Skip to main content
CVE-2023-38574 MEDIUM This Month

Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Video Insight
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41317 MEDIUM PATCH This Month

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apollo Router
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-22870 MEDIUM PATCH This Month

IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-4480 MEDIUM This Month

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Phpfusion
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-29261 MEDIUM This Month

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling External Authentication Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32338 MEDIUM This Month

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38569 MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shirasagi
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40705 MEDIUM This Month

Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Video Insight
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40535 MEDIUM This Month

Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Video Insight
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-20897 MEDIUM PATCH This Month

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-41908 MEDIUM PATCH This Month

Cerebrate before 1.15 lacks the Secure attribute for the session cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Cerebrate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy