CVE List - 2023 / December
Showing 1 - 100 of 2674 CVEs for December 2023 (Page 1 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-43453 | 2023-12-01 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a... |
| CVE-2023-43454 | 2023-12-01 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a... |
| CVE-2023-43455 | 2023-12-01 | An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a... |
| CVE-2023-45252 | 2023-12-01 | DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not... |
| CVE-2023-45253 | 2023-12-01 | An issue was discovered in Huddly HuddlyCameraService before version 8.0.7,... |
| CVE-2023-48016 | 2023-12-01 | Restaurant Table Booking System V1.0 is vulnerable to SQL Injection... |
| CVE-2023-48801 | 2023-12-01 | In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains... |
| CVE-2023-48813 | 2023-12-01 | Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable... |
| CVE-2023-48886 | 2023-12-01 | A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute... |
| CVE-2023-48887 | 2023-12-01 | A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute... |
| CVE-2023-48893 | 2023-12-01 | SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php... |
| CVE-2023-49371 | 2023-12-01 | RuoYi up to v4.6 was discovered to contain a SQL... |
| CVE-2023-48842 | 2023-12-01 | D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection... |
| CVE-2023-43089 | 2023-12-01 | Dell Rugged Control Center, version prior to 4.7, contains insufficient... |
| CVE-2023-5915 | 2023-12-01 | A vulnerability of Uncontrolled Resource Consumption has been identified in... |
| CVE-2023-5995 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-6033 | 2023-12-01 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab |
| CVE-2023-5226 | 2023-12-01 | Improper Control of Generation of Code ('Code Injection') in GitLab |
| CVE-2023-4912 | 2023-12-01 | Allocation of Resources Without Limits or Throttling in GitLab |
| CVE-2023-4658 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-4317 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-3949 | 2023-12-01 | Insertion of Sensitive Information Into Sent Data in GitLab |
| CVE-2023-3964 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-3443 | 2023-12-01 | Incorrect Authorization in GitLab |
| CVE-2023-5427 | 2023-12-01 | Mali GPU Kernel Driver allows improper GPU processing operations |
| CVE-2023-6449 | 2023-12-01 | The Contact Form 7 plugin for WordPress is vulnerable to... |
| CVE-2023-5634 | 2023-12-01 | SQLi in ArslanSoft's Education Portal |
| CVE-2023-5635 | 2023-12-01 | User Enumeration in ArslanSoft's Education Portal |
| CVE-2023-6461 | 2023-12-01 | Cross-site Scripting (XSS) - Reflected in viliusle/minipaint |
| CVE-2023-5637 | 2023-12-01 | Plaintext Storage of a Password in ArslanSoft's Education Portal |
| CVE-2023-5636 | 2023-12-01 | Malicious File Upload in ArslanSoft's Education Portal |
| CVE-2023-28895 | 2023-12-01 | Hard-coded password for access to power controller chip memory |
| CVE-2023-28896 | 2023-12-01 | Weak encoding for password in UDS services |
| CVE-2023-45168 | 2023-12-01 | IBM AIX command execution |
| CVE-2023-4518 | 2023-12-01 | A vulnerability exists in the input validation of the GOOSE... |
| CVE-2023-42006 | 2023-12-01 | IBM i information disclosure |
| CVE-2023-26024 | 2023-12-01 | IBM Planning Analytics on Cloud Pak for Data information disclosure |
| CVE-2023-38268 | 2023-12-01 | IBM InfoSphere Information Server cross-site request forgery |
| CVE-2023-43015 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-49277 | 2023-12-01 | Reflected Cross-site Scripting Vulnerability in dpaste |
| CVE-2023-42009 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-43021 | 2023-12-01 | IBM InfoSphere Information Server information disclosure |
| CVE-2023-42022 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-40699 | 2023-12-01 | IBM InfoSphere Information Server denial of service |
| CVE-2023-42019 | 2023-12-01 | IBM InfoSphere Information Server information disclosure |
| CVE-2023-46174 | 2023-12-01 | IBM InfoSphere Information Server cross-site scripting |
| CVE-2023-6462 | 2023-12-01 | SourceCodester User Registration and Login System delete-user.php cross site scripting |
| CVE-2023-44402 | 2023-12-01 | ASAR Integrity bypass via filetype confusion in electron |
| CVE-2023-44382 | 2023-12-01 | October CMS safe mode bypass using Twig sandbox escape |
| CVE-2023-44381 | 2023-12-01 | October CMS safe mode bypass using Page template injection |
| CVE-2023-46746 | 2023-12-01 | Authenticated PostHog users vulnerable to SSRF |
| CVE-2023-48314 | 2023-12-01 | Unescaped passing of the request URL in Collabora Online |
