Skip to main content
CVE-2023-38497 HIGH PATCH This Week

Cargo downloads the Rust project’s dependencies and compiles the project. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Cargo Fedora
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2023-30297 HIGH This Week

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. Rated high severity (CVSS 7.0). No vendor patch available.

RCE N Central
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-4140 MEDIUM PATCH This Month

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress Privilege Escalation Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-38699 MEDIUM PATCH This Month

MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mindsdb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-38332 MEDIUM This Month

Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2023-38691 MEDIUM PATCH This Month

matrix-appservice-bridge provides an API for setting up bridges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Matrix Appservice Bridge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4135 MEDIUM PATCH This Month

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4002 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-36159 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Lost And Found Information System
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-36138 MEDIUM This Month

PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Cleaning Business Software
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36137 MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Class Scheduling System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38697 MEDIUM PATCH This Month

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Protocol Http1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-38686 MEDIUM PATCH This Month

Sydent is an identity server for the Matrix communications protocol. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Information Disclosure Sydent
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-34038 MEDIUM This Month

VMware Horizon Server contains an information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Horizon Client
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-34037 MEDIUM This Month

VMware Horizon Server contains a HTTP request smuggling vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Request Smuggling Horizon Client
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-36141 MEDIUM This Month

User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cleaning Business Software
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-0264 MEDIUM PATCH This Month

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Keycloak Single Sign On Openshift Container Platform Openshift Container Platform For Ibm Linuxone +1
NVD
CVSS 3.1
5.0
EPSS
1.3%
CVE-2023-39343 MEDIUM PATCH This Month

Sulu is an open-source PHP content management system based on the Symfony framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PHP Sulu
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-38700 LOW PATCH Monitor

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Node.js Information Disclosure Matrix Irc Bridge
NVD GitHub
CVSS 3.1
3.7
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy