Skip to main content
CVE-2023-41752 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Traffic Server.0.0 through 8.1.8, from 9.0.0 through 9.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Fedora
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-39456 HIGH This Week

Improper Input Validation vulnerability in Apache Traffic Server with malformed HTTP/2 frames.0.0 through 9.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Traffic Server Fedora
NVD
CVSS 3.1
7.5
EPSS
53.5%
CVE-2023-4215 HIGH This Week

Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40373 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to denial of service with a specially crafted query containing common table expressions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40372 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted SQL statement using External Tables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-4399 HIGH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Grafana Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-45659 LOW POC PATCH Monitor

Engelsystem is a shift planning system for chaos events. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Engelsystem
NVD GitHub
CVSS 3.1
2.8
EPSS
0.2%
CVE-2023-43776 MEDIUM This Month

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easy Box E4 Ac1 Firmware Easy Box E4 Dc1 Firmware Easy Box E4 Uc1 Firmware Easy E4 Ac 12Rc1P Firmware +18
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-41712 MEDIUM This Month

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-41711 MEDIUM This Month

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicwall Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39280 MEDIUM This Month

SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39279 MEDIUM This Month

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39278 MEDIUM This Month

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39277 MEDIUM This Month

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39276 MEDIUM This Month

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22118 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Flexcube Universal Banking
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22106 MEDIUM PATCH This Month

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Enterprise Command Center Framework
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22095 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-22093 MEDIUM PATCH This Month

Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass E Business Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-22090 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Events & Notifications). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cost Center Common Application Objects
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22079 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-22059 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-4896 MEDIUM This Month

A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Airwave
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-43777 MEDIUM This Month

Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Easysoft
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-45357 MEDIUM This Month

Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-34208 MEDIUM This Month

Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mailhunter Ultimate
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22074 LOW POC PATCH Monitor

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Oracle Denial Of Service Database Server
NVD
CVSS 3.1
2.4
EPSS
0.9%
CVE-2023-22127 MEDIUM PATCH This Month

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Outside In Technology
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-45152 LOW POC PATCH Monitor

Engelsystem is a shift planning system for chaos events. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. Public exploit code available.

SSRF Engelsystem
NVD GitHub
CVSS 3.1
2.3
EPSS
0.3%
CVE-2023-3042 MEDIUM This Month

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Dotcms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22107 MEDIUM PATCH This Month

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: UI Components). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Enterprise Command Center Framework
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22080 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22076 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass E Business Suite
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22029 MEDIUM PATCH This Month

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Commerce Guided Search
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45007 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fotomoto
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45006 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wooodt Lite
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45004 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Woo Custom Emails
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45003 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Social Feed
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45005 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Seriously Simple Stats
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-44311 MEDIUM PATCH This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-42497 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22130 MEDIUM PATCH This Month

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service Sun Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-22122 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Oracle Denial Of Service Authentication Bypass Banking Trade Finance
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-22119 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Oracle Denial Of Service Authentication Bypass Flexcube Universal Banking
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-22071 MEDIUM PATCH This Month

Vulnerability in the PL/SQL component of Oracle Database Server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Database Server
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-22129 MEDIUM PATCH This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Oracle Denial Of Service Solaris
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5339 MEDIUM This Month

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-22125 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Trade Finance
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22124 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Trade Finance
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22123 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Trade Finance
NVD
CVSS 3.1
5.4
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy