-22 | DrayTek Vigor2960 mainfunction.cgi dumpSyslog 'option' directory traversal |
| CVE-2023-47759 | 2023-11-22 | WordPress Chaty Plugin <= 3.1.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47766 | 2023-11-22 | WordPress Post Status Notifier Lite Plugin <= 1.11.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47767 | 2023-11-22 | WordPress Interactive World Map Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47768 | 2023-11-22 | WordPress Footer Putter Plugin <= 1.17 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-48706 | 2023-11-22 | Vim has heap-use-after-free at /src/charset.c:1770:12 in skipwhite |
| CVE-2023-47773 | 2023-11-22 | WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47786 | 2023-11-22 | WordPress LayerSlider Plugin <= 7.7.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47808 | 2023-11-22 | WordPress Add Widgets to Page Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47809 | 2023-11-22 | WordPress Accordion Plugin <= 2.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47810 | 2023-11-22 | WordPress Ajax Domain Checker Plugin <= 1.3.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47811 | 2023-11-22 | WordPress Anywhere Flash Embed Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47812 | 2023-11-22 | WordPress Bamboo Columns Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47813 | 2023-11-22 | WordPress Better RSS Widget Plugin <= 2.8.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47814 | 2023-11-22 | WordPress BMI Calculator Plugin Plugin <= 1.0.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47815 | 2023-11-22 | WordPress BP Profile Shortcodes Extra Plugin <= 2.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47816 | 2023-11-22 | WordPress Charitable Plugin <= 1.7.0.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47817 | 2023-11-22 | WordPress Daily Prayer Time Plugin <= 2023.10.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47821 | 2023-11-22 | WordPress Email Encoder Bundle Plugin <= 2.1.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47829 | 2023-11-22 | WordPress Quick Call Button Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47831 | 2023-11-22 | WordPress DrawIt (draw.io) Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47833 | 2023-11-22 | WordPress Theater for WordPress Plugin <= 0.18.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47834 | 2023-11-22 | WordPress Quiz And Survey Master Plugin <= 8.1.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47835 | 2023-11-22 | WordPress ARI Stream Quiz Plugin <= 1.2.32 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47839 | 2023-11-22 | WordPress eCommerce Product Catalog Plugin <= 3.3.26 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47790 | 2023-11-22 | WordPress Pz-LinkCard Plugin <= 2.4.8 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-30581 | 2023-11-22 | The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy... |
| CVE-2023-23978 | 2023-11-22 | WordPress WP Client Reports Plugin <= 1.0.16 is vulnerable to Sensitive Data Exposure |
| CVE-2023-40002 | 2023-11-22 | WordPress Booster for WooCommerce Plugin <= 7.1.1 is vulnerable to Sensitive Data Exposure |
| CVE-2022-44010 | 2023-11-23 | An issue was discovered in ClickHouse before 22.9.1.2603. An attacker... |
| CVE-2022-44011 | 2023-11-23 | An issue was discovered in ClickHouse before 22.9.1.2603. An authenticated... |
| CVE-2023-33202 | 2023-11-23 | Bouncy Castle for Java before 1.73 contains a potential Denial... |
| CVE-2023-49210 | 2023-11-23 | The openssl (aka node-openssl) NPM package through 2.0.0 was characterized... |
| CVE-2023-49213 | 2023-11-23 | The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0... |
| CVE-2023-49214 | 2023-11-23 | Usedesk before 1.7.57 allows chat template injection. |
| CVE-2023-49215 | 2023-11-23 | Usedesk before 1.7.57 allows filter reflected XSS. |
| CVE-2023-49216 | 2023-11-23 | Usedesk before 1.7.57 allows profile stored XSS. |
| CVE-2023-49208 | 2023-11-23 | scheme/webauthn.c in Glewlwyd SSO server before 2.7.6 has a possible... |
| CVE-2023-47668 | 2023-11-23 | WordPress Restrict Content Plugin <= 3.2.7 is vulnerable to Sensitive Data Exposure |
| CVE-2023-29073 | 2023-11-23 | A maliciously crafted MODEL file when parsed through Autodesk AutoCAD... |
| CVE-2023-29074 | 2023-11-23 | A maliciously crafted CATPART file when parsed through Autodesk AutoCAD... |
| CVE-2023-29075 | 2023-11-23 | A maliciously crafted PRT file when parsed through Autodesk AutoCAD... |
| CVE-2023-29076 | 2023-11-23 | A maliciously crafted MODEL, SLDASM, SAT or CATPART file when... |
| CVE-2023-41139 | 2023-11-23 | A maliciously crafted STP file when parsed through Autodesk AutoCAD... |
| CVE-2023-41140 | 2023-11-23 | A maliciously crafted PRT file when parsed through Autodesk AutoCAD... |
| CVE-2023-39253 | 2023-11-23 | Dell OS Recovery Tool, versions 2.2.4013, 2.3.7012.0, and 2.3.7515.0 contain... |
| CVE-2023-43086 | 2023-11-23 | Dell Command | Configure, versions prior to 4.11.0, contains an... |
| CVE-2023-44289 | 2023-11-23 | Dell Command | Configure versions prior to 4.11.0, contain an... |
| CVE-2023-28811 | 2023-11-23 | There is a buffer overflow in the password recovery feature... |
| CVE-2023-44290 | 2023-11-23 | Dell Command | Monitor versions prior to 10.10.0, contain an... |
| CVE-2023-3377 | 2023-11-23 | SQLi in Veribilim's Veribase |
| CVE-2023-28812 | 2023-11-23 | There is a buffer overflow vulnerability in a web browser... |
| CVE-2023-28813 | 2023-11-23 | An attacker could exploit a vulnerability by sending crafted messages... |
| CVE-2023-3631 | 2023-11-23 | SQLi in Medart Notification Panel |
| CVE-2023-43123 | 2023-11-23 | Apache Storm: Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files |
| CVE-2023-4406 | 2023-11-23 | XSS in KC Group's E-Commerce Software |
| CVE-2023-4593 | 2023-11-23 | Path Traversal in BVRP Software SLmail |
| CVE-2023-4594 | 2023-11-23 | Cross-site Scripting in BVRP Software SLmail |
| CVE-2023-4595 | 2023-11-23 | Insertion of Sensitive Information into Externally-Accessible File or Directory in BVRP Software SLmail |
| CVE-2023-4677 | 2023-11-23 | Unauthenticated Admin Account Takeover Via Cron Log File Backups |
| CVE-2023-6118 | 2023-11-23 | Path Traversal in Neutron IP Camera |
| CVE-2023-41786 | 2023-11-23 | Database backups availability by low-privileged users |
| CVE-2023-41787 | 2023-11-23 | Arbitrary File Read |
| CVE-2023-41788 | 2023-11-23 | Remote Code Execution via File Uploader |
| CVE-2023-41789 | 2023-11-23 | Unauthenticated Admin Account Takeover Via XSS |
| CVE-2023-41790 | 2023-11-23 | Traversal Path on PHP file |
| CVE-2023-41791 | 2023-11-23 | Lack of Authorization and Stored XSS Via Translation Abuse |
| CVE-2023-41792 | 2023-11-23 | Lack of Authorization and Stored XSS Via SNMP Trap Editor Page |
| CVE-2023-41806 | 2023-11-23 | Misassignment of privileges can cause DOS attack |
| CVE-2023-41807 | 2023-11-23 | Linux Local Privilege Escalation Via GoTTY Page |
| CVE-2023-41808 | 2023-11-23 | Arbitrary File Read As Root Via GoTTY Page |
| CVE-2023-41810 | 2023-11-23 | Stored XSS Via Dashboard Panel |
| CVE-2023-41811 | 2023-11-23 | Stored XSS Via Site News Page |
| CVE-2023-41812 | 2023-11-23 | Uploading executables via the file manager |
| CVE-2023-5972 | 2023-11-23 | Kernel: the nfta_inner_num and nfta_expr_name netlink attributes accessed without checking its presence in nft_inner.c |
| CVE-2023-47529 | 2023-11-23 | WordPress Cloud Templates & Patterns collection Plugin <= 1.2.2 is vulnerable to Sensitive Data Exposure |
| CVE-2023-47244 | 2023-11-23 | WordPress Email Marketing for WooCommerce by Omnisend Plugin <= 1.13.8 is vulnerable to Sensitive Data Exposure |
| CVE-2021-39008 | 2023-11-23 | IBM QRadar WinCollect Agent information disclosure |
| CVE-2023-26279 | 2023-11-23 | IBM QRadar WinCollect Agent improper output encoding |
| CVE-2023-33706 | 2023-11-24 | SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to... |
| CVE-2023-46575 | 2023-11-24 | A SQL injection vulnerability exists in Meshery prior to version... |
| CVE-2023-49298 | 2023-11-24 | OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios... |
| CVE-2023-44303 | 2023-11-24 | RVTools, Version 3.9.2 and above, contain a sensitive data exposure... |
| CVE-2023-48796 | 2023-11-24 | Apache dolphinscheduler sensitive information disclosure |
| CVE-2023-6251 | 2023-11-24 | CSRF in delete_user_message |