NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2023-45560 - An issue in Yasukawa memberscard v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
Published: November 13, 2023; 10:15:09 PM -0500

V3.1: 7.5 HIGH
CVE-2023-46025 - SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter.
Published: November 14, 2023; 5:15:30 PM -0500

V3.1: 4.9 MEDIUM
CVE-2023-46445 - An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack.
Published: November 13, 2023; 10:15:09 PM -0500

V3.1: 5.9 MEDIUM
CVE-2023-46024 - SQL Injection vulnerability in index.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary SQL commands and obtain sensitive information via the 'searchdata' parameter.
Published: November 14, 2023; 5:15:30 PM -0500

V3.1: 7.5 HIGH
CVE-2023-46023 - SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter.
Published: November 14, 2023; 5:15:30 PM -0500

V3.1: 6.5 MEDIUM
CVE-2023-47653 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abu Bakar TWB Woocommerce Reviews plugin <= 1.7.5 versions.
Published: November 14, 2023; 2:15:31 PM -0500

V3.1: 4.8 MEDIUM
CVE-2023-47654 - Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in livescore.Bz BZScore – Live Score plugin <= 1.03 versions.
Published: November 14, 2023; 2:15:31 PM -0500

V3.1: 5.4 MEDIUM
CVE-2023-47656 - Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Marco Milesi ANAC XML Bandi di Gara plugin <= 7.5 versions.
Published: November 14, 2023; 2:15:31 PM -0500

V3.1: 5.4 MEDIUM
CVE-2023-47658 - Auth. (ShopManager+) Stored Cross-Site Scripting (XSS) vulnerability in actpro Extra Product Options for WooCommerce plugin <= 3.0.3 versions.
Published: November 14, 2023; 2:15:32 PM -0500

V3.1: 4.8 MEDIUM
CVE-2023-47550 - Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations allows Stored XSS.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.
Published: November 14, 2023; 3:15:08 PM -0500

V3.1: 6.1 MEDIUM
CVE-2023-47554 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DenK BV Actueel Financieel Nieuws – Denk Internet Solutions plugin <= 5.1.0 versions.
Published: November 14, 2023; 3:15:08 PM -0500

V3.1: 4.8 MEDIUM
CVE-2023-47646 - Auth. (Shop Manager+) Stored Cross-Site Scripting (XSS) vulnerability in CedCommerce Recently viewed and most viewed products plugin <= 1.1.1 versions.
Published: November 14, 2023; 3:15:08 PM -0500

V3.1: 4.8 MEDIUM
CVE-2023-47533 - Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpdevart Countdown and CountUp, WooCommerce Sales Timer plugin <= 1.8.2 versions.
Published: November 14, 2023; 4:15:11 PM -0500

V3.1: 4.8 MEDIUM
CVE-2023-26531 - Cross-Site Request Forgery (CSRF) vulnerability in ??? ?????????????-??Baidu/Google/Bing/IndexNow/Yandex/?? plugin <= 4.2.7 versions.
Published: November 12, 2023; 8:15:07 PM -0500

V3.1: 8.8 HIGH
CVE-2023-46026 - Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters.
Published: November 14, 2023; 5:15:30 PM -0500

V3.1: 4.8 MEDIUM
CVE-2023-46580 - Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component.
Published: November 14, 2023; 5:15:30 PM -0500

V3.1: 5.4 MEDIUM
CVE-2023-46581 - SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component.
Published: November 14, 2023; 5:15:30 PM -0500

V3.1: 5.5 MEDIUM
CVE-2023-31754 - Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel.
Published: November 13, 2023; 11:15:07 PM -0500

V3.1: 4.8 MEDIUM
CVE-2023-47609 - SQL injection vulnerability in OSS Calendar versions prior to v.2.0.3 allows a remote authenticated attacker to execute arbitrary code or obtain and/or alter the information stored in the database by sending a specially crafted request.
Published: November 14, 2023; 1:15:29 AM -0500

V3.1: 8.8 HIGH
CVE-2023-47680 - Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Qode Interactive Qi Addons For Elementor plugin <= 1.6.3 versions.
Published: November 13, 2023; 7:15:08 PM -0500

V3.1: 5.4 MEDIUM

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: