CVE List - 2023 / December
Showing 2001 - 2100 of 2674 CVEs for December 2023 (Page 21 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-7026 | 2023-12-21 | Lightxun IPTV Gateway web_upload_template.html unrestricted upload |
| CVE-2023-2585 | 2023-12-21 | Keycloak: client access via device auth request spoof |
| CVE-2023-49920 | 2023-12-21 | Apache Airflow: Missing CSRF protection on DAG/trigger |
| CVE-2023-47265 | 2023-12-21 | Apache Airflow: DAG Params alllow to embed unchecked Javascript |
| CVE-2023-50783 | 2023-12-21 | Apache Airflow: Improper access control vulnerability on the "varimport" endpoint |
| CVE-2023-48291 | 2023-12-21 | Apache Airflow: Improper access control to DAG resources |
| CVE-2023-5988 | 2023-12-21 | Reflected XSS in Uyumsoft ERP |
| CVE-2023-5989 | 2023-12-21 | Stored XSS in Uyumsoft ERP |
| CVE-2023-51655 | 2023-12-21 | In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible... |
| CVE-2023-5594 | 2023-12-21 | Improper following of a certificate's chain of trust in ESET security products |
| CVE-2023-51656 | 2023-12-21 | Apache IoTDB: Unsafe deserialize map in Sync Tool |
| CVE-2023-49826 | 2023-12-21 | WordPress Soledad Theme <= 8.4.1 is vulnerable to PHP Object Injection |
| CVE-2023-49778 | 2023-12-21 | WordPress Sayfa Sayaç Plugin <= 2.6 is vulnerable to PHP Object Injection |
| CVE-2023-32242 | 2023-12-21 | WordPress Woodmart Core Plugin <= 1.0.36 is vulnerable to PHP Object Injection |
| CVE-2022-45377 | 2023-12-21 | WordPress Drag and Drop Multiple File Upload for WooCommerce Plugin <= 1.0.8 is vulnerable to Multiple Vulnerabilities |
| CVE-2023-49762 | 2023-12-21 | WordPress AppMySite Plugin <= 3.11.0 is vulnerable to Sensitive Data Exposure |
| CVE-2023-6122 | 2023-12-21 | Reflected XSS in Softomi E-commerce Software |
| CVE-2023-49162 | 2023-12-21 | WordPress BigCommerce Plugin <= 5.0.6 is vulnerable to Sensitive Data Exposure |
| CVE-2023-6145 | 2023-12-21 | SQLi in Softomi E-commerce Software |
| CVE-2023-48288 | 2023-12-21 | WordPress WordPress Job Board and Recruitment Plugin – JobWP Plugin <= 2.1 is vulnerable to Sensitive Data Exposure |
| CVE-2023-2487 | 2023-12-21 | WordPress WP Ultimate Exporter Plugin <= 2.4.1 is vulnerable to Sensitive Data Exposure |
| CVE-2023-28421 | 2023-12-21 | WordPress WordPress Email Marketing Plugin – WP Email Capture Plugin <= 3.10 is vulnerable to Sensitive Data Exposure |
| CVE-2023-22674 | 2023-12-21 | WordPress Dashicons + Custom Post Types Plugin <= 1.0.2 is vulnerable to Broken Access Control |
| CVE-2023-47525 | 2023-12-21 | WordPress Event Management Tickets Booking Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-47527 | 2023-12-21 | WordPress WP Edit Username Plugin <= 1.0.5 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50377 | 2023-12-21 | WordPress Simple Counter Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-7035 | 2023-12-21 | automad Setting post.php cross site scripting |
| CVE-2023-50822 | 2023-12-21 | WordPress Currency Converter Widget Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50823 | 2023-12-21 | WordPress CSS & JavaScript Toolbox Plugin <= 11.7 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50824 | 2023-12-21 | WordPress Insert or Embed Articulate Content into WordPress Plugin <= 4.3000000021 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-7047 | 2023-12-21 | Inadequate validation of permissions when employing remote tools and macros... |
| CVE-2023-50825 | 2023-12-21 | WordPress iframe Shortcode Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50826 | 2023-12-21 | WordPress Menu Image, Icons made easy Plugin <= 3.10 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50827 | 2023-12-21 | WordPress Accredible Certificates & Open Badges Plugin <= 1.4.8 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50828 | 2023-12-21 | WordPress Ultimate Dashboard Plugin <= 3.7.11 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50724 | 2023-12-21 | Resque vulnerable to reflected cross site scripting through pathname |
| CVE-2023-51442 | 2023-12-21 | Authentication bypass vulnerability in navidrome's subsonic endpoint |
| CVE-2023-45115 | 2023-12-21 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-45116 | 2023-12-21 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-45117 | 2023-12-21 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-45118 | 2023-12-21 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-7036 | 2023-12-21 | automad Content Type FileCollectionController.php upload unrestricted upload |
| CVE-2023-4256 | 2023-12-21 | Tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c |
| CVE-2023-45119 | 2023-12-21 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-4255 | 2023-12-21 | W3m: out-of-bounds write in function checktype() in etc.c (incomplete fix for cve-2022-38223) |
| CVE-2023-40058 | 2023-12-21 | Sensitive Information Disclosure Vulnerability |
| CVE-2023-45120 | 2023-12-21 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-45121 | 2023-12-21 | Online Examination System v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-7037 | 2023-12-21 | automad FileController.php import server-side request forgery |
| CVE-2023-50829 | 2023-12-21 | WordPress Loan Repayment Calculator and Application Form Plugin <= 2.9.3 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50830 | 2023-12-21 | WordPress Seos Contact Form Plugin <= 1.8.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50831 | 2023-12-21 | WordPress CURCY Plugin <= 2.2.0 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50832 | 2023-12-21 | WordPress Multi Step Form Plugin <= 1.7.13 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-7038 | 2023-12-21 | automad User Creation cross-site request forgery |
| CVE-2023-50833 | 2023-12-21 | WordPress Colibri Page Builder Plugin <= 1.0.239 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50834 | 2023-12-21 | WordPress WooCommerce Menu Extension Plugin <= 1.6.2 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-32747 | 2023-12-21 | WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-32799 | 2023-12-21 | WordPress WooCommerce Ship to Multiple Addresses Plugin <= 3.8.3 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-47191 | 2023-12-21 | WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-49765 | 2023-12-21 | WordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR) |
| CVE-2023-7039 | 2023-12-21 | Byzoro S210 importexport.php injection |
| CVE-2023-44481 | 2023-12-21 | Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-44482 | 2023-12-21 | Leave Management System Project v1.0 - Multiple Authenticated SQL Injections (SQLi) |
| CVE-2023-7040 | 2023-12-21 | codelyfe Stupid Simple CMS rename.php path traversal |
| CVE-2023-50732 | 2023-12-21 | Velocity execution without script right through tree macro |
| CVE-2023-7041 | 2023-12-21 | codelyfe Stupid Simple CMS rename.php path traversal |
| CVE-2023-6546 | 2023-12-21 | Kernel: gsm multiplexing race condition leads to privilege escalation |
| CVE-2023-7042 | 2023-12-21 | Kernel: null pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() |
| CVE-2023-48685 | 2023-12-21 | Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-41097 | 2023-12-21 | Potential Timing vulnerability in CBC PKCS7 padding calculations |
| CVE-2023-48687 | 2023-12-21 | Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-46646 | 2023-12-21 | Improper access control in all versions of GitHub Enterprise Server... |
| CVE-2023-46647 | 2023-12-21 | Improper Privilege Management in GitHub Enterprise Server management console leads to privilege escalation |
| CVE-2023-6690 | 2023-12-21 | A race condition in GitHub Enterprise Server allowed an existing... |
| CVE-2023-46645 | 2023-12-21 | Path traversal in GitHub Enterprise Server leading to arbitrary file reading when building a GitHub Pages site |
| CVE-2023-6746 | 2023-12-21 | Sensitive Information in Log File in GitHub Enterprise Server |
| CVE-2023-6802 | 2023-12-21 | Sensitive Information in Log File in GitHub Enterprise Server |
| CVE-2023-6803 | 2023-12-21 | Race Condition allows Unauthorized Outside Collaborator |
| CVE-2023-6804 | 2023-12-21 | Improper Privilege Management allows for arbitrary workflows to be run |
| CVE-2023-46649 | 2023-12-21 | Race Condition allows Administrative Access on Organization Repositories |
| CVE-2023-46648 | 2023-12-21 | Insufficient Entropy in GitHub Enterprise Server Management Console Invitation Token |
| CVE-2023-51379 | 2023-12-21 | Incorrect Authorization for Issue Comments in GitHub Enterprise Server |
| CVE-2023-51380 | 2023-12-21 | Incorrect Authorization allows Read Access to Issue Comments in GitHub Enterprise Server |
| CVE-2023-6847 | 2023-12-21 | Improper Authentication in GitHub Enterprise Server leading to Authentication Bypass for Public Repository Data |
| CVE-2023-48689 | 2023-12-21 | Railway Reservation System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-48716 | 2023-12-21 | Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-48718 | 2023-12-21 | Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-48720 | 2023-12-21 | Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-48722 | 2023-12-21 | Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-27319 | 2023-12-21 | CVE-2023-27319 Information Disclosure Vulnerability in ONTAP Mediator |
| CVE-2023-7050 | 2023-12-21 | PHPGurukul Online Notes Sharing System profile.php cross site scripting |
| CVE-2023-37519 | 2023-12-21 | HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS) |
| CVE-2023-7051 | 2023-12-21 | PHPGurukul Online Notes Sharing System manage-notes.php cross-site request forgery |
| CVE-2023-37520 | 2023-12-21 | HCL BigFix Platform is affected by Unathenticated Stored Cross-Site Scripting (XSS) |
| CVE-2023-7024 | 2023-12-21 | Heap buffer overflow in WebRTC in Google Chrome prior to... |
| CVE-2023-49677 | 2023-12-21 | Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-49084 | 2023-12-21 | Local File Inclusion (RCE) in Cacti |
| CVE-2023-49681 | 2023-12-21 | Job Portal v1.0 - Multiple Unauthenticated SQL Injections (SQLi) |
| CVE-2023-48298 | 2023-12-21 | Integer underflow leading to stack overflow in FPC codec decompression |
| CVE-2023-48308 | 2023-12-21 | Calendar app returns full stacktrace when an error happens while editing appointment |