| CVE-2023-49276 | 2023-12-01 | Attribute Injection leading to XSS(Cross-Site-Scripting) in uptime-kuma |
| CVE-2023-49281 | 2023-12-01 | Open Redirect in Login Function of Calendarinho |
| CVE-2023-6463 | 2023-12-01 | SourceCodester User Registration and Login System add-user.php cross site scripting |
| CVE-2023-47100 | 2023-12-02 | In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to... |
| CVE-2023-49914 | 2023-12-02 | InteraXon Muse 2 devices allow remote attackers to cause a... |
| CVE-2023-39256 | 2023-12-02 | Dell Rugged Control Center, version prior to 4.7, contains an... |
| CVE-2023-39257 | 2023-12-02 | Dell Rugged Control Center, version prior to 4.7, contains an... |
| CVE-2023-6464 | 2023-12-02 | SourceCodester User Registration and Login System add-user.php sql injection |
| CVE-2023-6465 | 2023-12-02 | PHPGurukul Nipah Virus Testing Management System registered-user-testing.php cross site scripting |
| CVE-2023-6466 | 2023-12-02 | Thecosy IceCMS User Comment planet cross site scripting |
| CVE-2023-6467 | 2023-12-02 | Thecosy IceCMS Comment Like improper enforcement of a single, unique action |
| CVE-2023-6472 | 2023-12-02 | PHPEMS Content Section api.cls.php cross site scripting |
| CVE-2023-6473 | 2023-12-02 | SourceCodester Online Quiz System take-quiz.php cross site scripting |
| CVE-2023-6474 | 2023-12-02 | PHPGurukul Nipah Virus Testing Management System manage-phlebotomist.php cross-site request forgery |
| CVE-2023-49926 | 2023-12-03 | app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event... |
| CVE-2023-49946 | 2023-12-03 | In Forgejo before 1.20.5-1, certain endpoints do not check whether... |
| CVE-2023-49947 | 2023-12-03 | Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses... |
| CVE-2023-49948 | 2023-12-03 | Forgejo before 1.20.5-1 allows remote attackers to test for the... |
| CVE-2018-25094 | 2023-12-03 | ระบบบัญชีออนไลน์ Online Accounting System image.php path traversal |
| CVE-2020-36768 | 2023-12-03 | rl-institut NESP2 database.py sql injection |
| CVE-2023-45178 | 2023-12-03 | IBM Db2 denial of service |
| CVE-2022-4957 | 2023-12-03 | librespeed speedtest stats.php cross site scripting |
| CVE-2023-40692 | 2023-12-03 | IBM Db2 denial of service |
| CVE-2022-46480 | 2023-12-04 | Incorrect Session Management and Credential Re-use in the Bluetooth LE... |
| CVE-2023-24046 | 2023-12-04 | An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows... |
| CVE-2023-24047 | 2023-12-04 | An Insecure Credential Management issue discovered in Connectize AC21000 G6... |
| CVE-2023-24048 | 2023-12-04 | Cross Site Request Forgery (CSRF) vulnerability in Connectize AC21000 G6... |
| CVE-2023-24050 | 2023-12-04 | Cross Site Scripting (XSS) vulnerability in Connectize AC21000 G6 641.139.1.1256... |
| CVE-2023-24051 | 2023-12-04 | A client side rate limit issue discovered in Connectize AC21000... |
| CVE-2023-24052 | 2023-12-04 | An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers... |
| CVE-2023-26941 | 2023-12-04 | Weak encryption mechanisms in RFID Tags in Yale Conexis L1... |
| CVE-2023-26942 | 2023-12-04 | Weak encryption mechanisms in RFID Tags in Yale IA-210 Alarm... |
| CVE-2023-26943 | 2023-12-04 | Weak encryption mechanisms in RFID Tags in Yale Keyless Lock... |
| CVE-2023-41613 | 2023-12-04 | EzViz Studio v2.2.0 is vulnerable to DLL hijacking. |
| CVE-2023-48799 | 2023-12-04 | TOTOLINK-X6000R Firmware-V9.4.0cu.852_B20230719 is vulnerable to Command Execution. |
| CVE-2023-48800 | 2023-12-04 | In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_417338 function obtains... |
| CVE-2023-48815 | 2023-12-04 | kkFileView v4.3.0 is vulnerable to Incorrect Access Control. |
| CVE-2023-48866 | 2023-12-04 | A Cross-Site Scripting (XSS) vulnerability in the recipe preparation component... |
| CVE-2023-48910 | 2023-12-04 | Microcks up to 1.17.1 was discovered to contain a Server-Side... |
| CVE-2023-48965 | 2023-12-04 | An issue in the component /admin/api.plugs/script of ThinkAdmin v6.1.53 allows... |
| CVE-2023-48966 | 2023-12-04 | An arbitrary file upload vulnerability in the component /admin/api.upload/file of... |
| CVE-2023-48967 | 2023-12-04 | Ssolon <= 2.6.0 and <=2.5.12 is vulnerable to Deserialization of... |
| CVE-2023-24049 | 2023-12-04 | An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows... |
| CVE-2023-48863 | 2023-12-04 | SEMCMS 3.9 is vulnerable to SQL Injection. Due to the... |
| CVE-2023-46167 | 2023-12-04 | IBM Db2 denial of service |
| CVE-2023-38003 | 2023-12-04 | IBM Db2 command execution |
| CVE-2023-47701 | 2023-12-04 | IBM Db2 denial of service |
| CVE-2023-42671 | 2023-12-04 | In imsservice, there is a possible way to write permission... |