Skip to main content
CVE-2023-24977 HIGH This Week

Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apache Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-23846 HIGH This Week

Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Open5gs
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0619 MEDIUM This Month

The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.6.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Kraken Io Image Optimizer
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-22283 MEDIUM This Month

On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Big Ip Access Policy Manager Big Ip Edge
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-23750 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Joomla
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-23078 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in the Assets. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2023-23077 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status comment. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2023-23075 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Assetexplorer
NVD
CVSS 3.1
6.1
EPSS
2.6%
CVE-2023-23074 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
6.1
EPSS
83.6%
CVE-2023-23073 MEDIUM This Month

Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Servicedesk Plus
NVD
CVSS 3.1
6.1
EPSS
2.8%
CVE-2023-22418 MEDIUM This Month

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.7, 14.1.x before 14.1.5.3, and all versions of 13.1.x, an open redirect vulnerability exists on virtual servers enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-23128 MEDIUM This Month

Connectwise Control 22.8.10013.8329 is vulnerable to Cross Origin Resource Sharing (CORS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Information Disclosure Connectwise
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23126 MEDIUM This Month

Connectwise Automate 2022.11 is vulnerable to Clickjacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Automate
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23630 MEDIUM PATCH This Month

Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Eta
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-22302 MEDIUM This Month

In BIG-IP versions 17.0.x before 17.0.0.2, and 16.1.x beginning in 16.1.2.2 to before 16.1.3.3, when an HTTP profile is configured on a virtual server and conditions beyond the attacker’s control. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-23130 MEDIUM This Month

Connectwise Automate 2022.11 is vulnerable to Cleartext authentication. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Automate
NVD GitHub
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-22573 MEDIUM This Month

Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23127 MEDIUM This Month

In Connectwise Control 22.8.10013.8329, the login page does not implement HSTS headers therefore not enforcing HTTPS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Connectwise
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-22326 MEDIUM This Month

In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-0599 MEDIUM This Month

Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Metasploit
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23751 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Joomla
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-23469 LOW Monitor

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy