Lista CVE 2023/46xxx

CVE nel gruppo: 46xxx

CVE-2023-46068 (N/A)

CVE-2023-46069 (WordPress Maileon Plugin <= 2.16.0 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46070 (WordPress Ajax Archive Calendar Plugin <= 2.6.7 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46071 (WordPress EG-Attachments Plugin <= 2.1.3 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46072 (WordPress Protección de Datos RGPD Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46073 (WordPress Add Shortcodes Actions And Filters Plugin <= 2.0.9 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46074 (WordPress DX Delete Attached Media plugin <= 2.0.5.1 - Broken Access Control vulnerability + CSRF)

CVE-2023-46075 (WordPress FreshMail For WordPress Plugin <= 2.3.2 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46076 (WordPress Contact Form Builder, Contact Widget Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46077 (WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.102 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46078 (WordPress The Awesome Feed – Custom Feed Plugin <= 2.2.5 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46079 (WordPress Serial Numbers for WooCommerce – License Manager Plugin <= 1.6.3 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-46080 (WordPress Ashe Extra plugin <= 1.2.9 - Broken Access Control + CSRF vulnerability)

CVE-2023-46081 (WordPress ApplyOnline – Application Form Builder and Manager plugin <= 2.5.3 - Broken Access Control vulnerability)

CVE-2023-46082 (WordPress Lava Directory Manager Plugin <= 1.1.34 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46083 (WordPress Broken Link Checker | Finder plugin <= 2.4.2 - Broken Access Control vulnerability)

CVE-2023-46084 (WordPress Kali Forms plugin <= 2.3.27 - Broken Access Control vulnerability)

CVE-2023-46085 (WordPress Icons Font Loader Plugin <= 1.1.2 is vulnerable to SQL Injection)

CVE-2023-46086 (WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-46087 (WordPress affiliate-toolkit – WordPress Affiliate Plugin Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46088 (WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-46089 (WordPress WP Full Stripe Free Plugin <= 1.6.1 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46090 (WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-46091 (WordPress Spider Facebook Plugin <= 1.0.15 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46092 (WordPress Category SEO Meta Tags Plugin <= 2.5 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46093 (WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-46094 (WordPress Webmaster Tools Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46095 (WordPress Conversios.io Plugin <= 6.5.3 is vulnerable to Cross Site Scripting (XSS))

CVE-2023-46096 (WordPress Smooth Scroll Links Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF))

CVE-2023-46097 (N/A)

CVE-2023-46098 (N/A)

CVE-2023-46099 (N/A)

CVE-2023-46100 (N/A)

CVE-2023-46102 (Cert manager has a use of uninitialized resource vulnerability)

CVE-2023-46103 (N/A)

CVE-2023-46104 (N/A)

CVE-2023-46115 (Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb)

CVE-2023-46116 (Updater Private Keys Possibly Leaked via Vite Environment Variables in tauri-cli)

CVE-2023-46117 (Remote Code Execution via insufficiently sanitized call to shell.openExternal)

CVE-2023-46118 (Inadequate validation of retrieved subdomains may lead to a Remote Code Execution in reconFTW)

CVE-2023-46119 (Denial of Service by publishing large messages over the HTTP API)

CVE-2023-46120 (Parse Server may crash when uploading file without extension)

CVE-2023-46121 (RabbitMQ Java client’s lack of message size limitation leads to remote DoS attack)

CVE-2023-46122 (Generic Extractor MITM Vulnerability in yt-dlp)

CVE-2023-46123 (Arbitrary file write via archive extraction (Zip Slip) vulnerability in sbt)

CVE-2023-46124 (jumpserver is vulnerable to password brute-force protection bypass via arbitrary IP values)

CVE-2023-46125 (Server-Side Request Forgery Vulnerability in Custom Integration Upload)

CVE-2023-46126 (Fides Information Disclosure Vulnerability in Config API Endpoint)

CVE-2023-46127 (Fides JavaScript Injection Vulnerability in Privacy Center URL)

CVE-2023-46128 (Frappe vulnerable to HTML injection by any Desk user)

CVE-2023-46129 (Exposure of hashed user passwords via REST API in Nautobot)

CVE-2023-46130 (xkeys Seal encryption used fixed key for all encryption)

CVE-2023-46131 (Bypassing height value allowed in some theme components)

CVE-2023-46132 (Grails® data binding causes JVM crash and/or DoS )

CVE-2023-46133 (Crosslinking transaction attack in hyperledger/fabric)

CVE-2023-46134 (crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard)

CVE-2023-46135 (D-Tale vulnerable to Remote Code Execution through the Custom Filter Input)

CVE-2023-46136 (Panic in SignedPayload::from_payload)

CVE-2023-46137 (Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning)

CVE-2023-46138 (twisted.web has disordered HTTP pipeline response)