The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2023-48107 | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_has_slash function in the mz_os.c file. | -- | Nov 24, 2023 | n/a |
| CVE-2023-48106 | Buffer Overflow vulnerability in zlib-ng minizip-ng v.4.0.2 allows an attacker to execute arbitrary code via a crafted file to the mz_path_resolve function in the mz_os.c file. | -- | Nov 22, 2023 | n/a |
| CVE-2023-48105 | An heap overflow vulnerability was discovered in Bytecode alliance wasm-micro-runtime v.1.2.3 allows a remote attacker to cause a denial of service via the wasm_loader_prepare_bytecode function in core/iwasm/interpreter/wasm_loader.c. | -- | Nov 24, 2023 | n/a |
| CVE-2023-48094 | A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim\'s browser via sending a crafted payload to /container_files/public_html/doc/index.html. | -- | Nov 14, 2023 | n/a |
| CVE-2023-48090 | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329. | -- | Nov 20, 2023 | n/a |
| CVE-2023-48089 | xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48088 | xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48087 | xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48078 | SQL Injection vulnerability in add.php in Simple CRUD Functionality v1.0 allows attackers to run arbitrary SQL commands via the \'title\' parameter. | -- | Nov 17, 2023 | n/a |
| CVE-2023-48068 | DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. | -- | Nov 13, 2023 | n/a |
| CVE-2023-48063 | An issue was discovered in dreamer_cms 4.1.3. There is a CSRF vulnerability that can delete a theme project via /admin/category/delete. | -- | Nov 13, 2023 | n/a |
| CVE-2023-48060 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add | -- | Nov 13, 2023 | n/a |
| CVE-2023-48058 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run | -- | Nov 13, 2023 | n/a |
| CVE-2023-48056 | PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48055 | SuperAGI v0.0.13 was discovered to use a hardcoded key for encryption operations. This vulnerability can lead to the disclosure of information and communications. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48054 | Missing SSL certificate validation in localstack v2.3.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48053 | Archery v1.10.0 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48052 | Missing SSL certificate validation in HTTPie v3.2.2 allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48051 | An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. | -- | Nov 21, 2023 | n/a |
| CVE-2023-48042 | Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. | -- | Nov 28, 2023 | n/a |
| CVE-2023-48039 | GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. | -- | Nov 20, 2023 | n/a |
| CVE-2023-48034 | An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. | -- | Nov 28, 2023 | n/a |
| CVE-2023-48031 | OpenSupports v4.11.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. In the comment function, an attacker can bypass security restrictions and upload a .bat file by manipulating the file\'s magic bytes to masquerade as an allowed type. This can enable the attacker to execute arbitrary code or establish a reverse shell, leading to unauthorized file writes or control over the victim\'s station via a crafted file upload operation. | -- | Nov 25, 2023 | n/a |
| CVE-2023-48029 | Corebos 8.0 and below is vulnerable to CSV Injection. An attacker with low privileges can inject a malicious command into a table. This vulnerability is exploited when an administrator visits the user management section, exports the data to a CSV file, and then opens it, leading to the execution of the malicious payload on the administrator\'s computer. | -- | Nov 25, 2023 | n/a |
| CVE-2023-48028 | kodbox 1.46.01 has a security flaw that enables user enumeration. This problem is present on the login page, where an attacker can identify valid users based on varying response messages, potentially paving the way for a brute force attack. | -- | Nov 25, 2023 | n/a |
| CVE-2023-48025 | Liblisp through commit 4c65969 was discovered to contain a out-of-bounds-read vulnerability in unsigned get_length(lisp_cell_t * x) at eval.c | -- | Nov 25, 2023 | n/a |
| CVE-2023-48024 | Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c | -- | Nov 25, 2023 | n/a |
| CVE-2023-48023 | Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor\'s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment | -- | Nov 28, 2023 | n/a |
| CVE-2023-48022 | Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor\'s position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment | -- | Nov 28, 2023 | n/a |
| CVE-2023-48021 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/update. | -- | Nov 14, 2023 | n/a |
| CVE-2023-48020 | Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/task/changeStatus. | -- | Nov 14, 2023 | n/a |
| CVE-2023-48017 | Dreamer_cms 4.1.3 is vulnerable to Cross Site Request Forgery (CSRF) via Add permissions to CSRF in Permission Management. | -- | Nov 25, 2023 | n/a |
| CVE-2023-48014 | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48013 | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. | -- | Nov 16, 2023 | n/a |
| CVE-2023-48011 | GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. | -- | Nov 16, 2023 | n/a |
| CVE-2023-47877 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Perfmatters allows Stored XSS.This issue affects Perfmatters: from n/a before 2.2.0. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47876 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Perfmatters allows Reflected XSS.This issue affects Perfmatters: from n/a through 2.1.6. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47875 | Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47872 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in gVectors Team wpForo Forum allows Stored XSS.This issue affects wpForo Forum: from n/a through 2.2.3. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47870 | Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47865 | Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username and icon when making a post even if the Hardened Mode setting was enabled | -- | Nov 27, 2023 | n/a |
| CVE-2023-47854 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Howard Ehrenberg Parallax Image allows Stored XSS.This issue affects Parallax Image: from n/a through 1.7.1. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47853 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in myCred myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin allows Stored XSS.This issue affects myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin: from n/a through 2.6.1. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47851 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Akhtarujjaman Shuvo Bootstrap Shortcodes Ultimate allows Stored XSS.This issue affects Bootstrap Shortcodes Ultimate: from n/a through 4.3.1. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47850 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a through 6.2.2.0. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47848 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through 0.20.4. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47844 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.This issue affects Grab & Save: from n/a through 1.0.4. | -- | Nov 30, 2023 | n/a |
| CVE-2023-47839 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions. | -- | Nov 28, 2023 | n/a |
| CVE-2023-47835 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ARI Soft ARI Stream Quiz – WordPress Quizzes Builder plugin <= 1.2.32 versions. | -- | Nov 28, 2023 | n/a |
| CVE-2023-47834 | Improper Neutralization of Input During Web Page Generation (\'Cross-site Scripting\') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions. | -- | Nov 28, 2023 | n/a |
