Skip to main content
CVE-2023-34316 HIGH PATCH This Week

​An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3270 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icr890 4 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-3209 LOW POC Monitor

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Mstore Api
NVD WPScan
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-30449 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-30448 HIGH PATCH This Week

IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-30447 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-30446 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-30445 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-30442 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-27540 HIGH This Week

IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Cloud Pak For Data Watson Cp4D Data Stores
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-37288 HIGH This Week

SmartBPM.NET component has a vulnerability of path traversal within its file download function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Smartbpm Net
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-29095 HIGH This Week

Auth. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rsvpmaker
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-29256 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Microsoft IBM Db2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-28955 MEDIUM PATCH This Month

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service IBM Watson Knowledge Catalog On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-2853 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Selfpatron
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3564 MEDIUM This Month

A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Gz Multi Hotel Booking System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3563 MEDIUM This Month

A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gz E Learning Platform
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3562 MEDIUM This Month

A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Php Crm Platform
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3561 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Php Gz Hotel Booking Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3560 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ticket Booking Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3559 MEDIUM This Month

A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Php Gz Appointment Scheduling Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3557 MEDIUM This Month

A vulnerability was found in GZ Scripts Property Listing Script 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Property Listing Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3556 MEDIUM This Month

A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Car Listing Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3555 MEDIUM This Month

A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Php Vacation Rental Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3554 MEDIUM This Month

A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Gz Forum Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37150 MEDIUM This Month

Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "/admin/index.php?page=categories" Category item. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online Pizza Ordering System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24486 MEDIUM This Month

A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Citrix Workspace
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32627 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the read_samples function at sox/src/voc.c:334:18. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26590 MEDIUM This Month

A floating point exception vulnerability was found in sox, in the lsx_aiffstartwrite function at sox/src/aiff.c:622:58. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Sound Exchange Extra Packages For Enterprise Linux Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23348 MEDIUM This Month

HCL Launch could disclose sensitive information if a manual edit of a configuration file has been performed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hcl Launch
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1183 MEDIUM PATCH This Month

A flaw was found in the Libreoffice package. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Libreoffice Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
64.6%
CVE-2023-30963 MEDIUM This Month

A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Foundry Frontend
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3558 MEDIUM This Month

A vulnerability classified as problematic has been found in GZ Scripts Event Booking Calendar 1.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Event Booking Calendar
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-35697 MEDIUM This Month

Improper Restriction of Excessive Authentication Attempts in the SICK ICR890-4 could allow a remote attacker to brute-force user credentials. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icr890 4 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-35698 MEDIUM This Month

Observable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login attempt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icr890 4 Firmware
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-35699 MEDIUM This Month

Cleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icr890 4 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-30956 MEDIUM This Month

A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Foundry Comments
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-3568 MEDIUM This Month

Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Fossbilling
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30960 MEDIUM This Month

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Foundry Job Tracker
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-24490 MEDIUM This Month

Users with only access to launch VDA applications can launch an unauthorized desktop. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Virtual Apps And Desktops Linux Virtual Delivery Agent
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-35887 MEDIUM PATCH This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Sshd
NVD
CVSS 3.1
4.3
EPSS
1.3%
CVE-2023-28953 MEDIUM PATCH This Month

IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Cognos Analytics Cartridge For Ibm Cloud Pak For Data
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-23487 MEDIUM PATCH This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft IBM Db2
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-34442 LOW PATCH Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apache Information Disclosure Camel
NVD
CVSS 3.1
3.3
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy