CVE List - 2023 / November
Showing 601 - 700 of 2443 CVEs for November 2023 (Page 7 of 25)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2022-45360 | 2023-11-07 | WordPress Commenter Emails Plugin <= 2.6.1 is vulnerable to CSV Injection |
| CVE-2022-45078 | 2023-11-07 | WordPress User Blocker Plugin <= 1.5.5 is vulnerable to CSV Injection |
| CVE-2022-44738 | 2023-11-07 | WordPress Posts and Users Stats Plugin <= 1.1.3 is vulnerable to CSV Injection |
| CVE-2022-42882 | 2023-11-07 | WordPress Simple CSV/XLS Exporter Plugin <= 1.5.8 is vulnerable to CSV Injection |
| CVE-2022-38702 | 2023-11-07 | WordPress WP CSV Exporter Plugin <= 2.0 is vulnerable to CSV Injection |
| CVE-2022-41616 | 2023-11-07 | WordPress Export Users Data CSV Plugin <= 2.1 is vulnerable to CSV Injection |
| CVE-2023-41798 | 2023-11-07 | WordPress Directorist Plugin <= 7.7.1 is vulnerable to CSV Injection |
| CVE-2023-46744 | 2023-11-07 | Stored Cross-site Scripting in Squidex |
| CVE-2022-47181 | 2023-11-07 | WordPress Email Templates Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-32966 | 2023-11-07 | WordPress Jazz Popups Plugin <= 1.8.7 is vulnerable to Cross Site Request Forgery (CSRF) leading to Stored XSS |
| CVE-2023-46737 | 2023-11-07 | Possible endless data attack from attacker-controlled registry in cosign |
| CVE-2023-28499 | 2023-11-07 | WordPress Slide Anything Plugin <= 2.4.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46730 | 2023-11-07 | Server-Side Request Forgery in groupoffice |
| CVE-2023-5998 | 2023-11-07 | Out-of-bounds Read in gpac/gpac |
| CVE-2023-46253 | 2023-11-07 | Remote code execution in Squidex |
| CVE-2023-46252 | 2023-11-07 | Cross-Site Scripting (XSS) via postMessage Handler in Squidex |
| CVE-2023-5309 | 2023-11-07 | Broken Session Management in Puppet Enterprise |
| CVE-2023-46244 | 2023-11-07 | Privilege escalation in Xwiki platform |
| CVE-2023-46242 | 2023-11-07 | Code injection in XWiki Platform |
| CVE-2023-46243 | 2023-11-07 | Code execution via the edit action in XWiki platform |
| CVE-2023-4956 | 2023-11-07 | Quay: clickjacking on config-editor page severity |
| CVE-2023-4154 | 2023-11-07 | Samba: ad dc password exposure to privileged users and rodcs |
| CVE-2023-5818 | 2023-11-07 | The Amazonify plugin for WordPress is vulnerable to Cross-Site Request... |
| CVE-2023-5819 | 2023-11-07 | The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site... |
| CVE-2023-5982 | 2023-11-07 | The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress... |
| CVE-2023-46677 | 2023-11-07 | Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46679 | 2023-11-07 | Online Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46785 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46787 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46788 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46789 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46793 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46800 | 2023-11-07 | Online Matrimonial Project v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-6001 | 2023-11-07 | Prometheus Metrics Accessible Pre-Authentication |
| CVE-2023-6002 | 2023-11-07 | Log Injection |
| CVE-2021-43609 | 2023-11-08 | An issue was discovered in Spiceworks Help Desk Server before... |
| CVE-2023-29974 | 2023-11-08 | An issue discovered in Pfsense CE version 2.6.0 allows attackers... |
| CVE-2023-36667 | 2023-11-08 | Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows... |
| CVE-2023-37790 | 2023-11-08 | Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an... |
| CVE-2023-41111 | 2023-11-08 | An issue was discovered in Samsung Mobile Processor, Wearable Processor,... |
| CVE-2023-41112 | 2023-11-08 | An issue was discovered in Samsung Mobile Processor, Wearable Processor,... |
| CVE-2023-45857 | 2023-11-08 | An issue discovered in Axios 1.5.1 inadvertently reveals the confidential... |
| CVE-2023-45875 | 2023-11-08 | An issue was discovered in Couchbase Server 7.2.0. There is... |
| CVE-2023-46362 | 2023-11-08 | jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash... |
| CVE-2023-46363 | 2023-11-08 | jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page... |
| CVE-2023-46483 | 2023-11-08 | Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an... |
| CVE-2023-47379 | 2023-11-08 | Microweber CMS version 2.0.1 is vulnerable to stored Cross Site... |
| CVE-2023-47397 | 2023-11-08 | WeBid <=1.2.2 is vulnerable to code injection via admin/categoriestrans.php. |
| CVE-2023-4061 | 2023-11-08 | Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor |
| CVE-2023-5801 | 2023-11-08 | Vulnerability of identity verification being bypassed in the face unlock... |
| CVE-2023-46768 | 2023-11-08 | Multi-thread vulnerability in the idmap module. Successful exploitation of this... |
| CVE-2023-46769 | 2023-11-08 | Use-After-Free (UAF) vulnerability in the dubai module. Successful exploitation of... |
| CVE-2023-46770 | 2023-11-08 | Out-of-bounds vulnerability in the sensor module. Successful exploitation of this... |
| CVE-2023-44115 | 2023-11-08 | Vulnerability of improper permission control in the Booster module. Impact:... |
| CVE-2023-41270 | 2023-11-08 | Samsung Smart TV UE40D7000 WPS DoS attack |
| CVE-2023-39913 | 2023-11-08 | Apache UIMA Java SDK Core, Apache UIMA Java SDK CPE, Apache UIMA Java SDK Vinci adapter, Apache UIMA Java SDK tools: Potential untrusted code execution when deserializing certain binary CAS formats |
| CVE-2023-5941 | 2023-11-08 | libc stdio buffer overflow |
| CVE-2023-5978 | 2023-11-08 | Incorrect libcap_net limitation list manipulation |
| CVE-2023-44098 | 2023-11-08 | Vulnerability of missing encryption in the card management module. Successful... |
| CVE-2023-46771 | 2023-11-08 | Security vulnerability in the face unlock module. Successful exploitation of... |
| CVE-2023-46772 | 2023-11-08 | Vulnerability of parameters being out of the value range in... |
| CVE-2022-48613 | 2023-11-08 | Race condition vulnerability in the kernel module. Successful exploitation of... |
| CVE-2023-46774 | 2023-11-08 | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation... |
| CVE-2023-46765 | 2023-11-08 | Vulnerability of uncaught exceptions in the NFC module. Successful exploitation... |
| CVE-2023-46766 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation... |
| CVE-2023-46767 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation... |
| CVE-2023-46760 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation... |
| CVE-2023-46761 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation... |
| CVE-2023-46762 | 2023-11-08 | Out-of-bounds write vulnerability in the kernel driver module. Successful exploitation... |
| CVE-2023-46763 | 2023-11-08 | Vulnerability of background app permission management in the framework module.... |
| CVE-2023-46764 | 2023-11-08 | Unauthorized startup vulnerability of background apps. Successful exploitation of this... |
| CVE-2023-46755 | 2023-11-08 | Vulnerability of input parameters being not strictly verified in the... |
| CVE-2023-46756 | 2023-11-08 | Permission control vulnerability in the window management module. Successful exploitation... |
| CVE-2023-46757 | 2023-11-08 | The remote PIN module has a vulnerability that causes incorrect... |
| CVE-2023-46758 | 2023-11-08 | Permission management vulnerability in the multi-screen interaction module. Successful exploitation... |
| CVE-2023-46759 | 2023-11-08 | Permission control vulnerability in the call module. Successful exploitation of... |
| CVE-2023-6012 | 2023-11-08 | Incorrect input data validation in Lanaccess ONSAFE MonitorHM Web Console |
| CVE-2023-46613 | 2023-11-08 | WordPress Add to Calendar Button Plugin < 1.5.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46621 | 2023-11-08 | WordPress User Avatar Plugin <= 1.4.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5136 | 2023-11-08 | Incorrect Permission Assignment in the TopoGrafix DataPlugin for GPX |
| CVE-2023-45140 | 2023-11-08 | Group-based JIT MFA bypass on scp and sftp in The Bastion |
| CVE-2023-35767 | 2023-11-08 | Unauthenticated Remote Denial-of-Service via Shutdown Function in Helix Core |
| CVE-2023-46626 | 2023-11-08 | WordPress FLOWFACT WP Connector Plugin <= 2.1.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47107 | 2023-11-08 | PILOS account takeover through password reset poisoning |
| CVE-2023-45849 | 2023-11-08 | Arbitrary Code Execution in Helix Core |
| CVE-2023-45319 | 2023-11-08 | Unauthenticated Remote Denial-of-Service (Commit) in Helix Core |
| CVE-2023-5759 | 2023-11-08 | Unauthenticated Remote Denial-of-Service via Buffer in Helix Core |
| CVE-2023-32298 | 2023-11-08 | WordPress Simple User Listing Plugin <= 1.9.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46627 | 2023-11-08 | WordPress WP Simple HTML Sitemap Plugin <= 2.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46640 | 2023-11-08 | WordPress Medialist Plugin <= 1.3.9 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46642 | 2023-11-08 | WordPress SAHU TikTok Pixel for E-Commerce Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-46643 | 2023-11-08 | WordPress Download CloudNet360 Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-5760 | 2023-11-08 | Time-of-check to time-of-use (TOCTOU) bug leads to full local privilege escalation. |
| CVE-2023-5913 | 2023-11-08 | A potential Privilege Escalation vulnerability in opentext Fortify ScanCentral DAST API. |
| CVE-2023-3282 | 2023-11-08 | Cortex XSOAR: Local Privilege Escalation (PE) Vulnerability in Cortex XSOAR Engine |
| CVE-2023-47181 | 2023-11-08 | WordPress IdeaPush Plugin <= 8.52 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47190 | 2023-11-08 | WordPress Apollo13 Framework Extensions Plugin <= 1.9.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47223 | 2023-11-08 | WordPress Basic Interactive World Map Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47226 | 2023-11-08 | WordPress Post Sliders & Post Grids Plugin <= 1.0.20 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47227 | 2023-11-08 | WordPress Social Feed | All social media in one place Plugin <= 1.5.4.6 is vulnerable to Cross Site Scripting (XSS) |