CVE List - 2023 / December
Showing 601 - 700 of 2673 CVEs for December 2023 (Page 7 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-5712 | 2023-12-07 | The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all... |
| CVE-2023-5713 | 2023-12-07 | The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all... |
| CVE-2023-5710 | 2023-12-07 | The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all... |
| CVE-2023-28017 | 2023-12-07 | HCL Connections is vulnerable to cross-site scripting |
| CVE-2023-6568 | 2023-12-07 | Reflected XSS via Content-Type Header in mlflow/mlflow |
| CVE-2023-49225 | 2023-12-07 | A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). If this vulnerability is exploited, an arbitrary script may be executed on the web browser of... |
| CVE-2023-50164 | 2023-12-07 | Apache Struts: File upload component had a directory traversal vulnerability |
| CVE-2023-49746 | 2023-12-07 | WordPress SpeedyCache Plugin <= 1.1.2 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2023-46641 | 2023-12-07 | WordPress 12 Step Meeting List Plugin <= 3.14.24 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2023-41804 | 2023-12-07 | WordPress Starter Templates Plugin <= 3.2.4 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2022-45362 | 2023-12-07 | WordPress Paytm Payment Gateway Plugin <= 2.7.0 is vulnerable to Server Side Request Forgery (SSRF) |
| CVE-2023-35909 | 2023-12-07 | WordPress Ninja Forms Plugin <= 3.6.25 is vulnerable to Denial of Service Attack |
| CVE-2023-35039 | 2023-12-07 | WordPress Password Reset with Code for WordPress REST API Plugin <= 0.0.15 is vulnerable to Broken Authentication |
| CVE-2023-48325 | 2023-12-07 | WordPress Landing Page Builder Plugin <= 1.5.1.5 is vulnerable to Open Redirection |
| CVE-2023-47779 | 2023-12-07 | WordPress Integration for Contact Form 7 and Constant Contact Plugin <= 1.1.4 is vulnerable to Open Redirection |
| CVE-2023-47548 | 2023-12-07 | WordPress Integrate Google Drive Plugin <= 1.3.2 is vulnerable to Open Redirection |
| CVE-2023-45762 | 2023-12-07 | WordPress Responsive Column Widgets Plugin <= 1.2.7 is vulnerable to Open Redirection |
| CVE-2023-39172 | 2023-12-07 | SENEC: Storage Box V1,V2 and V3 transmitting sensitive data unencrypted |
| CVE-2023-39167 | 2023-12-07 | SENEC: Storage Box V1,V2 and V3 affected by improper access control vulnerability |
| CVE-2023-39169 | 2023-12-07 | SENEC: Storage Box V1,V2 and V3 using default credentials |
| CVE-2023-39171 | 2023-12-07 | SENEC Storage Box V1,V2 and V3 accidentially expose a management interface |
| CVE-2023-6588 | 2023-12-07 | Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. This allows an attacker with access to the Workspace... |
| CVE-2023-6333 | 2023-12-07 | Cross-site Scripting in ControlByWeb Relays |
| CVE-2023-6574 | 2023-12-07 | Byzoro Smart S20 HTTP POST Request updateos.php unrestricted upload |
| CVE-2023-4486 | 2023-12-07 | Uncontrolled Resource Consumption in Metasys and Facility Explorer |
| CVE-2023-6575 | 2023-12-07 | Byzoro S210 HTTP POST Request repair.php sql injection |
| CVE-2023-6576 | 2023-12-07 | Byzoro S210 HTTP POST Request uploadfile.php unrestricted upload |
| CVE-2023-6577 | 2023-12-07 | Byzoro PatrolFlow 2530Pro mailsendview.php path traversal |
| CVE-2023-35618 | 2023-12-07 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| CVE-2023-38174 | 2023-12-07 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2023-36880 | 2023-12-07 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability |
| CVE-2023-6578 | 2023-12-07 | Software AG WebMethods access control |
| CVE-2023-6579 | 2023-12-07 | osCommerce POST Parameter shopping-cart sql injection |
| CVE-2023-6580 | 2023-12-07 | D-Link DIR-846 QoS POST deserialization |
| CVE-2023-6581 | 2023-12-07 | D-Link DAR-7000 workidajax.php sql injection |
| CVE-2023-5058 | 2023-12-07 | Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution. |
| CVE-2023-4122 | 2023-12-07 | Student Information System v1.0 - Insecure File Upload |
| CVE-2023-5008 | 2023-12-07 | Student Information System v1.0 - Unauthenticated SQL Injection |
| CVE-2023-43305 | 2023-12-08 | An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. |
| CVE-2023-43742 | 2023-12-08 | An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to... |
| CVE-2023-43744 | 2023-12-08 | An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator... |
| CVE-2023-46157 | 2023-12-08 | File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. |
| CVE-2023-46493 | 2023-12-08 | Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the readDirSync function in fileBrowser/browser.js. |
| CVE-2023-46495 | 2023-12-08 | Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the sortBy parameter. |
| CVE-2023-46496 | 2023-12-08 | Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files endpoint. |
| CVE-2023-46497 | 2023-12-08 | Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the mkdirSync function in the folderCreate/createFolder.js endpoint. |
| CVE-2023-46498 | 2023-12-08 | An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. |
| CVE-2023-46499 | 2023-12-08 | Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted scripts to the Admin Panel. |
| CVE-2023-48122 | 2023-12-08 | An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. |
| CVE-2023-48929 | 2023-12-08 | Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. The 'sid' parameter in the group_status.asp resource allows an attacker to escalate privileges and obtain sensitive... |
| CVE-2023-49007 | 2023-12-08 | In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. |
| CVE-2023-49443 | 2023-12-08 | DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. This vulnerability allows attackers to gain access to the application via a bruteforce attack. |
| CVE-2023-49444 | 2023-12-08 | An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. |
| CVE-2023-49484 | 2023-12-08 | Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. |
| CVE-2023-49486 | 2023-12-08 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the model management department. |
| CVE-2023-49487 | 2023-12-08 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the navigation management department. |
| CVE-2023-43743 | 2023-12-08 | A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker... |
| CVE-2023-45866 | 2023-12-08 | Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID... |
| CVE-2023-46494 | 2023-12-08 | Cross Site Scripting vulnerability in EverShop NPM versions before v.1.0.0-rc.5 allows a remote attacker to obtain sensitive information via a crafted request to the ProductGrid function in admin/productGrid/Grid.jsx. |
| CVE-2023-48928 | 2023-12-08 | Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. The 'path' parameter of the prefs.asp resource allows an attacker to redirect a victim user to... |
| CVE-2023-49485 | 2023-12-08 | JFinalCMS v5.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the column management department. |
| CVE-2023-6599 | 2023-12-08 | Missing Standardized Error Handling Mechanism in microweber/microweber |
| CVE-2023-26158 | 2023-12-08 | All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. By adding or... |
| CVE-2023-32460 | 2023-12-08 | Dell PowerEdge BIOS contains an improper privilege management security vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to privilege escalation. |
| CVE-2023-6607 | 2023-12-08 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-6146 | 2023-12-08 | Stored XSS Vulnerability in QualysGuard VM/PC |
| CVE-2023-6245 | 2023-12-08 | Infinite decoding loop through specially crafted payload |
| CVE-2023-6608 | 2023-12-08 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-6609 | 2023-12-08 | osCommerce all-products cross site scripting |
| CVE-2023-6611 | 2023-12-08 | Tongda OA 2017 delete.php sql injection |
| CVE-2023-6612 | 2023-12-08 | Totolink X5000R cstecgi.cgi setWizardCfg os command injection |
| CVE-2023-6613 | 2023-12-08 | Typecho Logo options-theme.php cross site scripting |
| CVE-2023-48397 | 2023-12-08 | In Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed.... |
| CVE-2023-48398 | 2023-12-08 | In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required.... |
| CVE-2023-48399 | 2023-12-08 | In ProtocolMiscATCommandAdapter::Init() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required.... |
| CVE-2023-48401 | 2023-12-08 | In GetSizeOfEenlRecords of protocoladapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-48402 | 2023-12-08 | In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User... |
| CVE-2023-48403 | 2023-12-08 | In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure if the attacker is able... |
| CVE-2023-48404 | 2023-12-08 | In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2023-48405 | 2023-12-08 | there is a possible way for the secure world to write to NS memory due to a logic error in the code. This could lead to local escalation of privilege... |
| CVE-2023-48406 | 2023-12-08 | there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. This could lead to local escalation of... |
| CVE-2023-48407 | 2023-12-08 | there is a possible DCK won't be deleted after factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional... |
| CVE-2023-48408 | 2023-12-08 | In ProtocolNetSimFileInfoAdapter() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required.... |
| CVE-2023-48409 | 2023-12-08 | In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-48410 | 2023-12-08 | In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges... |
| CVE-2023-48411 | 2023-12-08 | In SignalStrengthAdapter::FillGsmSignalStrength() of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required.... |
| CVE-2023-48412 | 2023-12-08 | In private_handle_t of mali_gralloc_buffer.h, there is a possible information leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-48413 | 2023-12-08 | In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with System execution privileges needed.... |
| CVE-2023-48414 | 2023-12-08 | In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with System... |
| CVE-2023-48415 | 2023-12-08 | In Init of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-48416 | 2023-12-08 | In multiple locations, there is a possible null dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User... |
| CVE-2023-48420 | 2023-12-08 | there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed... |
| CVE-2023-48421 | 2023-12-08 | In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges... |
| CVE-2023-48422 | 2023-12-08 | In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges... |
| CVE-2023-48423 | 2023-12-08 | In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges... |
| CVE-2023-6614 | 2023-12-08 | Typecho Page manage-pages.php backdoor |
| CVE-2023-47565 | 2023-12-08 | Legacy VioStor NVR |
| CVE-2023-32975 | 2023-12-08 | QTS, QuTS hero |
| CVE-2023-23372 | 2023-12-08 | QTS, QuTS hero |
| CVE-2023-32968 | 2023-12-08 | QTS, QuTS hero |