Skip to main content
CVE-2023-25472 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Podlove Podcast Publisher
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23724 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Email Capture
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23706 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF WordPress Wordpress Social Login And Register Discord Google Twitter Linkedin
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28394 HIGH This Week

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Beekeeper Studio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-27521 HIGH This Week

OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-27518 HIGH This Week

Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-27514 HIGH This Week

OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-27387 HIGH This Week

Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tr 71W Firmware Tr 72W Firmware Rtr 5W Firmware Wdr 7 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25946 HIGH This Week

Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Q Sl2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-31996 HIGH This Week

Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ane L6012R Firmware Ane L7012R Firmware Ano L6012R Firmware Ano L6022R Firmware +114
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-33359 MEDIUM POC This Month

Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Piwigo
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-31708 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Eyoucms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-23693 HIGH This Week

Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Vxrail Hyperconverged Infrastructure
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-30440 HIGH This Week

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Powervm Hypervisor
NVD
CVSS 3.1
7.9
EPSS
0.2%
CVE-2023-23694 HIGH This Week

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Vxrail Hyperconverged Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-31517 HIGH This Week

A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Teeworlds
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2703 HIGH This Week

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Competition Management System
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-31726 HIGH This Week

AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alist
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-30382 HIGH This Week

A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Half Life
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-28392 HIGH This Week

Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ac Wapu 300 Firmware Ac Wapu 300 P Firmware Ac Wapum 300 Firmware Ac Wapum 300 P Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-27512 HIGH This Week

Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-28390 MEDIUM This Month

Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Sr 7100Vn Firmware Sr 7100Vn 31 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-27921 MEDIUM This Month

JINS MEME CORE Firmware version 2.2.0 and earlier uses a hard-coded cryptographic key, which may lead to data acquired by a sensor of the affected product being decrypted by a network-adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jins Meme Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-26595 MEDIUM This Month

Denial-of-service (DoS) vulnerability in Message of Cybozu Garoon 4.10.0 to 5.9.2 allows a remote authenticated attacker to cause a denial of service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Garoon
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-30469 MEDIUM This Month

Cross-site Scripting vulnerability in Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view component) allows Reflected XSS.9.1-00 before 10.9.2-00. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ops Center Analyzer
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1209 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28367 MEDIUM This Month

Cross-site scripting vulnerability in CTA post function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vk All In One Expansion Unit
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-27926 MEDIUM This Month

Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vk All In One Expansion Unit
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-27925 MEDIUM This Month

Cross-site scripting vulnerability in Post function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vk Blocks
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-27923 MEDIUM This Month

Cross-site scripting vulnerability in Tag edit function of VK Blocks 1.53.0.1 and earlier and VK Blocks Pro 1.53.0.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vk Blocks
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-22654 MEDIUM This Month

Client-side enforcement of server-side security issue exists in T&D Corporation and ESPEC MIC CORP. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tr 71W Firmware Tr 72W Firmware Rtr 5W Firmware Wdr 7 Firmware +6
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-31995 MEDIUM This Month

Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ane L6012R Firmware Ane L7012R Firmware Ano L6012R Firmware Ano L6022R Firmware +114
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28015 MEDIUM This Month

The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino Appdev Pack
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-23545 MEDIUM This Month

Missing authentication for critical function exists in T&D Corporation and ESPEC MIC CORP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tr 71W Firmware Tr 72W Firmware Rtr 5W Firmware Wdr 7 Firmware +6
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-31994 MEDIUM This Month

Certain Hanwha products are vulnerable to Denial of Service (DoS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Arn 1610S Firmware Ane L6012R Firmware Ane L7012R Firmware Ano L6012R Firmware Ano L6022R Firmware +426
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-27920 MEDIUM This Month

Improper access control vulnerability in the system date/time setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
4.3
EPSS
1.8%
CVE-2023-27384 MEDIUM This Month

Operation restriction bypass vulnerability in MultiReport of Cybozu Garoon 5.15.0 allows a remote authenticated attacker to alter the data of MultiReport. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-27304 MEDIUM This Month

Operation restriction bypass vulnerability in Message and Bulletin of Cybozu Garoon 4.6.0 to 5.9.2 allows a remote authenticated attacker to alter the data of Message and/or Bulletin. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy