Skip to main content
CVE-2023-30383 HIGH This Week

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Buffer Overflow Archer C2 V1 Firmware Archer C20 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22060 HIGH PATCH This Week

Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Authentication Bypass Hyperion Workspace
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2023-3714 HIGH PATCH This Week

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-37758 HIGH This Week

D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 815 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-28021 HIGH This Week

The BigFix WebUI uses weak cipher suites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bigfix Webui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-38257 HIGH This Week

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scrutisweb
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-33871 HIGH This Week

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Scrutisweb
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-2263 HIGH This Week

The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Kinetix 5700 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3743 HIGH This Week

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ap Page Builder
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34142 HIGH This Week

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Device Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31998 HIGH PATCH This Week

A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Edgemax Edgerouter Firmware Aircube Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3459 HIGH PATCH This Week

The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass WordPress Import Export Wordpress Users
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2023-3527 MEDIUM PATCH This Month

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Microsoft Call Management System
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-46857 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sitealert
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-22040 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Weblogic Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22037 MEDIUM PATCH This Month

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Web Applications Desktop Integrator
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22022 MEDIUM PATCH This Month

Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Health Sciences Applications
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-21994 MEDIUM PATCH This Month

Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Oracle Google Authentication Bypass Fusion Middleware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-2913 MEDIUM This Month

An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Rockwell Thinmanager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-28023 MEDIUM This Month

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bigfix Webui
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-2433 MEDIUM PATCH This Month

The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Yet Another Related Posts Plugin
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-3708 MEDIUM PATCH This Month

Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Amela Arendelle Everse +2
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-22055 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22042 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Applications Framework
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22035 MEDIUM PATCH This Month

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Oracle XSS E Business Suite
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28020 MEDIUM This Month

URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Bigfix Webui
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-33312 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Captcha
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33231 MEDIUM PATCH This Month

XSS attack was possible in DPA 2023.2 due to insufficient input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Database Performance Analyzer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36384 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32965 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jazz Popups
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-21961 MEDIUM PATCH This Month

Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Oracle Authentication Bypass Hyperion Essbase Administration Services
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-22053 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2023-22043 MEDIUM PATCH This Month

Vulnerability in Oracle Java SE (component: JavaFX). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-21983 MEDIUM PATCH This Month

Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service Application Express
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2023-22017 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Oracle Denial Of Service Microsoft Vm Virtualbox
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-35763 MEDIUM This Month

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scrutisweb
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3403 MEDIUM PATCH This Month

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-22061 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22050 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22039 MEDIUM PATCH This Month

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Agile Plm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22020 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22011 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37259 MEDIUM PATCH This Month

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Matrix React Sdk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36383 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3709 MEDIUM PATCH This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-22041 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
5.1
EPSS
0.5%
CVE-2023-22057 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-22056 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2023-22054 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-22046 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy