Skip to main content
CVE-2023-44385 HIGH This Week

The Home Assistant Companion for iOS and macOS app up to version 2023.4 are vulnerable to Client-Side Request Forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple CSRF Home Assistant Companion
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-40145 HIGH This Week

In Weintek's cMT3000 HMI Web CGI device, an anonymous attacker can execute arbitrary commands after login to the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cmt Fhd Firmware Cmt Hdm Firmware Cmt3071 Firmware Cmt3072 Firmware +3
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-42435 HIGH This Week

The affected product is vulnerable to a cross-site request forgery vulnerability, which may allow an attacker to perform actions with the permissions of a victim user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dexgate
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41089 HIGH This Week

The affected product is vulnerable to an improper authentication vulnerability, which may allow an attacker to impersonate a legitimate user as long as the device keeps the session active, since the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Dexgate
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-35186 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-35180 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
8.8
EPSS
27.4%
CVE-2023-46229 HIGH PATCH This Week

LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because crawling can proceed from an external server to an internal server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Langchain
NVD GitHub
CVSS 3.1
8.8
EPSS
44.7%
CVE-2023-34441 HIGH This Week

Baker Hughes - Bently Nevada 3500 System TDI Firmware version 5.05 contains a cleartext transmission vulnerability which could allow an attacker to steal the authentication secret from communication. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bentley Nevada 3500 System Firmware
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-41898 HIGH This Week

Home assistant is an open source home automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Google Home Assistant Companion
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5059 HIGH This Week

Santesoft Sante FFT Imaging lacks proper validation of user-supplied data when parsing DICOM files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Fft Imaging
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39431 HIGH This Week

Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35986 HIGH This Week

Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Dicom Viewer Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35183 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Access Rights Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35181 HIGH This Week

The SolarWinds Access Rights Manager was susceptible to Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Access Rights Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45883 HIGH This Week

A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Microsoft Qumu
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-46228 HIGH PATCH This Week

zchunk before 1.3.2 has multiple integer overflows via malformed zchunk files to lib/comp/comp.c, lib/comp/zstd/zstd.c, lib/dl/multipart.c, or lib/header.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Zchunk
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-45823 HIGH PATCH This Week

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Hub
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46227 HIGH PATCH This Week

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.8.0, the attacker can use \t to bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-34437 HIGH This Week

Baker Hughes - Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bentley Nevada 3500 System Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41899 HIGH This Week

Home assistant is an open source home automation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Home Assistant
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-46033 MEDIUM This Month

D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl 2730U Firmware Dsl 2750U Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-35185 MEDIUM This Month

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Access Rights Manager
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2023-41088 MEDIUM This Month

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dexgate
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-5654 MEDIUM PATCH This Month

The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass React Devtools
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-31046 MEDIUM This Month

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-25753 MEDIUM PATCH This Month

There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Shenyu
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-37504 MEDIUM This Month

HCL Compass is vulnerable to failure to invalidate sessions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hcl Compass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36857 MEDIUM This Month

Baker Hughes - Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bentley Nevada 3500 System Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5639 MEDIUM PATCH This Month

The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Team Showcase
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5638 MEDIUM PATCH This Month

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Booster For Woocommerce
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-45821 MEDIUM PATCH This Month

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Docker Hub
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-45819 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-45818 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-40153 MEDIUM This Month

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Dexgate
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45825 MEDIUM PATCH This Month

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ydb Go Sdk
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4645 MEDIUM PATCH This Month

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure WordPress Ad Inserter
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-45822 MEDIUM PATCH This Month

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Hub
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-30633 MEDIUM This Month

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Insydeh2o
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-42666 MEDIUM This Month

The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dexgate
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-34050 MEDIUM This Month

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Deserialization Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2023-45809 LOW PATCH Monitor

Wagtail is an open source content management system built on Django. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Python Wagtail
NVD GitHub
CVSS 3.1
2.7
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy