Skip to main content
CVE-2023-1437 CRITICAL Act Now

All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess Scada
NVD
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-26317 CRITICAL Act Now

Xiaomi routers have an external interface that can lead to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Xiaomi Router Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26443 CRITICAL Act Now

Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite Backend
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36081 MEDIUM POC This Month

Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Flexiva Fax 150W Firmware
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-39114 MEDIUM POC This Month

ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ngiflib
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-39113 MEDIUM POC This Month

ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ngiflib
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1935 CRITICAL Act Now

ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Roc809 Firmware Roc827 Firmware Roc809L Firmware Roc827L Firmware +1
NVD
CVSS 3.1
9.4
EPSS
0.5%
CVE-2023-33257 MEDIUM POC This Month

Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Engagement Management
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-36121 MEDIUM POC This Month

Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS E107
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-33383 MEDIUM POC This Month

Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Pro 4Pm Firmware
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
2.5%
CVE-2023-38990 MEDIUM POC This Month

An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jeesite
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-38418 HIGH This Week

The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Jwt Attack Access Policy Manager Clients Big Ip Access Policy Manager
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-26440 HIGH This Week

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite Office
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26439 HIGH This Week

The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite Office
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-31432 HIGH This Week

Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Brocade Fabric Operating System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26451 HIGH This Week

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite Backend
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-38556 HIGH This Week

Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ep 801A Firmware Ep 802A Firmware Ep 901A Firmware Ep 901F Firmware +8
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4011 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3994 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3993 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3900 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3364 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
44.7%
CVE-2023-0632 HIGH This Week

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31926 HIGH This Week

System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Brocade Fabric Operating System
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-3329 MEDIUM This Month

SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Scadawebserver
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-29408 MEDIUM PATCH This Month

The TIFF decoder does not place a limit on the size of compressed tile data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Image Fedora
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-29407 MEDIUM PATCH This Month

A maliciously-crafted image can cause excessive CPU consumption in decoding. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Image Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-23476 MEDIUM This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3401 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3385 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4067 MEDIUM PATCH This Month

The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Bus Ticket Booking With Seat Reservation
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3978 MEDIUM PATCH This Month

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Networking
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-3470 MEDIUM This Month

Specific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +26
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-38138 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +15
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-26316 MEDIUM This Month

A XSS vulnerability exists in the Xiaomi cloud service Application product. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Xiaomi Cloud
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3500 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31928 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Brocade Fabric Operating System
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36858 MEDIUM This Month

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Access Policy Manager Clients Big Ip Access Policy Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-26441 MEDIUM This Month

Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite Office
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31431 MEDIUM This Month

A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Brocade Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31430 MEDIUM This Month

A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Brocade Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31428 MEDIUM This Month

Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

File Upload Brocade Fabric Operating System
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38423 MEDIUM This Month

A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +15
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-26450 MEDIUM This Month

The "OX Count" web service did not specify a media-type when processing responses by external resources. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-26449 MEDIUM This Month

The "OX Chat" web service did not specify a media-type when processing responses by external resources. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-26448 MEDIUM This Month

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26447 MEDIUM This Month

The "upsell" widget for the portal allows to specify a product description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26446 MEDIUM This Month

The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26445 MEDIUM This Month

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite Frontend
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2164 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
63.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy