Skip to main content
CVE-2023-33124 HIGH PATCH This Week

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33123 HIGH PATCH This Week

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10),. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30897 HIGH PATCH This Week

A vulnerability has been identified in SIMATIC WinCC (All versions < V7.5.2.13). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

RCE Wincc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28000 HIGH This Week

An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC CLI 7.1.0, 7.0.0 through 7.0.3, 6.2.0 through 6.2.4, 6.1 all versions, 6.0 all versions may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Fortiadc
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26210 HIGH This Week

Multiple improper neutralization of special elements used in an os command ('OS Command Injection') vulnerabilties [CWE-78] vulnerability in Fortinet allows a local authenticated attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiadc Fortiadc Manager
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-22639 HIGH This Week

A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.12, FortiOS all versions 6.2, FortiOS all versions 6.0,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Fortinet Privilege Escalation Fortiproxy +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28602 HIGH This Week

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Microsoft Zoom
NVD
CVSS 3.1
7.7
EPSS
0.3%
CVE-2023-2778 HIGH This Week

A denial-of-service vulnerability exists in Rockwell Automation FactoryTalk Transaction Manager. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Factorytalk Transaction Manager
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-1707 HIGH This Week

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Futuresmart 5
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31196 HIGH This Week

Missing authentication for critical function in Wi-Fi AP UNIT allows a remote unauthenticated attacker to obtain sensitive information of the affected products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ac Pd Wapu Firmware Ac Pd Wapum Firmware Ac Pd Wapu P Firmware Ac Pd Wapum P Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-22633 HIGH This Week

An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Fortinac Fortinac F
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2729 HIGH This Week

Use of insufficiently random values vulnerability in User Management Functionality in Synology DiskStation Manager (DSM) before 7.2-64561 allows remote attackers to obtain user credential via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synology Diskstation Manager Unified Controller Router Manager Diskstation Manager
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31198 HIGH This Week

OS command injection vulnerability exists in Wi-Fi AP UNIT allows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ac Pd Wapu Firmware Ac Pd Wapum Firmware Ac Pd Wapu P Firmware Ac Pd Wapum P Firmware +4
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-33919 HIGH PATCH This Week

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Cpci85 Firmware
NVD
CVSS 3.1
7.2
EPSS
47.7%
CVE-2023-28603 HIGH This Week

Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-33921 MEDIUM PATCH This Month

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cpci85 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-33920 MEDIUM PATCH This Month

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Cpci85 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-34114 MEDIUM This Month

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Zoom
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-28601 MEDIUM This Month

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Zoom
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-28598 MEDIUM This Month

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoom
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33305 MEDIUM This Month

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortiproxy Fortiweb Fortios
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-26207 MEDIUM This Month

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25609 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-24469 MEDIUM This Month

Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Logger
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2876 MEDIUM This Month

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Rex640 Pcl1 Firmware Rex640 Pcl2 Firmware Rex640 Pcl3 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-33986 MEDIUM This Month

SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Customer Relationship Management Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33985 MEDIUM This Month

SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-32115 MEDIUM This Month

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

SQLi Master Data Synchronization
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-2827 MEDIUM This Month

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

SAP Authentication Bypass Digital Manufacturing Plant Connectivity
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-29498 MEDIUM This Month

Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Frenic Rhc Loader
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33122 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10),. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33121 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10),. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30757 MEDIUM This Month

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Totally Integrated Automation Portal
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28600 MEDIUM This Month

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoom
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-23831 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ratingwidget
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33984 MEDIUM This Month

SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34250 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32301 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32061 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31142 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-31439 MEDIUM PATCH This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31438 MEDIUM This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-31437 MEDIUM This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-31195 MEDIUM This Month

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rt Ax3000 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-2673 MEDIUM This Month

Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fl Mguard 2102 Firmware Fl Mguard 4102 Pci Firmware Fl Mguard 4102 Pcie Firmware Fl Mguard 4302 Firmware +22
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-2638 MEDIUM This Month

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Rockwell Authentication Bypass Factorytalk Policy Manager Factorytalk System Services
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2023-25978 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Protected Posts Logout Button
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28620 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cyberus Key
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26538 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Chat Bee
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26528 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shipping Management
NVD
CVSS 3.1
4.8
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy