Skip to main content
CVE-2023-3132 MEDIUM PATCH This Month

The MainWP Child plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.4.1.1 due to insufficient controls on the storage of back-up files. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Mainwp Child
NVD VulDB
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-23468 MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35799 MEDIUM This Month

Stormshield Endpoint Security Evolution 2.0.0 through 2.3.2 has Insecure Permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2818 MEDIUM This Month

An insecure filesystem permission in the Insider Threat Management Agent for Windows enables local unprivileged users to disrupt agent monitoring. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Insider Threat Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3371 MEDIUM PATCH This Month

The EmbedPress plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'lock_content_form_handler' and 'display_password_form' function in versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure WordPress Embedpress
NVD VulDB
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-26274 MEDIUM PATCH This Month

IBM QRadar SIEM 7.5.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34099 MEDIUM PATCH This Month

Shopware is an open source e-commerce software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34098 MEDIUM PATCH This Month

Shopware is an open source e-commerce software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-35998 MEDIUM This Month

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management Server
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-26273 MEDIUM PATCH This Month

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-35800 MEDIUM This Month

Stormshield Endpoint Security Evolution 2.0.0 through 2.4.2 has Insecure Permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-36002 MEDIUM This Month

A missing authorization check in multiple URL validation endpoints of the Insider Threat Management Server enables an anonymous attacker on an adjacent network to smuggle content via DNS lookups. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Insider Threat Management Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-35798 MEDIUM PATCH This Month

Input Validation vulnerability in Apache Software Foundation Apache Airflow ODBC Provider, Apache Software Foundation Apache Airflow MSSQL Provider.This vulnerability is considered low since it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Microsoft Mssql Apache Airflow Providers Odbc
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%
CVE-2023-22834 MEDIUM This Month

The Contour Service was not checking that users had permission to create an analysis for a given dataset. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Contour
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3436 LOW Monitor

Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy