Skip to main content
CVE-2023-27854 HIGH This Week

An arbitrary code execution vulnerability was reported to Rockwell Automation in Arena Simulation that could potentially allow a malicious user to commit unauthorized arbitrary code to the software. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Rockwell Arena
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-44219 HIGH This Week

A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sonicwall Directory Services Connector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34057 HIGH This Week

VMware Tools contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Tools
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5443 HIGH This Week

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Invoice
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-5570 HIGH This Week

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Inohom Home Manager Gateway allows Account Footprinting.1.27.12. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home Manager Gateway
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-46852 HIGH PATCH This Week

In Memcached before 1.6.22, a buffer overflow exists when processing multiget requests in proxy mode, if there are many spaces after the "get" substring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Memcached
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46289 HIGH This Week

Rockwell Automation FactoryTalk View Site Edition insufficiently validates user input, which could potentially allow threat actors to send malicious data bringing the product offline. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk View
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34058 HIGH PATCH This Week

VMware Tools contains a SAML token signature bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required.

VMware Jwt Attack Authentication Bypass Open Vm Tools Debian Linux +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-44220 HIGH This Week

SonicWall NetExtender Windows (32-bit and 64-bit) client 10.2.336 and earlier versions have a DLL Search Order Hijacking vulnerability in the start-up DLL component. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sonicwall Netextender
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-40131 HIGH PATCH This Week

In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. Rated high severity (CVSS 7.0).

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2023-34059 HIGH PATCH This Week

open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. Rated high severity (CVSS 7.0).

Information Disclosure VMware Open Vm Tools Debian Linux
NVD
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-46813 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel
NVD
CVSS 3.1
7.0
EPSS
0.7%
CVE-2023-5821 MEDIUM This Month

The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Thumbnail Carousel Slider
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5705 MEDIUM PATCH This Month

The VK Filter Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vk_filter_search' shortcode in all versions up to, and including, 2.3.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Vk Filter Search
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5051 MEDIUM PATCH This Month

The CallRail Phone Call Tracking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callrail_form' shortcode in versions up to, and including, 0.5.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Callrail Phone Call Tracking
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46209 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Grid Plus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46208 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-29009 MEDIUM PATCH This Month

baserCMS is a website development framework with WebAPI that runs on PHP8 and CakePHP4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Basercms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46194 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Archivist Custom Archive Templates
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46153 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Userfeedback
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40139 MEDIUM PATCH This Month

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40133 MEDIUM PATCH This Month

In multiple locations of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-40123 MEDIUM PATCH This Month

In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40121 MEDIUM PATCH This Month

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

SQLi Information Disclosure Deserialization Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46407 MEDIUM PATCH This Month

FFmpeg prior to commit bf814 was discovered to contain an out of bounds read via the dist->alphabet_size variable in the read_vlc_prefix() function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Ffmpeg
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46211 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ultimate Addons For Wpbakery Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46200 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Smart App Banner
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-32738 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eonet Manual User Approve
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46199 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Triberr
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46192 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Internal Link Building
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46093 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webmaster Tools
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-46091 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Category Seo Meta Tags
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40138 LOW PATCH Monitor

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-40137 LOW PATCH Monitor

In multiple functions of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-40136 LOW PATCH Monitor

In setHeader of DialogFillUi.java, there is a possible way to view another user's images due to a confused deputy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-40135 LOW PATCH Monitor

In applyCustomDescription of SaveUi.java, there is a possible way to view another user's images due to a confused deputy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-40134 LOW PATCH Monitor

In isFullScreen of FillUi.java, there is a possible way to view another user's images due to a confused deputy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-40127 LOW PATCH Monitor

In multiple locations, there is a possible way to access screenshots due to a confused deputy. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy