CVE List - 2023 / December
Showing 2601 - 2674 of 2674 CVEs for December 2023 (Page 27 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-51663 | 2023-12-29 | Hail authentication can be bypassed by changing email address |
| CVE-2023-52137 | 2023-12-29 | GitHub Action tj-actions/verify-changed-files is vulnerable to command injection in output filenames |
| CVE-2023-52139 | 2023-12-29 | Misskey vulnerable to improper authorization when accessing with third-party application |
| CVE-2023-7171 | 2023-12-29 | Novel-Plus Friendly Link FriendLinkController.java cross site scripting |
| CVE-2022-46486 | 2023-12-30 | A lack of pointer-validation logic in the __scone_dispatch component of... |
| CVE-2023-38021 | 2023-12-30 | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager... |
| CVE-2023-38022 | 2023-12-30 | An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager... |
| CVE-2023-38023 | 2023-12-30 | An issue was discovered in SCONE Confidential Computing Platform before... |
| CVE-2023-41542 | 2023-12-30 | SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers... |
| CVE-2023-41543 | 2023-12-30 | SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to... |
| CVE-2023-41544 | 2023-12-30 | SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers... |
| CVE-2023-50110 | 2023-12-30 | TestLink through 1.9.20 allows type juggling for authentication bypass because... |
| CVE-2023-50550 | 2023-12-30 | layui up to v2.74 was discovered to contain a cross-site... |
| CVE-2023-50578 | 2023-12-30 | Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection... |
| CVE-2023-50589 | 2023-12-30 | Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a... |
| CVE-2023-51133 | 2023-12-30 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack... |
| CVE-2023-51135 | 2023-12-30 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack... |
| CVE-2023-51136 | 2023-12-30 | TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack... |
| CVE-2023-52252 | 2023-12-30 | Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua... |
| CVE-2023-52257 | 2023-12-30 | LogoBee 0.2 allows updates.php?id= XSS. |
| CVE-2023-52262 | 2023-12-30 | outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote... |
| CVE-2023-52263 | 2023-12-30 | Brave Browser before 1.59.40 does not properly restrict the schema... |
| CVE-2023-52264 | 2023-12-30 | The beesblog (aka Bees Blog) component before 1.6.2 for thirty... |
| CVE-2023-52266 | 2023-12-30 | ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. An... |
| CVE-2023-52267 | 2023-12-30 | ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during... |
| CVE-2022-46487 | 2023-12-30 | Improper initialization of x87 and SSE floating-point configuration registers in... |
| CVE-2023-50651 | 2023-12-30 | TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command... |
| CVE-2023-52265 | 2023-12-30 | IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a... |
| CVE-2023-7172 | 2023-12-30 | PHPGurukul Hospital Management System Admin Dashboard sql injection |
| CVE-2018-25096 | 2023-12-30 | MdAlAmin-aol Own Health Record logout.php cross-site request forgery |
| CVE-2023-7173 | 2023-12-30 | PHPGurukul Hospital Management System registration.php cross site scripting |
| CVE-2023-7175 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request borrow_add.php sql injection |
| CVE-2023-7176 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request return_add.php sql injection |
| CVE-2023-7177 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request book_add.php sql injection |
| CVE-2023-49299 | 2023-12-30 | Apache DolphinScheduler: Arbitrary js execute as root for authenticated users |
| CVE-2023-7178 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request book_row.php sql injection |
| CVE-2023-7179 | 2023-12-30 | Campcodes Online College Library System HTTP POST Request category_row.php sql injection |
| CVE-2023-7180 | 2023-12-30 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-7181 | 2023-12-30 | Muyun DedeBIZ Add Attachment unrestricted upload |
| CVE-2023-6998 | 2023-12-30 | Lockscreen bypass in eWeLink App |
| CVE-2021-46901 | 2023-12-31 | examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based... |
| CVE-2023-52269 | 2023-12-31 | MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message... |
| CVE-2023-52275 | 2023-12-31 | Gallery3d on Tecno Camon X CA7 devices allows attackers to... |
| CVE-2023-52277 | 2023-12-31 | Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial... |
| CVE-2023-52284 | 2023-12-31 | Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before... |
| CVE-2023-52286 | 2023-12-31 | Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover... |
| CVE-2021-46900 | 2023-12-31 | Sympa before 6.2.62 relies on a cookie parameter for certain... |
| CVE-2023-7130 | 2023-12-31 | code-projects College Notes Gallery login.php sql injection |
| CVE-2023-6093 | 2023-12-31 | OnCell G3150A-LTE Series: Clickjacking Vulnerability |
| CVE-2023-52182 | 2023-12-31 | WordPress ARI Stream Quiz Plugin <= 1.3.0 is vulnerable to PHP Object Injection |
| CVE-2023-6094 | 2023-12-31 | OnCell G3150A-LTE Series: Web Server Transmits Cleartext Credentials |
| CVE-2023-39157 | 2023-12-31 | WordPress JetElements For Elementor Plugin <= 2.6.10 is vulnerable to Remote Code Execution (RCE) |
| CVE-2023-52181 | 2023-12-31 | WordPress Theme per user Plugin <= 1.0.1 is vulnerable to PHP Object Injection |
| CVE-2023-49777 | 2023-12-31 | WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object Injection |
| CVE-2023-52180 | 2023-12-31 | WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.1.0 is vulnerable to SQL Injection |
| CVE-2023-7183 | 2023-12-31 | 7-card Fakabao alipay_notify.php sql injection |
| CVE-2023-7184 | 2023-12-31 | 7-card Fakabao notify.php sql injection |
| CVE-2023-7185 | 2023-12-31 | 7-card Fakabao wxpay_notify.php sql injection |
| CVE-2023-7186 | 2023-12-31 | 7-card Fakabao notify.php sql injection |
| CVE-2023-7187 | 2023-12-31 | Totolink N350RT HTTP POST Request stack-based overflow |
| CVE-2023-7188 | 2023-12-31 | Shipping 100 Fahuo100 login.php sql injection |
| CVE-2023-7189 | 2023-12-31 | S-CMS sql injection |
| CVE-2023-7190 | 2023-12-31 | S-CMS sql injection |
| CVE-2023-7191 | 2023-12-31 | S-CMS reg.php sql injection |
| CVE-2023-7193 | 2023-12-31 | MTab Bookmark Installation install.php access control |
| CVE-2023-52185 | 2023-12-31 | WordPress Everest Backup Plugin <= 2.1.9 is vulnerable to Sensitive Data Exposure |
| CVE-2023-52134 | 2023-12-31 | WordPress GEO my WordPress Plugin <= 4.0.2 is vulnerable to SQL Injection |
| CVE-2023-52133 | 2023-12-31 | WordPress Most And Least Read Posts Widget Plugin <= 2.5.16 is vulnerable to SQL Injection |
| CVE-2023-52132 | 2023-12-31 | WordPress WP Adminify Plugin <= 3.1.6 is vulnerable to SQL Injection |
| CVE-2023-51547 | 2023-12-31 | WordPress Fluent Support Plugin <= 1.7.6 is vulnerable to SQL Injection |
| CVE-2023-52131 | 2023-12-31 | WordPress Page Generator Plugin <= 1.7.1 is vulnerable to SQL Injection |
| CVE-2023-51469 | 2023-12-31 | WordPress Checkout Mestres WP Plugin <= 7.1.9.6 is vulnerable to SQL Injection |
| CVE-2023-51423 | 2023-12-31 | WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to SQL Injection |
| CVE-2023-51503 | 2023-12-31 | WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR) |