CVE List - 2023 / December
Showing 2401 - 2500 of 2673 CVEs for December 2023 (Page 25 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-50857 | 2023-12-28 | WordPress Automation By Autonami Plugin <= 2.6.1 is vulnerable to SQL Injection |
| CVE-2023-50856 | 2023-12-28 | WordPress Funnel Builder for WordPress by FunnelKit Plugin <= 2.14.3 is vulnerable to SQL Injection |
| CVE-2023-50855 | 2023-12-28 | WordPress Pre* Party Resource Hints Plugin <= 1.8.18 is vulnerable to SQL Injection |
| CVE-2023-50854 | 2023-12-28 | WordPress Squirrly SEO - Advanced Pack Plugin <= 2.3.8 is vulnerable to SQL Injection |
| CVE-2023-50853 | 2023-12-28 | WordPress Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration Plugin <= 1.75.0 is vulnerable to SQL Injection |
| CVE-2023-50851 | 2023-12-28 | WordPress Simply Schedule Appointments Plugin < 1.6.6.1 is vulnerable to SQL Injection |
| CVE-2023-50852 | 2023-12-28 | WordPress BookIt Plugin <= 2.4.3 is vulnerable to SQL Injection |
| CVE-2023-50849 | 2023-12-28 | WordPress e2pdf Plugin <= 1.20.23 is vulnerable to SQL Injection |
| CVE-2023-50848 | 2023-12-28 | WordPress 404 Solution Plugin <= 2.34.0 is vulnerable to SQL Injection |
| CVE-2023-7126 | 2023-12-28 | code-projects Automated Voting System Admin Login sql injection |
| CVE-2023-7127 | 2023-12-28 | code-projects Automated Voting System Login sql injection |
| CVE-2023-7128 | 2023-12-28 | code-projects Voting System Admin Login sql injection |
| CVE-2023-50267 | 2023-12-28 | MeterSphere horizontal privilege escalation vulnerability of resources in project scope. |
| CVE-2023-52079 | 2023-12-28 | Conversion of property names to strings can trigger infinite recursion |
| CVE-2023-7129 | 2023-12-28 | code-projects Voting System Voters Login sql injection |
| CVE-2023-52081 | 2023-12-28 | ewen-lbh/ffcss late-Unicode normalization vulnerability |
| CVE-2023-7163 | 2023-12-28 | D-Link D-View 8 Unauthenticated Probe-Core Server Communication |
| CVE-2023-52082 | 2023-12-28 | Lychee is vulnerable to an SQL Injection in explain DB queries. |
| CVE-2023-7131 | 2023-12-28 | code-projects Intern Membership Management System User Registration sql injection |
| CVE-2023-7132 | 2023-12-28 | code-projects Intern Membership Management System User Registration cross site scripting |
| CVE-2023-7133 | 2023-12-28 | y_project RuoYi HTTP POST Request login cross site scripting |
| CVE-2023-50847 | 2023-12-28 | WordPress Welcart e-Commerce Plugin <= 2.9.3 is vulnerable to SQL Injection |
| CVE-2023-50846 | 2023-12-28 | WordPress RegistrationMagic Plugin <= 5.2.4.5 is vulnerable to SQL Injection |
| CVE-2023-50845 | 2023-12-28 | WordPress GeoDirectory Plugin <= 2.3.28 is vulnerable to SQL Injection |
| CVE-2023-50844 | 2023-12-28 | WordPress WP Mail Catcher Plugin <= 2.1.3 is vulnerable to SQL Injection |
| CVE-2023-50843 | 2023-12-28 | WordPress Clockwork SMS Notfications Plugin <= 3.0.4 is vulnerable to SQL Injection |
| CVE-2023-50842 | 2023-12-28 | WordPress MF Gig Calendar Plugin <= 1.2.1 is vulnerable to SQL Injection |
| CVE-2023-50841 | 2023-12-28 | WordPress BookingPress Plugin <= 1.0.72 is vulnerable to SQL Injection |
| CVE-2023-50840 | 2023-12-28 | WordPress Booking Manager Plugin <= 2.1.5 is vulnerable to SQL Injection |
| CVE-2023-7134 | 2023-12-28 | SourceCodester Medicine Tracking System path traversal |
| CVE-2023-50839 | 2023-12-28 | WordPress JS Help Desk – Best Help Desk & Support Plugin <= 2.8.1 is vulnerable to SQL Injection |
| CVE-2023-50838 | 2023-12-28 | WordPress NEX-Forms – Ultimate Form Builder Plugin <= 8.5.5 is vulnerable to SQL Injection |
| CVE-2023-7135 | 2023-12-28 | code-projects Record Management System Offices offices.php cross site scripting |
| CVE-2023-7136 | 2023-12-28 | code-projects Record Management System Document Type doctype.php cross site scripting |
| CVE-2023-7137 | 2023-12-28 | code-projects Client Details System HTTP POST Request sql injection |
| CVE-2022-36399 | 2023-12-28 | WordPress Booked Plugin < 2.4.4 is vulnerable to Sensitive Data Exposure |
| CVE-2023-7138 | 2023-12-28 | code-projects Client Details System HTTP POST Request admin sql injection |
| CVE-2023-52083 | 2023-12-28 | Stored XSS through privileged upload of Media Manager file followed by renaming |
| CVE-2023-52084 | 2023-12-28 | Winter CMS Stored XSS through Backend ColorPicker FormWidget |
| CVE-2023-7139 | 2023-12-28 | code-projects Client Details System HTTP POST Request regester.php sql injection |
| CVE-2023-7140 | 2023-12-28 | code-projects Client Details System manage-users.php sql injection |
| CVE-2023-7141 | 2023-12-28 | code-projects Client Details System update-clients.php sql injection |
| CVE-2023-23634 | 2023-12-29 | SQL Injection vulnerability in Documize version 5.4.2, allows remote attackers to execute arbitrary code via the user parameter of the /api/dashboard/activity endpoint. |
| CVE-2023-31293 | 2023-12-29 | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to obtain sensitive information and bypass profile restriction via improper access control in... |
| CVE-2023-31294 | 2023-12-29 | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. |
| CVE-2023-31295 | 2023-12-29 | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. |
| CVE-2023-31296 | 2023-12-29 | CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows attackers to obtain sensitive information via the User Name field. |
| CVE-2023-31298 | 2023-12-29 | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the User... |
| CVE-2023-31299 | 2023-12-29 | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Barcode field of a container. |
| CVE-2023-31301 | 2023-12-29 | Stored Cross Site Scripting (XSS) Vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to execute arbitrary code and obtain sensitive information via the... |
| CVE-2023-31302 | 2023-12-29 | Cross Site Scripting (XSS) vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows remote attackers to execute arbitrary code via the Teller field. |
| CVE-2023-50035 | 2023-12-29 | PHPGurukul Small CRM 3.0 is vulnerable to SQL Injection on the Users login panel because of "password" parameter is directly used in the SQL query without any sanitization and the... |
| CVE-2023-50069 | 2023-12-29 | WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. An attacker can host a malicious payload and perform a test mapping... |
| CVE-2023-50070 | 2023-12-29 | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. |
| CVE-2023-50071 | 2023-12-29 | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. |
| CVE-2023-50559 | 2023-12-29 | An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. |
| CVE-2023-50570 | 2023-12-29 | An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies... |
| CVE-2023-50571 | 2023-12-29 | easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. |
| CVE-2023-50572 | 2023-12-29 | An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. |
| CVE-2023-52173 | 2023-12-29 | XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3ADBD0. |
| CVE-2023-52174 | 2023-12-29 | XnView Classic before 2.51.3 on Windows has a Write Access Violation at xnview.exe+0x3125D6. |
| CVE-2023-52240 | 2023-12-29 | The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. This affects 4.4.2 through 4.14.8 before 4.14.9, 5.0.0... |
| CVE-2023-31292 | 2023-12-29 | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) 6.3.8.6 (#718), allows local attackers to obtain sensitive information and bypass authentication via "Back Button Refresh" attack. |
| CVE-2023-31300 | 2023-12-29 | An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext credentials during Password... |
| CVE-2023-52085 | 2023-12-29 | Winter CMS Local File Inclusion through Server Side Template Injection |
| CVE-2023-7142 | 2023-12-29 | code-projects Client Details System clientview.php sql injection |
| CVE-2023-7143 | 2023-12-29 | code-projects Client Details System regester.php cross site scripting |
| CVE-2023-7144 | 2023-12-29 | gopeak MasterLab HTTP POST Request Feature.php sqlInject sql injection |
| CVE-2023-23432 | 2023-12-29 | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. |
| CVE-2023-7145 | 2023-12-29 | gopeak MasterLab HTTP POST Request Framework.php sqlInject sql injection |
| CVE-2023-23431 | 2023-12-29 | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. |
| CVE-2023-23433 | 2023-12-29 | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. |
| CVE-2023-7146 | 2023-12-29 | gopeak MasterLab HTTP POST Request Feature.php sqlInjectDelete sql injection |
| CVE-2023-23434 | 2023-12-29 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2023-23435 | 2023-12-29 | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file |
| CVE-2023-23436 | 2023-12-29 | Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file |
| CVE-2023-23437 | 2023-12-29 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak |
| CVE-2023-23438 | 2023-12-29 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions |
| CVE-2023-7147 | 2023-12-29 | gopeak MasterLab User.php base64ImageContent unrestricted upload |
| CVE-2023-23439 | 2023-12-29 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2023-23440 | 2023-12-29 | Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. |
| CVE-2023-23424 | 2023-12-29 | Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution |
| CVE-2023-23426 | 2023-12-29 | Some Honor products are affected by file writing vulnerability, successful exploitation could cause information disclosure. |
| CVE-2023-23427 | 2023-12-29 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
| CVE-2023-7148 | 2023-12-29 | ShifuML shifu Java Expression Language DataPurifier.java code injection |
| CVE-2023-23428 | 2023-12-29 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
| CVE-2023-23429 | 2023-12-29 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
| CVE-2023-23430 | 2023-12-29 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
| CVE-2023-23441 | 2023-12-29 | Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. |
| CVE-2023-23442 | 2023-12-29 | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. |
| CVE-2023-23443 | 2023-12-29 | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. |
| CVE-2023-6939 | 2023-12-29 | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause denial of service. |
| CVE-2023-51426 | 2023-12-29 | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. |
| CVE-2023-51427 | 2023-12-29 | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. |
| CVE-2023-7149 | 2023-12-29 | code-projects QR Code Generator cross site scripting |
| CVE-2023-51428 | 2023-12-29 | Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. |
| CVE-2023-51429 | 2023-12-29 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. |
| CVE-2023-51430 | 2023-12-29 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. |
| CVE-2023-51431 | 2023-12-29 | Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. |
| CVE-2023-51432 | 2023-12-29 | Some Honor products are affected by out of bounds read vulnerability, successful exploitation could cause information leak. |