Skip to main content
CVE-2023-29282 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29281 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29280 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29278 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29276 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29275 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29274 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29273 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-2644 HIGH This Week

A vulnerability, which was classified as problematic, has been found in DigitalPersona FPSensor 1.0.0.1.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Digitalpersona Fpsensor
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28356 HIGH This Week

A vulnerability has been identified where a maliciously crafted message containing a specific chain of characters can cause the chat to enter a hot loop on one of the processes, consuming ~120% CPU. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rocket Chat
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2443 HIGH This Week

Rockwell Automation ThinManager product allows the use of medium strength ciphers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Thinmanager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-0857 HIGH This Week

Unintentional change of settings during initial registration of system administrators which uses control protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Mf642Cdw Firmware Mf644Cdw Firmware Mf741Cdw Firmware +42
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31442 HIGH This Week

In Lightbend Akka before 2.8.1, the async-dns resolver (used by Discovery in DNS mode and transitively by Cluster Bootstrap) uses predictable DNS transaction IDs when resolving DNS records, making. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Akka Actor Akka Discovery
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30172 HIGH PATCH This Week

A directory traversal vulnerability in the /get-artifact API method of the mlflow platform up to v2.0.1 allows attackers to read arbitrary files on the server via the path parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-29400 HIGH PATCH This Week

Templates containing actions in unquoted HTML attributes (e.g. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Go
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-24539 HIGH PATCH This Week

Angle brackets (<>) are not considered dangerous characters when inserted into CSS contexts. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Go
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-29031 HIGH This Week

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell XSS Information Disclosure Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-29030 HIGH This Week

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell XSS Information Disclosure Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-28361 MEDIUM This Month

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti CSRF Unifi Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28325 MEDIUM This Month

An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-29024 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Information Disclosure Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-27554 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Websphere Application Server
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-28358 MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29791 MEDIUM This Month

kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kodbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30394 MEDIUM This Month

The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moveit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29023 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell XSS Information Disclosure Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-27870 MEDIUM PATCH This Month

IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Spectrum Virtualize
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-29029 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29028 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29027 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29026 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29025 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29022 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29286 MEDIUM This Month

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe Information Disclosure Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29279 MEDIUM This Month

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29277 MEDIUM This Month

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22720 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Links Page
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28359 MEDIUM This Month

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-0859 MEDIUM This Month

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Mf642Cdw Firmware Mf644Cdw Firmware Mf741Cdw Firmware +42
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-0858 MEDIUM This Month

Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Mf642Cdw Firmware Mf644Cdw Firmware Mf741Cdw Firmware +42
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-29986 MEDIUM This Month

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Boot Actuator Logview
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-2490 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Useragent Spy
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2646 MEDIUM This Month

A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service TP-Link Archer C7 Firmware
NVD VulDB
CVSS 3.1
4.5
EPSS
0.3%
CVE-2023-28360 MEDIUM This Month

An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-28357 MEDIUM This Month

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32082 MEDIUM PATCH This Month

etcd is a distributed key-value store for the data of a distributed system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Etcd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy