Skip to main content
CVE-2023-23719 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Premmerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-23646 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery - WordPress Gallery plugin <= 1.4.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Album Gallery
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22672 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Vslider
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2759 HIGH This Week

A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Core Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3700 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Easyappointments
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3591 HIGH This Week

Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-3615 HIGH This Week

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mattermost Information Disclosure Apple
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-3581 HIGH This Week

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-34141 HIGH This Week

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-34138 HIGH This Week

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +19
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-37476 HIGH PATCH This Week

OpenRefine is a free, open source tool for data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Openrefine
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-2760 HIGH This Week

An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Core Firmware
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-2959 HIGH This Week

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-37479 HIGH PATCH This Week

Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Intel Openenclave
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38405 HIGH This Week

On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cp3N 6505417 Firmware Cp3 6504877 Firmware Cp3 Gv 6506034 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-38403 HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-3590 HIGH This Week

Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2912 HIGH This Week

Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Sitemanager Embedded
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-35818 MEDIUM This Month

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Esp32 D0Wd V3 Firmware Esp32 D0Wdr2 V3 Firmware Esp32 U4Wdh Firmware Esp32 Pico V3 Firmware +18
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-35012 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM RCE Microsoft Stack Overflow +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-35096 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mycred
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-34140 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware +22
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3593 MEDIUM This Month

Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2960 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS).2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-38409 MEDIUM PATCH This Month

An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28864 MEDIUM This Month

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Chef Infra Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3586 MEDIUM This Month

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-2143 MEDIUM This Month

The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Enable Svg Webp Ico Upload
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0439 MEDIUM This Month

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Nex Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34036 MEDIUM PATCH This Month

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Hateoas
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-35901 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-33857 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-3585 MEDIUM This Month

Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3582 MEDIUM This Month

Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-3577 MEDIUM This Month

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost SSRF Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-3613 LOW Monitor

Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-3614 LOW Monitor

Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-3584 LOW Monitor

Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
3.1
EPSS
0.3%
CVE-2023-3587 LOW Monitor

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
2.7
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy