Skip to main content
CVE-2023-28867 HIGH PATCH This Week

In GraphQL Java (aka graphql-java) before 20.1, an attacker can send a crafted GraphQL query that causes stack consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Java Denial Of Service Graphql Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25828 HIGH PATCH This Week

Pluck CMS is vulnerable to an authenticated remote code execution (RCE) vulnerability through its “albums” module. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload PHP Pluck
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-24841 HIGH This Week

HGiga MailSherlock query function for connection log has a vulnerability of insufficient filtering for user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Oaklouds Mailsherlock
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-24840 HIGH This Week

HGiga MailSherlock mail query function has vulnerability of insufficient validation for user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Oaklouds Mailsherlock
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-24835 HIGH This Week

Softnext Technologies Corp.’s SPAM SQR has a vulnerability of Code Injection within its specific function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Spam Sqr
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-1380 HIGH PATCH This Week

A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Denial Of Service Linux Broadcom Information Disclosure +9
NVD
CVSS 3.1
7.1
EPSS
16.6%
CVE-2023-25818 HIGH PATCH This Week

Nextcloud server is an open source, personal cloud implementation. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-1077 HIGH PATCH This Week

In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition. Rated high severity (CVSS 7.0). This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +10
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-1079 MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-0778 MEDIUM PATCH This Month

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Podman Enterprise Linux
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-28885 MEDIUM This Month

The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Mylink Infotainment System
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-1073 MEDIUM PATCH This Month

A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2023-0241 MEDIUM PATCH This Month

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Pgadmin 4
NVD GitHub
CVSS 3.1
6.5
EPSS
8.8%
CVE-2023-28652 MEDIUM This Month

An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ey As525F001 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-27927 MEDIUM This Month

An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ey As525F001 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-24834 MEDIUM This Month

WisdomGarden Tronclass has improper access control when uploading file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tronclass Ilearn
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28884 MEDIUM PATCH This Month

In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Misp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28650 MEDIUM This Month

An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ey As525F001 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22300 MEDIUM This Month

An unauthenticated remote attacker could force all authenticated users, such as administrative users, to perform unauthorized actions by viewing the logs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation XSS Ey As525F001 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-24839 MEDIUM This Month

HGiga MailSherlock’s specific function has insufficient filtering for user input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oaklouds Mailsherlock
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28638 MEDIUM PATCH This Month

Snappier is a high performance C# implementation of the Snappy compression algorithm. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Snappier
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-1637 MEDIUM PATCH This Month

A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options functionality was found in the way user resuming. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Authentication Bypass Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25878 MEDIUM PATCH This Month

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25877 MEDIUM PATCH This Month

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25876 MEDIUM PATCH This Month

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25875 MEDIUM PATCH This Month

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1076 MEDIUM PATCH This Month

A flaw was found in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Authentication Bypass Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1074 MEDIUM PATCH This Month

A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28629 MEDIUM PATCH This Month

GoCD is an open source continuous delivery server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Gocd
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28655 MEDIUM This Month

A malicious user could leverage this vulnerability to escalate privileges or perform unauthorized actions in the context of the targeted privileged users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ey As525F001 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22707 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Greenshift
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25018 MEDIUM This Month

RIFARTEK IOT Wall transportation function has insufficient filtering for user input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Iot Wall
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22902 MEDIUM This Month

Openfind Mail2000 file uploading function has insufficient filtering for user input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mail2000
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22250 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento Open Source
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-24842 MEDIUM This Month

HGiga MailSherlock has vulnerability of insufficient access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oaklouds Mailsherlock
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-28866 MEDIUM This Month

In the Linux kernel through 6.2.8, net/bluetooth/hci_sync.c allows out-of-bounds access because amp_init1[] and amp_init2[] are supposed to have an intentionally invalid element, but do not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-22249 MEDIUM This Month

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Magento Open Source
NVD
CVSS 3.1
4.8
EPSS
57.4%
CVE-2023-26958 MEDIUM This Month

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the Admin Name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Park Ticketing Management System
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-41354 MEDIUM PATCH This Month

An access control issue in Argo CD v2.4.12 and below allows unauthenticated attackers to enumerate existing applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-28630 MEDIUM PATCH This Month

GoCD is an open source continuous delivery server. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure PostgreSQL Gocd
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-22251 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an Incorrect Authorization vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Information Disclosure Authentication Bypass Commerce Magento Open Source
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-1075 LOW PATCH Monitor

A flaw was found in the Linux Kernel. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-28640 LOW PATCH Monitor

Apiman is a flexible and open source API Management platform. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Apiman
NVD GitHub
CVSS 3.1
3.1
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy