CVE List - 2023 / December
Showing 2301 - 2400 of 2674 CVEs for December 2023 (Page 24 of 27)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2023-49117 | 2023-12-26 | PowerCMS (6 Series, 5 Series, and 4 Series) contains a... |
| CVE-2023-50297 | 2023-12-26 | Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and... |
| CVE-2023-50339 | 2023-12-26 | Stored cross-site scripting vulnerability exists in the User Management (/admin/users)... |
| CVE-2023-45737 | 2023-12-26 | Stored cross-site scripting vulnerability exists in the App Settings (/admin/app)... |
| CVE-2023-45740 | 2023-12-26 | Stored cross-site scripting vulnerability when processing profile images exists in... |
| CVE-2023-46699 | 2023-12-26 | Cross-site request forgery (CSRF) vulnerability exists in the User settings... |
| CVE-2023-47215 | 2023-12-26 | Stored cross-site scripting vulnerability which is exploiting a behavior of... |
| CVE-2023-49119 | 2023-12-26 | Stored cross-site scripting vulnerability via the img tags exists in... |
| CVE-2023-49598 | 2023-12-26 | Stored cross-site scripting vulnerability exists in the event handlers of... |
| CVE-2023-49779 | 2023-12-26 | Stored cross-site scripting vulnerability exists in the anchor tag of... |
| CVE-2023-49807 | 2023-12-26 | Stored cross-site scripting vulnerability when processing the MathJax exists in... |
| CVE-2023-50175 | 2023-12-26 | Stored cross-site scripting vulnerability exists in the App Settings (/admin/app)... |
| CVE-2023-50294 | 2023-12-26 | The App Settings (/admin/app) page in GROWI versions prior to... |
| CVE-2023-50332 | 2023-12-26 | Improper authorization vulnerability exists in the User Management (/admin/users) page... |
| CVE-2023-42436 | 2023-12-26 | Stored cross-site scripting vulnerability exists in the presentation feature of... |
| CVE-2023-45741 | 2023-12-26 | VR-S1000 firmware Ver. 2.37 and earlier allows an attacker with... |
| CVE-2023-46681 | 2023-12-26 | Improper neutralization of argument delimiters in a command ('Argument Injection')... |
| CVE-2023-46711 | 2023-12-26 | VR-S1000 firmware Ver. 2.37 and earlier uses a hard-coded cryptographic... |
| CVE-2023-51363 | 2023-12-26 | VR-S1000 firmware Ver. 2.37 and earlier allows a network-adjacent unauthenticated... |
| CVE-2023-5180 | 2023-12-26 | Out-of-bounds Write vulnerability exists in ODA Drawings SDK before 2024.12 |
| CVE-2012-10017 | 2023-12-26 | BestWebSoft Portfolio Plugin cross-site request forgery |
| CVE-2023-50968 | 2023-12-26 | Apache OFBiz: Arbitrary file properties reading and SSRF attack |
| CVE-2023-51467 | 2023-12-26 | Apache OFBiz: Pre-authentication Remote Code Execution (RCE) vulnerability |
| CVE-2014-125109 | 2023-12-26 | BestWebSoft Portfolio Plugin bws_menu.php bws_add_menu_render cross site scripting |
| CVE-2015-10127 | 2023-12-26 | PlusCaptcha Plugin cross site scripting |
| CVE-2023-5931 | 2023-12-26 | rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Subscriber+ RCE |
| CVE-2023-6166 | 2023-12-26 | Quiz Maker < 6.4.9.5 - Reflected Cross-Site Scripting |
| CVE-2023-5674 | 2023-12-26 | WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs/send_mail endpoint |
| CVE-2023-5673 | 2023-12-26 | WP Mail Log < 1.1.3 – Contributor+ Arbitrary File Upload to RCE |
| CVE-2023-6268 | 2023-12-26 | JSON Content Importer < 1.5.4 - Reflected XSS |
| CVE-2023-5645 | 2023-12-26 | WP Mail Log < 1.1.3 – Contributor+ SQL Injection in wml_logs endpoint |
| CVE-2023-5203 | 2023-12-26 | WP Sessions Time Monitoring Full Automatic < 1.0.9 - Unauthenticated SQL injection |
| CVE-2023-5644 | 2023-12-26 | WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints |
| CVE-2023-5672 | 2023-12-26 | WP Mail Log < 1.1.3 – Contributor+ LFI in wml_logs/send_mail endpoint |
| CVE-2023-5939 | 2023-12-26 | rtMedia for WordPress, BuddyPress and bbPress < 4.6.16 - Admin+ RCE |
| CVE-2023-6250 | 2023-12-26 | BestWebSoft's Like & Share < 2.74 - Unauthenticated Password Protected Post Read |
| CVE-2023-6155 | 2023-12-26 | Quiz Maker < 6.4.9.5 - Unauthenticated Email Address Disclosure |
| CVE-2023-6114 | 2023-12-26 | Duplicator < 1.5.7.1; Duplicator Pro < 4.5.14.2 - Unauthenticated Sensitive Data Exposure |
| CVE-2023-5980 | 2023-12-26 | BSK Forms Blacklist < 3.7 - Admin+ Stored Cross-Site Scripting |
| CVE-2023-5991 | 2023-12-26 | Hotel Booking Lite < 4.8.5 - Unauthenticated Arbitrary File Download & Deletion |
| CVE-2023-40038 | 2023-12-27 | Arris DG860A and DG1670A devices have predictable default WPA2 PSKs... |
| CVE-2023-43481 | 2023-12-27 | An issue in Shenzhen TCL Browser TV Web BrowseHere (aka... |
| CVE-2023-43955 | 2023-12-27 | The com.phlox.tvwebbrowser TV Bro application through 2.0.0 for Android mishandles... |
| CVE-2023-46918 | 2023-12-27 | Phlox com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus has an... |
| CVE-2023-46919 | 2023-12-27 | Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka... |
| CVE-2023-47882 | 2023-12-27 | The Kami Vision YI IoT com.yunyi.smartcamera application through 4.1.9_20231127 for... |
| CVE-2023-47883 | 2023-12-27 | The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is... |
| CVE-2023-49000 | 2023-12-27 | An issue in ArtistScope ArtisBrowser v.34.1.5 and before allows an... |
| CVE-2023-49001 | 2023-12-27 | An issue in Indi Browser (aka kvbrowser) v.12.11.23 allows an... |
| CVE-2023-49002 | 2023-12-27 | An issue in Xenom Technologies (sinous) Phone Dialer-voice Call Dialer... |
| CVE-2023-49003 | 2023-12-27 | An issue in simplemobiletools Simple Dialer 5.18.1 allows an attacker... |
| CVE-2023-51074 | 2023-12-27 | json-path v2.8.0 was discovered to contain a stack overflow via... |
| CVE-2023-51079 | 2023-12-27 | A long execution time can occur in the ParseTools.subCompileExpression method... |
| CVE-2023-51080 | 2023-12-27 | The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain... |
| CVE-2023-51084 | 2023-12-27 | hyavijava v6.0.07.1 was discovered to contain a stack overflow via... |
| CVE-2023-51075 | 2023-12-27 | hutool-core v5.8.23 was discovered to contain an infinite loop in... |
| CVE-2023-6190 | 2023-12-27 | Authenicated Path Traversal in İzmir Katip Çelebi University |
| CVE-2023-7116 | 2023-12-27 | WeiYe-Jing datax-web HTTP POST Request killJob os command injection |
| CVE-2023-4641 | 2023-12-27 | Shadow-utils: possible password leak during passwd(1) change |
| CVE-2023-3171 | 2023-12-27 | Eap-7: heap exhaustion via deserialization |
| CVE-2023-50255 | 2023-12-27 | Zip Path Traversal in Deepin-Compressor |
| CVE-2023-51443 | 2023-12-27 | FreeSWITCH susceptible to Denial of Service via DTLS Hello packets during call initiation |
| CVE-2023-51664 | 2023-12-27 | tj-actions/changed-files command injection in output filenames |
| CVE-2023-51697 | 2023-12-27 | Audiobookshelf vulnerable to Blind SSRF in `podcastUtils.js` |
| CVE-2023-51665 | 2023-12-27 | Audiobookshelf vulnerable to Blind SSRF in `Auth.js` |
| CVE-2023-51700 | 2023-12-27 | WP-Mobile-BankID-Integration WordPress Database Deserialization: Potential for Object Injection |
| CVE-2023-52077 | 2023-12-27 | External apps using tokens issued by administrators and moderators can call admin APIs |
| CVE-2023-52075 | 2023-12-27 | ReVanced API vulnerable to Denial of Service due to lack of error caching |
| CVE-2023-6879 | 2023-12-27 | heap buffer overflow in libaom |
| CVE-2023-7123 | 2023-12-27 | SourceCodester Medicine Tracking System sql injection |
| CVE-2023-46987 | 2023-12-28 | SeaCMS v12.9 was discovered to contain a remote code execution... |
| CVE-2023-46989 | 2023-12-28 | SQL Injection vulnerability in the Innovadeluxe Quick Order module for... |
| CVE-2023-49228 | 2023-12-28 | An issue was discovered in Peplink Balance Two before 8.4.0.... |
| CVE-2023-49229 | 2023-12-28 | An issue was discovered in Peplink Balance Two before 8.4.0.... |
| CVE-2023-49230 | 2023-12-28 | An issue was discovered in Peplink Balance Two before 8.4.0.... |
| CVE-2023-49469 | 2023-12-28 | Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows... |
| CVE-2023-50038 | 2023-12-28 | There is an arbitrary file upload vulnerability in the background... |
| CVE-2023-50104 | 2023-12-28 | ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing... |
| CVE-2023-50445 | 2023-12-28 | Shell Injection vulnerability GL.iNet A1300 v4.4.6, AX1800 v4.4.6, AXT1800 v4.4.6,... |
| CVE-2023-50448 | 2023-12-28 | In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue... |
| CVE-2023-50470 | 2023-12-28 | A cross-site scripting (XSS) vulnerability in the component admin_ Video.php... |
| CVE-2023-51006 | 2023-12-28 | An issue in the openFile method of Chinese Perpetual Calendar... |
| CVE-2023-51010 | 2023-12-28 | An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2... |
| CVE-2023-52152 | 2023-12-28 | mupnp/net/uri.c in mUPnP for C through 3.0.2 has an out-of-bounds... |
| CVE-2023-34829 | 2023-12-28 | Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers... |
| CVE-2023-50692 | 2023-12-28 | File Upload vulnerability in JIZHICMS v.2.5, allows remote attacker to... |
| CVE-2023-7124 | 2023-12-28 | code-projects E-Commerce Site search.php cross site scripting |
| CVE-2023-45701 | 2023-12-28 | HCL Launch is susceptible to sensitive information disclosure |
| CVE-2023-45702 | 2023-12-28 | HCL Launch Agent as a Windows service is vulnerable to a Denial of Service |
| CVE-2023-4671 | 2023-12-28 | SQLi in Talent Soft's ECOP |
| CVE-2023-4672 | 2023-12-28 | XSS in Talent Soft's ECOP |
| CVE-2023-51501 | 2023-12-28 | WordPress Uncode Core Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50874 | 2023-12-28 | WordPress Ajax Load More Plugin <= 6.1.0.1 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50860 | 2023-12-28 | WordPress Amelia Plugin <= 1.0.85 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50859 | 2023-12-28 | WordPress WP Crowdfunding Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50836 | 2023-12-28 | WordPress HTML Forms Plugin <= 1.3.28 is vulnerable to Cross Site Scripting (XSS) |
| CVE-2023-50873 | 2023-12-28 | WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-50858 | 2023-12-28 | WordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF) |
| CVE-2023-36381 | 2023-12-28 | WordPress Zippy Plugin <= 1.6.5 is vulnerable to PHP Object Injection |
| CVE-2023-32795 | 2023-12-28 | WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection |