Skip to main content
CVE-2022-46869 HIGH This Week

Local privilege escalation during installation due to improper soft link handling. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Cyber Protect Home Office
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-41743 HIGH This Week

Local privilege escalation due to insecure driver communication port permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Agent Cyber Protect Cyber Protect Home Office
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-41044 LOW POC PATCH Monitor

Graylog is a free and open log management platform. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Docker Graylog
NVD GitHub
CVSS 3.1
3.8
EPSS
0.6%
CVE-2023-41744 HIGH PATCH This Week

Local privilege escalation due to unrestricted loading of unsigned libraries. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Apple Jwt Attack Agent Cyber Protect
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-41749 HIGH This Week

Sensitive information disclosure due to excessive collection of system information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Agent Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41742 HIGH This Week

Excessive attack surface due to binding to an unrestricted IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Agent Cyber Protect
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33835 HIGH PATCH This Week

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Information Queue
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41741 HIGH PATCH This Week

Exposure of sensitive information to an unauthorized actor vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Synology Router Manager
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-20900 HIGH PATCH This Week

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

Information Disclosure VMware Tools Open Vm Tools Fedora +2
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-4654 LOW POC PATCH Monitor

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Instantcms
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-3489 HIGH This Week

The firmwaredownload command on Brocade Fabric OS v9.2.0 could log the FTP/SFTP/SCP server password in clear text in the SupportSave file when performing a downgrade from Fabric OS v9.2.0 to any. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fabric Operating System
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31172 HIGH This Week

An Incomplete Filtering of Special Elements vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
7.4
EPSS
0.3%
CVE-2023-2188 HIGH PATCH This Week

The Colibri Page Builder for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.0.227 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Colibri Page Builder
NVD VulDB
CVSS 3.1
7.2
EPSS
0.3%
CVE-2023-2173 MEDIUM PATCH This Month

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Badgeos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-41747 MEDIUM This Month

Sensitive information disclosure due to unauthenticated path traversal. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Microsoft Cloud Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-31174 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sel 5037 Sel Grid Configurator
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-31171 MEDIUM This Month

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-31170 MEDIUM This Month

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-31168 MEDIUM This Month

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-41739 MEDIUM PATCH This Month

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Synology Router Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-31925 MEDIUM This Month

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4000 MEDIUM PATCH This Month

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Waiting
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-3999 MEDIUM PATCH This Month

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Waiting
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-4315 MEDIUM PATCH This Month

The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wcemails_edit' parameter in versions up to, and including, 2.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Woo Custom Emails
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-4471 MEDIUM PATCH This Month

The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Order Tracking
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-31169 MEDIUM This Month

An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-4688 MEDIUM This Month

Sensitive information leak through log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41751 MEDIUM This Month

Sensitive information disclosure due to improper token expiration validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-41750 MEDIUM This Month

Sensitive information disclosure due to missing authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41745 MEDIUM This Month

Sensitive information disclosure due to excessive collection of system information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Agent Cyber Protect
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-34391 MEDIUM This Month

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sel 5033 Acselerator Real Time Automation Controller
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-31423 MEDIUM This Month

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2171 MEDIUM PATCH This Month

The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Badgeos
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2279 MEDIUM PATCH This Month

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Directory Kit
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-33834 MEDIUM PATCH This Month

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Information Queue
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-41740 MEDIUM PATCH This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Synology Router Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-3404 MEDIUM PATCH This Month

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Profilegrid
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-2354 MEDIUM PATCH This Month

The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Chp Ads Block Detector
NVD VulDB
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-39912 MEDIUM This Month

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
4.9
EPSS
4.0%
CVE-2023-4500 MEDIUM PATCH This Month

The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Order Tracking
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-4160 MEDIUM PATCH This Month

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-4163 MEDIUM This Month

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-4162 MEDIUM This Month

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Fabric Operating System
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-0689 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Information Disclosure WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-4245 MEDIUM PATCH This Month

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-4161 MEDIUM PATCH This Month

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2172 MEDIUM PATCH This Month

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Badgeos
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2352 MEDIUM PATCH This Month

The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Chp Ads Block Detector
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3764 MEDIUM PATCH This Month

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2353 MEDIUM PATCH This Month

The CHP Ads Block Detector plugin for WordPress is vulnerable to unauthorized plugin settings update and reset due to a missing capability check on the chp_abd_action function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Chp Ads Block Detector
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy