Skip to main content
CVE-2023-5916 MEDIUM POC This Month

A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dashy
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-5860 HIGH PATCH This Week

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Icons Font Loader
NVD VulDB
CVSS 3.1
7.2
EPSS
5.4%
CVE-2023-39283 HIGH This Week

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31017 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Path Traversal RCE Microsoft +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31016 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service RCE Microsoft Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26455 HIGH This Week

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-46352 HIGH This Week

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Facebookconversiontrackingplus
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46725 HIGH PATCH This Week

FoodCoopShop is open source software for food coops and local shops. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Foodcoopshop
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46695 HIGH PATCH This Week

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Microsoft Django
NVD
CVSS 3.1
7.5
EPSS
49.8%
CVE-2023-31027 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Microsoft Virtual Gpu
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-29047 HIGH This Week

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-5408 HIGH This Week

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31020 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Denial Of Service Authentication Bypass Virtual Gpu
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-31019 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Authentication Bypass Virtual Gpu
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-43087 MEDIUM This Month

Dell PowerScale OneFS 8.2.x, 9.0.0.x-9.5.0.x contains an improper handling of insufficient permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-43076 MEDIUM This Month

Dell PowerScale OneFS 8.2.x,9.0.0.x-9.5.0.x contains a denial-of-service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-29043 MEDIUM This Month

Presentations may contain references to images, which are user-controlled, and could include malicious script code that is being processed when editing a document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-5917 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, has been found in phpBB up to 3.3.10.php of the component Smiley Pack Handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Phpbb
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5910 MEDIUM This Month

A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic.php of the component Web Config. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Popojicms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46327 MEDIUM This Month

Multiple MFPs (multifunction printers) provided by FUJIFILM Business Innovation Corp. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Primelink C9065 Firmware Primelink C9070 Firmware Primelink B9136 Firmware Primelink B9125 Firmware +87
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-39284 MEDIUM This Month

An issue was discovered in IhisiServicesSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31026 MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a NULL-pointer dereference may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Null Pointer Dereference Microsoft Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31023 MEDIUM This Month

NVIDIA Display Driver for Windows contains a vulnerability where an attacker may cause a pointer dereference of an untrusted value, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Microsoft Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31022 MEDIUM This Month

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a NULL-pointer dereference may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Linux Microsoft Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31021 MEDIUM This Month

NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a malicious user in the guest VM can cause a NULL-pointer dereference, which may. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Null Pointer Dereference Microsoft Virtual Gpu
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31018 MEDIUM This Month

NVIDIA GPU Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a NULL-pointer dereference, which may lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Linux Microsoft Null Pointer Dereference +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38473 MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38472 MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38471 MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38470 MEDIUM This Month

A vulnerability was found in Avahi. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38469 MEDIUM This Month

A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Avahi Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3164 MEDIUM This Month

A heap-buffer-overflow vulnerability was found in LibTIFF, in extractImageSection() at tools/tiffcrop.c:7916 and tools/tiffcrop.c:7801. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29045 MEDIUM This Month

Documents operations, in this case "drawing", could be manipulated to contain invalid data types, possibly script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29044 MEDIUM This Month

Documents operations could be manipulated to contain invalid data types, possibly script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Open Xchange Appsuite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26456 MEDIUM This Month

Users were able to set an arbitrary "product name" for OX Guard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Ox Guard
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46595 MEDIUM This Month

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fireflow
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-5035 MEDIUM This Month

A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eds G503 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-4217 MEDIUM This Month

A vulnerability has been identified in PT-G503 Series versions prior to v5.2, where the session cookies attribute is not set properly in the affected application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eds G503 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-5876 MEDIUM This Month

Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Mattermost Denial Of Service Mattermost Desktop
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5875 MEDIUM This Month

Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-5606 MEDIUM PATCH This Month

The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Wpbot
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-29046 MEDIUM This Month

Connections to external data sources, like e-mail autoconfiguration, were not terminated in case they hit a timeout, instead those connections were logged. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Open Xchange Appsuite
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-5920 LOW Monitor

Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Mattermost Information Disclosure Apple Mattermost Desktop
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy