Skip to main content
CVE-2023-2618 HIGH PATCH This Week

A vulnerability, which was classified as problematic, has been found in OpenCV wechat_qrcode Module up to 4.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Opencv
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-2617 HIGH PATCH This Week

A vulnerability classified as problematic was found in OpenCV wechat_qrcode Module up to 4.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Opencv
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-27527 HIGH This Week

Shinseiyo Sogo Soft (7.9A) and earlier improperly restricts XML external entity references (XXE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Shinseiyo Sogo Soft
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-27510 HIGH This Week

JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jb Inquiry Form
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-25184 HIGH This Week

Use of weak credentials exists in Seiko Solutions SkyBridge and SkySpider series, which may allow a remote unauthenticated attacker to decrypt password for the WebUI of the product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Skybridge Basic Mb A130 Firmware Skybridge Mb A200 Firmware Skyspider Mb R210 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25072 HIGH This Week

Use of weak credentials exists in SkyBridge MB-A100/110 firmware Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23906 HIGH This Week

Missing authentication for critical function exists in SkyBridge MB-A100/110 firmware Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-23578 HIGH This Week

Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Mb A200 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-27386 HIGH This Week

Uncontrolled search path in some Intel(R) Pathfinder for RISC-V software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Pathfinder For Risc V
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-32568 HIGH This Week

An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Injection Infoscale Operations Manager
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-22442 HIGH PATCH This Week

Out of bounds write in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Intel Server System D50Tnp1Mhcrlc Firmware +9
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-25545 MEDIUM PATCH This Month

Improper buffer restrictions in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-31150 MEDIUM This Month

A Storing Passwords in a Recoverable Format vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) database system could allow an authenticated attacker. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32573 MEDIUM PATCH This Month

In Qt before 5.15.14, 6.0.x through 6.2.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1, QtSvg QSvgFont m_unitsPerEm initialization is mishandled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Qt Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-25070 MEDIUM This Month

Cleartext transmission of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-24586 MEDIUM This Month

Cleartext storage of sensitive information exists in SkyBridge MB-A100/110 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23901 MEDIUM This Month

Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Basic Mb A130 Firmware Skybridge Mb A200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22361 MEDIUM This Month

Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Skybridge Mb A110 Firmware Skybridge Mb A100 Firmware
NVD
CVSS 3.1
6.5
EPSS
35.9%
CVE-2023-32070 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Rendering Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-29101 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Betheme
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27455 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Update Image Tag Alt Attribute
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27419 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Viable Blog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24392 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Full Width Banner Slider Wp
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27918 MEDIUM This Month

Cross-site scripting vulnerability in Appointment and Event Booking Calendar for WordPress - Amelia versions prior to 1.0.76 allows a remote unauthenticated attacker to inject an arbitrary script by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Amelia
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-47436 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MantraBrain Yatra allows Stored XSS.1.14. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yatra
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-32570 MEDIUM PATCH This Month

VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Dav1D Fedora
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-32076 MEDIUM PATCH This Month

in-toto is a framework to protect supply chain integrity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure In Toto
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28411 MEDIUM PATCH This Month

Double free in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25772 MEDIUM This Month

Improper input validation in the Intel(R) Retail Edge Mobile Android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable denial of service via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Intel Retail Edge Program
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25771 MEDIUM PATCH This Month

Improper access control for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Authentication Bypass Nuc 8 Compute Element Cm8I3Cb4N Firmware Nuc 8 Compute Element Cm8I5Cb8N Firmware +57
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-25179 MEDIUM This Month

Uncontrolled resource consumption in the Intel(R) Unite(R) android application before Release 17 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Intel Unite
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25175 MEDIUM PATCH This Month

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23909 MEDIUM This Month

Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2021.8.0 published Dec 2022 may allow an authenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Oneapi Hpc Toolkit Trace Analyzer And Collector
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22443 MEDIUM PATCH This Month

Integer overflow in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22379 MEDIUM PATCH This Month

Improper input validation in some Intel(R) Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Server System D50Tnp1Mhcrlc Firmware Server System D50Tnp1Mhcpac Firmware Server System D50Tnp2Mhsvac Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31165 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31164 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31163 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31160 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31159 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31158 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31157 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31156 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31155 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31154 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31153 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sel 2241 Rtac Module Firmware Sel 3350 Firmware Sel 3505 Firmware Sel 3505 3 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23873 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bbspoiler
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22696 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Affiliate Links Lite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23786 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Affiliate Toolkit
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23701 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Web Design Easy Sign Up
NVD
CVSS 3.1
5.4
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy