Skip to main content
CVE-2023-28147 MEDIUM This Month

An issue was discovered in the Arm Mali GPU Kernel Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Avalon Gpu Kernel Driver Bifrost Gpu Kernel Driver Midgard Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25730 MEDIUM This Month

A background script invoking <code>requestFullscreen</code> and then blocking the main thread could force the browser into fullscreen mode indefinitely, resulting in potential user confusion or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34094 MEDIUM PATCH This Month

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Authentication Bypass Chuanhuchatgpt
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1159 MEDIUM PATCH This Month

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via service titles in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Bookly
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32212 MEDIUM This Month

An attacker could have positioned a `datalist` element to obscure the address bar. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-32205 MEDIUM This Month

In multiple cases browser prompts could have been obscured by popups controlled by content. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-29538 MEDIUM This Month

Under specific circumstances a WebExtension may have received a <code>jar:file:///</code> URI instead of a <code>moz-extension:///</code> URI during a load request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Mozilla Firefox Focus
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-29533 MEDIUM This Month

A website could have obscured the fullscreen notification by using a combination of <code>window.open</code>, fullscreen requests, <code>window.name</code> assignments, and <code>setInterval</code>. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-28159 MEDIUM This Month

The fullscreen notification could have been hidden on Firefox for Android by using download popups, resulting in potential user confusion or spoofing attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google XSS Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-25750 MEDIUM This Month

Under certain circumstances, a ServiceWorker's offline cache may have leaked to the file system when using private browsing mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mozilla Firefox
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-25749 MEDIUM This Month

Android applications with unpatched vulnerabilities can be launched from a browser using Intents, exposing users to these vulnerabilities. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Authentication Bypass Firefox
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-25748 MEDIUM This Month

By displaying a prompt with a long description, the fullscreen notification could have been hidden, resulting in potential user confusion or spoofing attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google XSS Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy