Skip to main content
CVE-2023-30847 HIGH PATCH This Week

H2O is an HTTP server. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service H2O
NVD GitHub
CVSS 3.1
8.2
EPSS
0.9%
CVE-2023-21712 HIGH PATCH This Week

Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition RCE Microsoft Windows 10 Windows 10 1607 +13
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-2355 HIGH PATCH This Week

Local privilege escalation due to a DLL hijacking vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Snap Deploy
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-2331 HIGH This Week

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service.3.12 through. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Surelock
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31287 HIGH PATCH This Week

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Serene Startsharp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-2335 HIGH This Week

Plaintext Password in Registry vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve Admin user credentials3.12 through 2.40.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Surelock
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-29255 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-30444 MEDIUM PATCH This Month

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Watson Machine Learning On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28286 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24966 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31285 MEDIUM PATCH This Month

An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Serene Startsharp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-28261 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Microsoft Edge Chromium
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-29471 MEDIUM PATCH This Month

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Alpakka Kafka
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27860 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-31286 MEDIUM PATCH This Month

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Serene Startsharp
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-30852 MEDIUM PATCH This Month

Pimcore is an open source data and experience management platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Pimcore
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-22901 MEDIUM This Month

ChangingTec MOTP system has a path traversal vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mobile One Time Password
NVD
CVSS 3.1
4.9
EPSS
0.9%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy