Skip to main content
CVE-2023-39936 HIGH This Week

In Ashlar-Vellum Graphite v13.0.48, the affected application lacks proper validation of user-supplied data when parsing VC6 files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Graphite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39427 HIGH This Week

In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share v12 SP0 Build (1204.77), the affected applications lack proper validation of user-supplied data when parsing XE files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cobalt Graphite +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5623 HIGH PATCH This Week

NNM failed to properly set ACLs on its installation directory, which could allow a low privileged user to run arbitrary code with SYSTEM privileges where NNM is installed to a non-standard location. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Nessus Network Monitor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33558 HIGH PATCH This Week

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Ocomon
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46662 HIGH This Week

Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31419 HIGH PATCH This Week

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Denial Of Service Elastic Elasticsearch
NVD
CVSS 3.1
7.5
EPSS
60.7%
CVE-2023-31418 HIGH PATCH This Week

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Denial Of Service Elasticsearch Elastic Cloud Enterprise
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-46234 HIGH PATCH This Week

browserify-sign is a package to duplicate the functionality of node's crypto public key functions, much of this is based on Fedor Indutny's work on indutny/tls.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Browserify Sign Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31421 HIGH This Week

It was discovered that when acting as TLS clients, Beats, Elastic Agent, APM Server, and Fleet Server did not verify whether the server certificate is valid for the target IP address; however,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Beats Elastic Agent Apm Server +1
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31422 HIGH This Week

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46345 HIGH This Week

Catdoc v0.95 was discovered to contain a NULL pointer dereference via the component xls2csv at src/xlsparse.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Catdoc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-43905 HIGH This Week

Incorrect access control in writercms v1.1.0 allows attackers to directly obtain backend account passwords via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Writercms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-30967 HIGH This Week

Gotham Orbital-Simulator service prior to 0.692.0 was found to be vulnerable to a Path traversal issue allowing an unauthenticated user to read arbitrary files on the file system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Orbital Simulator
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5624 HIGH PATCH This Week

Under certain conditions, Nessus Network Monitor was found to not properly enforce input validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Nessus Network Monitor
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-46666 MEDIUM This Month

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Microsoft Python Authentication Bypass Elastic Sharepoint Online Python Connector
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-45228 MEDIUM This Month

The application suffers from improper access control when editing users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Analog Fm Transmitter Exc5000Gx Firmware Analog Fm Transmitter Exc120Gx Firmware Analog Fm Transmitter Exc300Gx Firmware Analog Fm Transmitter Exc1600Gx Firmware +11
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-30969 MEDIUM This Month

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tiles
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-46090 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wdsocialwidgets
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41096 MEDIUM This Month

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emberznet Sdk
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-46094 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS WordPress Google Analytics Integration For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46081 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lava Directory Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46077 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS The Awesome Feed
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46076 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Pdf Invoice Builder
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46075 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contact Form Builder
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46074 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Freshmail For Wordpress
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46072 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Add Shortcodes Actions And Filters
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46753 MEDIUM PATCH This Month

An issue was discovered in FRRouting FRR through 9.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Frrouting
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2023-46752 MEDIUM PATCH This Month

An issue was discovered in FRRouting FRR through 9.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2023-46238 MEDIUM PATCH This Month

ZITADEL is an identity infrastructure management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zitadel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30492 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Minimum Purchase For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-31416 MEDIUM This Month

Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Elastic Cloud On Kubernetes
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-46754 MEDIUM This Month

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Admin
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-38328 MEDIUM This Month

An issue was discovered in eGroupWare 17.1.20190111. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Egroupware
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-46088 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Full Stripe Free
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-32116 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Custom Post Types
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-31417 MEDIUM PATCH This Month

Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
4.4
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy