Skip to main content
CVE-2023-34062 HIGH PATCH This Week

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Reactor Netty
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-34982 HIGH This Week

This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Batch Management Communication Drivers Edge Enterprise Licensing +9
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-31100 HIGH This Week

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Securecore Technology
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-6133 MEDIUM PATCH This Month

The Forminator plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient blacklisting on the 'forminator_allowed_mime_types' function in versions up to, and including, 1.27.0. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress Forminator
NVD VulDB
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-43588 MEDIUM This Month

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4889 MEDIUM PATCH This Month

The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shareaholic
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-41699 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server, Micro and Embedded (Servlet Implementation modules) allows Redirect Access to Libraries.0.0 before. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Payara
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48219 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-5987 MEDIUM PATCH This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability that could cause a vulnerability leading to a cross site scripting condition where attackers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ecostruxure Power Monitoring Expert
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5986 MEDIUM This Month

A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect Ecostruxure Power Monitoring Expert
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5676 MEDIUM PATCH This Month

In Eclipse OpenJ9 before version 0.41.0, the JVM can be forced into an infinite busy hang on a spinlock or a segmentation fault if a shutdown signal (SIGTERM, SIGINT or SIGHUP) is received before the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Openj9
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-46672 MEDIUM This Month

An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Logstash
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38544 MEDIUM This Month

A logged in user can modify specific files that may lead to unauthorized changes in system-wide configuration settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Secure Access Client
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-4690 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Elementor Addon Elements Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-4689 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Elementor Addon Elements Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-4723 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.12.7 via the ajax_eae_post_data function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure WordPress Elementor Addon Elements Elementor
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-6032 MEDIUM This Month

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause a file system enumeration and file download when an attacker navigates. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Galaxy Vl Firmware Galaxy Vs Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5984 MEDIUM This Month

A CWE-494 Download of Code Without Integrity Check vulnerability exists that could allow modified firmware to be uploaded when an authorized admin user begins a firmware update procedure which could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ion8650 Firmware Ion8800 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2023-5985 MEDIUM This Month

A CWE-79 Improper Neutralization of Input During Web Page Generation vulnerability exists that could cause compromise of a user’s browser when an attacker with admin privileges has modified system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ion8650 Firmware Ion8800 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5381 MEDIUM PATCH This Month

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.12.7 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor Addon Elements Elementor
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-30954 LOW Monitor

The Gotham video-application-server service contained a race condition which would cause it to not apply certain acls new videos if the source system had not yet initialized. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Video Application Server
NVD
CVSS 3.1
3.7
EPSS
0.3%
CVE-2023-46121 LOW PATCH Monitor

yt-dlp is a youtube-dl fork with additional features and fixes. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Information Disclosure Request Smuggling Yt Dlp
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2023-23549 LOW Monitor

Improper Input Validation in Checkmk <2.2.0p15, <2.1.0p37, <=2.0.0p39 allows priviledged attackers to cause partial denial of service of the UI via too long hostnames. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Checkmk
NVD
CVSS 3.1
2.7
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy