Skip to main content
CVE-2023-22301 HIGH This Week

The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-27899 HIGH PATCH This Week

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Jenkins Authentication Bypass
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-27850 MEDIUM This Month

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rax30 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-25147 MEDIUM This Month

An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Apex One
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-1203 MEDIUM This Month

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-1201 MEDIUM This Month

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24975 MEDIUM This Month

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Spectrum Symphony
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0746 MEDIUM This Month

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gigavue Os
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25947 MEDIUM This Month

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24465 MEDIUM This Month

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0083 MEDIUM This Month

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27904 MEDIUM PATCH This Month

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-1337 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
3.0%
CVE-2023-27577 MEDIUM PATCH This Month

flarum is a forum software package for building communities. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Flarum
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-27903 MEDIUM PATCH This Month

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-0193 MEDIUM This Month

NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Buffer Overflow Information Disclosure Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-1339 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1338 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1336 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1335 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1334 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1333 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1346 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1345 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1344 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1343 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1342 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1341 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1340 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-27902 MEDIUM PATCH This Month

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy