CVE List - 2023 / November
Showing 401 - 500 of 2443 CVEs for November 2023 (Page 5 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-45069 | 2023-11-06 | WordPress Video Gallery – YouTube Gallery Plugin <= 2.1.3 is vulnerable to SQL Injection |
| CVE-2023-35911 | 2023-11-06 | WordPress Contact Form Generator Plugin <= 2.6.0 is vulnerable to SQL Injection |
| CVE-2023-45657 | 2023-11-06 | WordPress Nexter Theme <= 2.0.3 is vulnerable to SQL Injection |
| CVE-2023-45830 | 2023-11-06 | WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection |
| CVE-2023-46084 | 2023-11-06 | WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection |
| CVE-2023-46821 | 2023-11-06 | WordPress GD Security Headers Plugin <= 1.7 is vulnerable to SQL Injection |
| CVE-2023-46823 | 2023-11-06 | WordPress ImageLinks Interactive Image Builder Plugin <= 1.5.4 is vulnerable to SQL Injection |
| CVE-2023-46782 | 2023-11-06 | WordPress MomentoPress for Momento360 Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46783 | 2023-11-06 | WordPress Pre-Orders for WooCommerce Plugin <= 1.2.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46822 | 2023-11-06 | WordPress WooCommerce – Store Exporter Plugin <= 2.7.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-23702 | 2023-11-06 | WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46824 | 2023-11-06 | WordPress Slick Popup Plugin <= 1.7.14 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47177 | 2023-11-06 | WordPress Linker Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47182 | 2023-11-06 | WordPress Login Screen Manager Plugin <= 3.5.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47184 | 2023-11-06 | WordPress Admin Bar & Dashboard Access Control Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-4996 | 2023-11-06 | Local privilege escalation |
| CVE-2023-5831 | 2023-11-06 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-5825 | 2023-11-06 | Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab |
| CVE-2023-47185 | 2023-11-06 | WordPress wpDiscuz Plugin <= 7.6.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5090 | 2023-11-06 | Kernel: kvm: svm: improper check in svm_set_x2apic_msr_interception allows direct access to host x2apic msrs |
| CVE-2023-46775 | 2023-11-06 | WordPress Original texts Yandex WebMaster Plugin <= 1.18 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46776 | 2023-11-06 | WordPress Auto Excerpt everywhere Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46777 | 2023-11-06 | WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46778 | 2023-11-06 | WordPress Auto Limit Posts Reloaded Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46779 | 2023-11-06 | WordPress EasyRecipe Plugin <= 3.5.3251 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46780 | 2023-11-06 | WordPress Alter Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-46781 | 2023-11-06 | WordPress Current Menu Item for Custom Post Types Plugin <= 1.5 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-5823 | 2023-11-06 | WordPress TK Google Fonts GDPR Compliant Plugin <= 2.2.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-47186 | 2023-11-06 | WordPress Kadence WooCommerce Email Designer Plugin <= 1.5.11 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-3246 | 2023-11-06 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-3909 | 2023-11-06 | Inefficient Regular Expression Complexity in GitLab |
| CVE-2023-3399 | 2023-11-06 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-45161 | 2023-11-06 | 1E-Exchange-URLResponseTime instruction before v20.1 allows arbitrary code execution |
| CVE-2023-5963 | 2023-11-06 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-45163 | 2023-11-06 | 1E-Exchange-CommandLinePing instruction before v18.1 allows for arbitrary code execution |
| CVE-2023-5964 | 2023-11-06 | 1E-Exchange-DisplayMessage instruction allows for arbitrary code execution |
| CVE-2023-4910 | 2023-11-06 | 3scale-admin-portal: logged out users tokens can be accessed |
| CVE-2023-5950 | 2023-11-06 | Rapid7 Velociraptor Reflected XSS |
| CVE-2023-41378 | 2023-11-06 | Calico Typha hangs during unclean TLS handshake |
| CVE-2023-5967 | 2023-11-06 | Denial of Service via crashing the Calls Plugin |
| CVE-2023-5968 | 2023-11-06 | Password hash in response body after username update |
| CVE-2023-5678 | 2023-11-06 | Excessive time spent in DH check / generation with large Q parameter value |
| CVE-2023-5969 | 2023-11-06 | Denial of Service via Link Preview in /api/v4/redirect_location |
| CVE-2023-4535 | 2023-11-06 | Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys |
| CVE-2023-40660 | 2023-11-06 | Opensc: potential pin bypass when card tracks its own login state |
| CVE-2023-40661 | 2023-11-06 | Opensc: multiple memory issues with pkcs15-init (enrollment tool) |
| CVE-2023-46728 | 2023-11-06 | SQUID-2021:8 Denial of Service in Gopher gateway |
| CVE-2023-45827 | 2023-11-06 | Prototype Pollution vulnerability in @clickbar/dot-diver |
| CVE-2023-4700 | 2023-11-06 | Missing Authorization in GitLab |
| CVE-2023-44398 | 2023-11-06 | Out-of-bounds write in exiv2 |
| CVE-2023-46251 | 2023-11-06 | Visual editor persistent Cross-site Scripting (XSS) in MyBB |
| CVE-2023-39345 | 2023-11-06 | Unauthorized Access to Private Fields in User Registration API in strapi |
| CVE-2023-46254 | 2023-11-06 | Service accounts can see namespaces of other tenants in capsule-proxy |
| CVE-2023-46732 | 2023-11-06 | Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform |
| CVE-2023-46731 | 2023-11-06 | Remote code execution through the section parameter in Administration as guest in XWiki Platform |
| CVE-2023-5777 | 2023-11-06 | Weintek EasyBuilder Pro Use of Hard-coded Credentials |
| CVE-2023-5719 | 2023-11-06 | Red Lion Crimson Improper Neutralization of Null Byte or NUL Character |
| CVE-2023-5771 | 2023-11-06 | HTML injection in AdminUI through email subject |
| CVE-2023-5454 | 2023-11-06 | Templately < 2.2.6 - Arbitrary post trashing via Missing Authorization |
| CVE-2023-5354 | 2023-11-06 | Awesome Support < 6.1.5 - Reflected Cross-Site Scripting |
| CVE-2023-5082 | 2023-11-06 | History Log by click5 < 1.0.13 - Admin+ Time-Based Blind SQL Injection |
| CVE-2023-5228 | 2023-11-06 | User Registration < 3.0.4.2 - Admin+ Stored XSS |
| CVE-2023-5352 | 2023-11-06 | Awesome Support < 6.1.5 - Insufficient permission check in wpas_edit_reply |
| CVE-2023-4930 | 2023-11-06 | Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing |
| CVE-2023-4810 | 2023-11-06 | Responsive Pricing Table < 5.1.8 - Admin+ Stored Cross-Site Scriping |
| CVE-2023-4858 | 2023-11-06 | WP Simple Table Manager Plugin <= 1.5.6 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-5181 | 2023-11-06 | WP Discord Invite < 2.5.2 - Admin+ Stored Cross Site Scripting |
| CVE-2023-5530 | 2023-11-06 | Ninja Forms < 3.6.34 - Admin+ Stored XSS |
| CVE-2023-5601 | 2023-11-06 | WooCommerce Ninja Forms Product Add-ons < 1.7.1 - Unauthenticated Arbitrary File Upload |
| CVE-2023-5355 | 2023-11-06 | Awesome Support < 6.1.5 - Submitter+ Arbitrary File Deletion |
| CVE-2023-5605 | 2023-11-06 | URL Shortify < 1.7.9.1 - Admin+ Stored XSS |
| CVE-2023-36769 | 2023-11-06 | Microsoft OneNote Spoofing Vulnerability |
| CVE-2023-36409 | 2023-11-06 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2021-43419 | 2023-11-07 | An Information Disclosure vulnerability exists in Opay Mobile application 1.5.1.26... |
| CVE-2023-33478 | 2023-11-07 | RemoteClinic 2.0 has a SQL injection vulnerability in the ID... |
| CVE-2023-33479 | 2023-11-07 | RemoteClinic version 2.0 contains a SQL injection vulnerability in the... |
| CVE-2023-33480 | 2023-11-07 | RemoteClinic 2.0 contains a critical vulnerability chain that can be... |
| CVE-2023-33481 | 2023-11-07 | RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection... |
| CVE-2023-42283 | 2023-11-07 | Blind SQL injection in api_id parameter in Tyk Gateway version... |
| CVE-2023-42284 | 2023-11-07 | Blind SQL injection in api_version parameter in Tyk Gateway version... |
| CVE-2023-42361 | 2023-11-07 | Local File Inclusion vulnerability in Midori-global Better PDF Exporter for... |
| CVE-2023-43885 | 2023-11-07 | Missing error handling in the HTTP server component of Tenda... |
| CVE-2023-43886 | 2023-11-07 | A buffer overflow in the HTTP server component of Tenda... |
| CVE-2023-43984 | 2023-11-07 | Insecure permissions in Smart Soft advancedexport before v4.4.7 allow unauthenticated... |
| CVE-2023-45380 | 2023-11-07 | In the module "Order Duplicator " Clone and Delete Existing... |
| CVE-2023-46001 | 2023-11-07 | Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local... |
| CVE-2023-46501 | 2023-11-07 | An issue in BoltWire v.6.03 allows a remote attacker to... |
| CVE-2023-46998 | 2023-11-07 | Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0... |
| CVE-2023-47102 | 2023-11-07 | UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because... |
| CVE-2023-47359 | 2023-11-07 | Videolan VLC prior to version 3.0.20 contains an incorrect offset... |
| CVE-2023-47360 | 2023-11-07 | Videolan VLC prior to version 3.0.20 contains an Integer underflow... |
| CVE-2023-47455 | 2023-11-07 | Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi... |
| CVE-2023-47456 | 2023-11-07 | Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function... |
| CVE-2023-41425 | 2023-11-07 | Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2... |
| CVE-2023-5976 | 2023-11-07 | Improper Access Control in microweber/microweber |
| CVE-2023-35140 | 2023-11-07 | The improper privilege management vulnerability in the Zyxel GS1900-24EP switch... |
| CVE-2023-21671 | 2023-11-07 | Improper Input Validation in Core |
| CVE-2023-22388 | 2023-11-07 | Use of Out-of-range Pointer Offset in Multi-mode Call Processor |
| CVE-2023-24852 | 2023-11-07 | Improper Authentication in Core |
| CVE-2023-28545 | 2023-11-07 | Improper Restriction of Operations within the Bounds of a Memory Buffer in TZ Secure OS |