Skip to main content
CVE-2023-38762 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38760 HIGH This Week

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2423 HIGH This Week

A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Armor Powerflex Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24698 HIGH PATCH This Week

Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Foswiki
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39269 HIGH This Week

A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruggedcom Ros
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-37373 HIGH This Week

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ruggedcom Crossbow
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28555 HIGH This Week

Transient DOS in Audio while remapping channel buffer in media codec decoding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Wcn3991 Firmware Wcn3998 Firmware Wcn6750 Firmware +67
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-21625 HIGH This Week

Information disclosure in Network Services due to buffer over-read while the device receives DNS response. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apq8009 Firmware Apq8017 Firmware Apq8037 Firmware +43
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-37486 HIGH This Week

Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Commerce Cloud Commerce Hycom
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33993 HIGH This Week

B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

SAP SQLi Business One
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-38531 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38530 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38529 HIGH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38528 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38527 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38526 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38525 HIGH PATCH This Week

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated high severity (CVSS 7.3), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Parasolid Teamcenter Visualization
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2023-38167 HIGH PATCH This Week

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Dynamics 365 Business Central
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-4009 HIGH This Week

In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ops Manager Server
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-36876 HIGH PATCH This Week

Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Information Disclosure Windows Server 2008
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-21652 HIGH This Week

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +116
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-21626 HIGH This Week

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apq8009 Firmware Apq8017 Firmware Apq8037 Firmware Aqt1000 Firmware +181
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-38176 HIGH PATCH This Week

Azure Arc-Enabled Servers Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Microsoft Azure Arc Enabled Servers
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-35378 HIGH PATCH This Week

Windows Projected File System Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0).

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-28576 HIGH PATCH This Week

The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. Rated high severity (CVSS 7.0).

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6391 Firmware +26
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-20589 MEDIUM This Month

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ryzen 5 Pro 3400G Firmware Ryzen 5 3400G Firmware Ryzen 5 Pro 3400Ge Firmware Ryzen 5 Pro 3350G Firmware +118
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-39209 MEDIUM This Month

Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Zoom
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38254 MEDIUM PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-36909 MEDIUM PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-36908 MEDIUM PATCH This Month

Windows Hyper-V Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-36894 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2023-36893 MEDIUM PATCH This Month

Microsoft Outlook Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-36890 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-36535 MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-35389 MEDIUM PATCH This Month

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

RCE XXE Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35384 MEDIUM PATCH This Month

Windows HTML Platforms Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35377 MEDIUM PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-35376 MEDIUM PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-38763 MEDIUM This Month

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36136 MEDIUM This Month

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Class Scheduling System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-21647 MEDIUM PATCH This Month

Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Qca6390 Firmware Qca6391 Firmware Qca6426 Firmware Qca6436 Firmware +39
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-37492 MEDIUM This Month

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-36869 MEDIUM PATCH This Month

Azure DevOps Server Spoofing Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Devops Server
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2023-3652 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Ant
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-38761 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS Churchcrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-38384 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easync
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-27627 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Email Report
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24413 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Vertical Image Slider
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24409 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Responsive Tabs Horizontal Vertical And Accordion Tabs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32503 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Gtmetrix
NVD
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy