Skip to main content
CVE-2023-42487 HIGH This Week

Soundminer - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Soundminer
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-41332 LOW POC PATCH Monitor

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cilium
NVD GitHub
CVSS 3.1
3.5
EPSS
0.4%
CVE-2023-41309 HIGH This Week

Permission control vulnerability in the MediaPlaybackController module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41308 HIGH This Week

Screenshot vulnerability in the input module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41307 HIGH This Week

Memory overwriting vulnerability in the security module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41305 HIGH This Week

Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40407 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-3223 HIGH PATCH This Week

A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Undertow Openshift Container Platform Openshift Container Platform For Ibm Linuxone Openshift Container Platform For Power +3
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-5170 HIGH This Week

In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2023-40219 HIGH This Week

Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Welcart E Commerce
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-40046 HIGH This Week

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ws Ftp Server
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-39377 HIGH This Week

SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Siberiancms
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-43124 HIGH This Week

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Access Policy Manager Client
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-40454 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-40452 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-4003 MEDIUM This Month

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Password Manager
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-34043 MEDIUM PATCH This Month

VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20109 MEDIUM KEV THREAT This Month

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Cisco +3
NVD
CVSS 3.1
6.6
EPSS
2.3%
CVE-2023-5197 MEDIUM PATCH This Month

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Debian Linux +1
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2023-42822 MEDIUM PATCH This Month

xrdp is an open source remote desktop protocol server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Debian Xrdp Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20202 MEDIUM This Month

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-5171 MEDIUM PATCH This Month

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +4
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5169 MEDIUM PATCH This Month

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +3
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-44161 MEDIUM This Month

Sensitive information manipulation due to cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Cyber Protect
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-44160 MEDIUM This Month

Sensitive information manipulation due to cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Cyber Protect
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-41321 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-40441 MEDIUM This Month

A resource exhaustion issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-40420 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-40403 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-40048 MEDIUM This Month

In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ws Ftp Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39376 MEDIUM This Month

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siberiancms
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39233 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-23958 MEDIUM This Month

Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Protection Engine
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5161 MEDIUM PATCH This Month

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Modal Window
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5162 MEDIUM PATCH This Month

The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Options For Twenty Seventeen
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-44121 MEDIUM This Month

The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-4505 LOW POC Monitor

The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Staff Employee Business Directory For Active Directory
NVD VulDB
CVSS 3.1
2.2
EPSS
0.5%
CVE-2023-4506 LOW POC Monitor

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. Rated low severity (CVSS 2.2), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
2.2
EPSS
0.4%
CVE-2023-43233 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yzncms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-4523 MEDIUM This Month

Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 460 Series Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-43614 MEDIUM This Month

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-43484 MEDIUM This Month

Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-41962 MEDIUM This Month

Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-41861 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Restrict
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41860 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Travelmap
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41653 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sermon E Sermons Online
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41238 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Social Media Share Buttons Social Sharing Icons
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41237 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arya Multipurpose Theme
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41236 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Happy Addons For Elementor
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41235 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Everest News
NVD
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 4 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy