Skip to main content
CVE-2023-28998 MEDIUM POC PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-1748 CRITICAL Act Now

The listed versions of Nexx Smart Home devices use hard-coded credentials. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-28613 CRITICAL Act Now

An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Exynos 1280 Firmware Exynos 2200 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-26866 CRITICAL Act Now

GreenPacket OH736's WR-1200 Indoor Unit, OT-235 with firmware versions M-IDU-1.6.0.3_V1.1 and MH-46360-2.0.3-R5-GP respectively are vulnerable to remote command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Wr 1200 Firmware Ot 235 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-26974 MEDIUM POC This Month

Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Irfanview
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-1820 HIGH This Week

Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1818 HIGH This Week

Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1815 HIGH This Week

Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1812 HIGH This Week

Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1811 HIGH This Week

Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1810 HIGH This Week

Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-29323 HIGH PATCH This Week

ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Opensmtpd Openbsd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26775 HIGH This Week

File Upload vulnerability found in Monitorr v.1.7.6 allows a remote attacker t oexecute arbitrary code via a crafted file upload to the assets/php/upload.php endpoint. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE File Upload PHP Monitorr
NVD GitHub
CVSS 3.1
7.8
EPSS
49.4%
CVE-2023-25941 HIGH PATCH This Week

Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Denial Of Service Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25940 HIGH PATCH This Week

Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-1750 HIGH This Week

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-28842 MEDIUM PATCH This Month

Moby) is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Linux Docker Moby
NVD GitHub
CVSS 3.1
6.8
EPSS
1.4%
CVE-2023-1823 MEDIUM This Month

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1822 MEDIUM This Month

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1821 MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-1819 MEDIUM This Month

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1817 MEDIUM This Month

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-1816 MEDIUM This Month

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-1814 MEDIUM This Month

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1813 MEDIUM This Month

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1749 MEDIUM This Month

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-29000 MEDIUM PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-25942 MEDIUM PATCH This Month

Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Dell Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-26777 MEDIUM This Month

Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Uptime Kuma
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-26776 MEDIUM This Month

Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS Monitorr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-27734 MEDIUM PATCH This Month

An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Edb Debugger
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28848 MEDIUM PATCH This Month

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Nextcloud User Oidc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23977 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Social Comments
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23878 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS WordPress Wp Maps
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23686 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Staff List
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23685 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Portfolio
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1751 MEDIUM This Month

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-26437 MEDIUM This Month

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.6.5, through 4.7.4 , through 4.8.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1768 MEDIUM PATCH This Month

Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Checkmk
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-23870 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Responsive Vertical Icon Menu
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23821 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Interactive Polish Map
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1840 MEDIUM This Month

The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Spotify Play Button For Wordpress
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-1752 MEDIUM This Month

The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy