Skip to main content
CVE-2023-27259 HIGH This Week

Missing authentication in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction of sensitive student and teacher data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-27258 HIGH This Week

Missing authentication in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student and teacher data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-27257 HIGH This Week

Missing authentication in the GetActiveToiletPasses method in IDAttend’s IDWeb application 3.1.052 and earlier allows retrieval of student information by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26580 HIGH This Week

Unauthenticated arbitrary file read in the IDAttend’s IDWeb application 3.1.013 allows the retrieval of any file present on the web server by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26576 HIGH This Week

Missing authentication in the SearchStudentsRFID method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26575 HIGH This Week

Missing authentication in the SearchStudentsStaff method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student and teacher data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26574 HIGH This Week

Missing authentication in the SearchStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26571 HIGH This Week

Missing authentication in the SetStudentNotes method in IDAttend’s IDWeb application 3.1.052 and earlier allows modification of student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26570 HIGH This Week

Missing authentication in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4608 HIGH This Week

An authenticated XCC user with elevated privileges can perform blind SQL injection in limited cases through a crafted API command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx1331 Firmware +54
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2023-46124 HIGH PATCH This Week

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in runtime environments, and the enforcement of privacy regulations in code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Fides
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-5574 HIGH PATCH This Week

A use-after-free flaw was found in xorg-x11-server-Xvfb. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Memory Corruption X Server Enterprise Linux
NVD
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-38041 HIGH This Week

A logged in user may elevate its permissions by abusing a Time-of-Check to Time-of-Use (TOCTOU) race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Secure Access Client
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2023-41989 MEDIUM This Month

The issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-41988 MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-45844 MEDIUM This Month

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-42861 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-42849 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-41983 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-40416 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-5732 MEDIUM This Month

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5727 MEDIUM This Month

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5568 MEDIUM This Month

A heap-based Buffer Overflow flaw was discovered in Samba. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Samba
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-46655 MEDIUM PATCH This Month

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cloudbees Cd
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-46653 MEDIUM PATCH This Month

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Lambdatest Automation
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-46651 MEDIUM PATCH This Month

Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Warnings
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46125 MEDIUM PATCH This Month

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fides
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43508 MEDIUM This Month

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39231 MEDIUM This Month

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pingone Mfa Integration Kit
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-27261 MEDIUM This Month

Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5127 MEDIUM PATCH This Month

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Font Awesome
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-5740 MEDIUM This Month

The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Live Chat With Facebook Messenger
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5110 MEDIUM PATCH This Month

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Bsk Pdf Manager
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5085 MEDIUM PATCH This Month

The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Advanced Menu Widget
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-43510 MEDIUM This Month

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-5758 MEDIUM This Month

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple XSS Firefox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46071 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Proteccion De Datos Rgpd
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46070 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eg Attachments
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45837 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ultimate Taxonomy Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45835 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Libsyn Publisher Hub
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45772 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Proofreading
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45770 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fast Wp Speed
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45769 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Report Post
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-45761 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sendle Shipping
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45759 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Peter S Custom Anti Spam
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45756 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Applyonline Application Form Builder And Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45750 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexter Extension
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45637 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eventprime
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45634 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Copy Or Move Comments
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3010 MEDIUM This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana XSS Worldmap Panel
NVD
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 5 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy