Skip to main content
CVE-2023-35624 HIGH PATCH This Week

Azure Connected Machine Agent Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Microsoft Azure Connected Machine Agent
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-49580 HIGH This Week

SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Microsoft Graphical User Interface
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2023-48428 HIGH PATCH This Week

A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 2). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Sinec Ins
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-6542 HIGH This Week

Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Emarsys Sdk
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-35629 MEDIUM PATCH This Month

Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Microsoft Windows 10 1507 +2
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-49695 MEDIUM This Month

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc X3000Gsn Firmware Wrc X3000Gs Firmware Wrc X3000Gsa Firmware
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-42476 MEDIUM This Month

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Businessobjects Web Intelligence
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-41337 MEDIUM PATCH This Month

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Code Injection Jwt Attack H2O
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-49692 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens 6Gk6108 4Am00 2Ba2 Firmware 6Gk6108 4Am00 2Da2 Firmware 6Gk5804 0Ap00 2Aa2 Firmware +17
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2023-49691 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens 6Gk6108 4Am00 2Ba2 Firmware 6Gk6108 4Am00 2Da2 Firmware 6Gk5804 0Ap00 2Aa2 Firmware +17
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2023-6687 MEDIUM This Month

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Agent
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49922 MEDIUM PATCH This Month

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Beats
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49089 MEDIUM PATCH This Month

Umbraco is an ASP.NET content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Umbraco Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49923 MEDIUM This Month

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Enterprise Search
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35642 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-35636 MEDIUM PATCH This Month

Microsoft Outlook Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.5
EPSS
17.6%
CVE-2023-4421 MEDIUM This Month

The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Nss
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-50495 MEDIUM PATCH This Month

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ncurse
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-49809 MEDIUM This Month

Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41120 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-41115 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41114 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5536 MEDIUM This Month

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Ubuntu Ubuntu Linux
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-49587 MEDIUM This Month

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Command Injection Solution Manager
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-42914 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-48313 MEDIUM PATCH This Month

Umbraco is an ASP.NET content management system (CMS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Umbraco Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46282 MEDIUM PATCH This Month

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions <. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Opcenter Quality Simatic Pcs Neo Sinumerik Integrate Runmyhmi Automotive Totally Integrated Automation Portal
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4958 MEDIUM PATCH This Month

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat XSS Advanced Cluster Security
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49577 MEDIUM This Month

The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Human Capital Management
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-42479 MEDIUM This Month

An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Biller Direct
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36009 MEDIUM PATCH This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35635 MEDIUM PATCH This Month

Windows Kernel Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 11 22h2 +1
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-42932 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42924 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42922 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42919 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42900 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42898 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-42894 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42891 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42884 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42883 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-6710 MEDIUM POC This Month

A flaw was found in the mod_proxy_cluster in the Apache server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Mod Proxy Cluster Enterprise Linux
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.2%
CVE-2023-49279 MEDIUM PATCH This Month

Umbraco is an ASP.NET content management system (CMS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Umbraco Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49273 MEDIUM PATCH This Month

Umbraco is an ASP.NET content management system (CMS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Umbraco Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36020 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-38694 MEDIUM PATCH This Month

Umbraco is an ASP.NET content management system (CMS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Umbraco Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4932 MEDIUM This Month

SAS application is vulnerable to Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Integration Technologies
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-6547 MEDIUM This Month

Mattermost fails to validate team membership when a user attempts to access a playbook, allowing a user with permissions to a playbook but no permissions to the team the playbook is on to access and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-48642 MEDIUM This Month

Archer Platform 6.x before 6.13 P2 (6.13.0.2) contains an authenticated HTML content injection vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.5%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy