Skip to main content
CVE-2023-40352 HIGH This Week

McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Safe Connect
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-4417 MEDIUM This Month

Improper access controls in the entry duplication component in Devolutions Remote Desktop Manager 2023.2.19 and earlier versions on Windows allows an authenticated user, under specific circumstances,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Hashicorp Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4456 MEDIUM This Month

A flaw was found in openshift-logging LokiStack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift Logging
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4303 MEDIUM PATCH This Month

Jenkins Fortify Plugin 22.1.38 and earlier does not escape the error message for a form validation method, resulting in an HTML injection vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Fortify
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3481 MEDIUM PATCH This Month

Critters versions 0.0.17-0.0.19 have an issue when parsing the HTML, which leads to a potential cross-site scripting (XSS) bug. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Critters
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-39543 MEDIUM This Month

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Luxcal Web Calendar
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4459 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in vmxnet3_rq_cleanup in drivers/net/vmxnet3/vmxnet3_drv.c in the networking sub-component in vmxnet3 in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4301 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Fortify
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-40068 MEDIUM This Month

Cross-site scripting vulnerability in Advanced Custom Fields versions 6.1.0 to 6.1.7 and Advanced Custom Fields Pro versions 6.1.0 to 6.1.7 allows a remote authenticated attacker to execute an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Custom Fields
NVD
CVSS 3.1
5.4
EPSS
1.5%
CVE-2023-4302 MEDIUM PATCH This Month

A missing permission check in Jenkins Fortify Plugin 22.1.38 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Fortify
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-39061 LOW Monitor

Cross Site Request Forgery (CSRF) vulnerability in Chamilo v.1.11 thru v.1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF RCE Chamilo
NVD VulDB
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-38158 LOW PATCH Monitor

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
3.1
EPSS
1.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy