Skip to main content
CVE-2023-4355 HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
26.8%
CVE-2023-4354 HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-4353 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-4352 HIGH This Week

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4351 HIGH This Week

Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4349 HIGH This Week

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2312 HIGH This Week

Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32006 HIGH This Week

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Node Js Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-32004 HIGH This Week

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js Fedora
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-39841 MEDIUM POC This Month

Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 3 In 1 Smart Door Lock Firmware
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2023-39438 HIGH This Week

A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Contributor License Agreement Assistant
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-38401 HIGH This Week

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Aruba Aruba Virtual Intranet Access
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-4343 HIGH This Week

Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4339 HIGH This Week

Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4335 HIGH This Week

Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Broadcom Authentication Bypass Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4334 HIGH This Week

Broadcom RAID Controller Web server (nginx) is serving private files without any authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Broadcom Authentication Bypass Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4332 HIGH This Week

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4331 HIGH This Week

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-4326 HIGH This Week

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-38402 HIGH This Week

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aruba Microsoft Aruba Virtual Intranet Access
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-20564 MEDIUM This Month

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Ryzen Master Ryzen Master Monitoring Sdk
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-4367 MEDIUM This Month

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4350 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-4345 MEDIUM This Month

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Broadcom Authentication Bypass Raid Controller Web Interface
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-39843 LOW POC Monitor

Missing encryption in the RFID tag of Suleve 5-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 5 In 1 Smart Door Lock Firmware
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2023-39842 LOW POC Monitor

Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dg Hamb Smart Home Security System Firmware
NVD
CVSS 3.1
2.4
EPSS
0.1%
CVE-2023-4371 MEDIUM This Month

A vulnerability was found in phpRecDB 1.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phprecdb
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30747 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Easy Duplicate Product
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30498 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Vimeotheque
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4333 MEDIUM This Month

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-4328 MEDIUM This Month

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Broadcom Microsoft Raid Controller Web Interface
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-4327 MEDIUM This Month

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-38840 MEDIUM PATCH This Month

Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Bitwarden
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-24478 MEDIUM PATCH This Month

Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Quartus Prime
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30778 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Powerpress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-4308 MEDIUM PATCH This Month

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS User Submitted Posts
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4361 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-4359 MEDIUM This Month

Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Chrome Debian Linux +1
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-40027 MEDIUM PATCH This Month

Keystone is an open source headless CMS for Node.js - built with GraphQL and React. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Node.js Authentication Bypass Keystone
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32003 MEDIUM This Month

`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js Fedora
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-20560 MEDIUM This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Amd Denial Of Service Microsoft Ryzen Master Ryzen Master Monitoring Sdk
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-4365 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4364 MEDIUM This Month

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4363 MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4360 MEDIUM This Month

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy