Skip to main content
CVE-2023-46303 HIGH POC This Week

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Calibre
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-46298 HIGH POC PATCH This Week

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-46095 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smooth Scroll Links
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46089 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Userback
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46085 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Ultimate Review
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46317 HIGH PATCH This Week

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Knot Resolver
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46315 HIGH PATCH This Week

The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Stable Diffusion Webui Infinite Image Browsing
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38276 HIGH PATCH This Week

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Dashboards On Cloud Pak For Data
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38275 HIGH PATCH This Week

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Dashboards On Cloud Pak For Data
NVD
CVSS 3.1
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy