Skip to main content
CVE-2023-31064 HIGH PATCH This Week

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31454 HIGH PATCH This Week

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31453 HIGH PATCH This Week

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31206 HIGH PATCH This Week

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31058 HIGH PATCH This Week

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-28709 HIGH PATCH This Week

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Debian Linux 7 Mode Transition Tool
NVD
CVSS 3.1
7.5
EPSS
51.5%
CVE-2023-33297 HIGH PATCH This Week

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-25183 HIGH This Week

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-31101 MEDIUM PATCH This Month

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.5.0 through 1.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-31245 MEDIUM This Month

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Orvc
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32348 MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Remote Management System
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2023-31779 MEDIUM PATCH This Month

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wekan
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28412 MEDIUM This Month

When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32346 MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Management System
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-33285 MEDIUM This Month

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qt
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-45079 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Loginizer
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-33288 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 6.2.9. Rated medium severity (CVSS 4.7). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-33264 MEDIUM PATCH This Month

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Hazelcast
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy