Skip to main content
CVE-2023-3629 MEDIUM PATCH This Month

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Grid Jboss Data Grid Jboss Enterprise Application Platform Infinispan
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-3628 MEDIUM PATCH This Month

A flaw was found in Infinispan's REST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jboss Data Grid Jboss Enterprise Application Platform Data Grid Infinispan
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-48762 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.6.13. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jetelements For Elementor Elementor
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-5115 MEDIUM PATCH This Month

An absolute path traversal attack exists in the Ansible automation platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ansible Automation Platform Ansible Inside Ansible Developer Debian Linux
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-6927 MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Keycloak Single Sign On
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-35867 MEDIUM This Month

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Building Integration System Video Engine Bosch Video Management System Video Management System Viewer Configuration Manager +10
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-6908 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kuiper
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.8%
CVE-2022-40312 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform.25.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Givewp
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51384 MEDIUM PATCH This Month

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

SSH Authentication Bypass Openssh Debian Linux
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-49821 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat - WP live chat plugin for WordPress.5.15. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Livechat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49761 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Product Enquiry For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49760 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpsoononlinepage
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49759 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz - WooCommerce Comments.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woodiscuz Woocommerce Comments
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49163 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teachpress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49148 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster - Pros & Cons, Notice, and CTA Blocks for Affiliates.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Affiliate Booster
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48778 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.1.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Product Size Chart For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48773 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce Login Redirect
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48772 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Prevent Landscape Rotation
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-46617 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly - Ad Manager, AdSense Ads & Ads.Txt.Txt: from n/a through 1.8.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Adfoxly
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47806 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login.3.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Disable User Login
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-33214 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox - UGC Galleries, Social Media Widgets, User Reviews & Analytics.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Taggbox
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49854 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy - Smart Side Cart for WooCommerce.9.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Caddy
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49853 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Paytr Taksit Tablosu Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49843 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF First Order Discount Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47741 MEDIUM PATCH This Month

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Db2 Mirror For I
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-28053 MEDIUM This Month

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Networker
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-40691 MEDIUM PATCH This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-6911 MEDIUM PATCH This Month

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-41967 MEDIUM This Month

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Controller 6000 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-48781 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mkrapel Regiones Y Ciudades De Chile Para Wc
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-49763 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Csprite
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-49155 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator - easily Button Builder.3.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Button Generator
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-49153 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Add To Cart Text Changer And Customize Button Add Custom Icon
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48768 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Quantity Plus Minus Button For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48766 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator - Add Animated SVG Easily.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Svgator
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48769 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble - Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Chat Bubble
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48755 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teachpress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47789 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Canada Post Shipping Method
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47787 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Bookings.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce Bookings
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-50372 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Custom Post Type Page Template
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-49844 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Kevin Ohashi WPPerformanceTester.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpperformancetester
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-49840 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Palscode Multi Currency For WooCommerce.5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Multi Currency For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-23584 MEDIUM This Month

An observable response discrepancy in the Gallagher Command Centre RESTAPI allows an insufficiently-privileged user to infer the presence of items that would not otherwise be viewable. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-23576 MEDIUM This Month

Incorrect behavior order in the Command Centre Server could allow privileged users to gain physical access to the site for longer than intended after a network outage when competencies are used in. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-22439 MEDIUM This Month

Improper input validation of a large HTTP request in the Controller 6000 and Controller 7000 optional diagnostic web interface (Port 80) can be used to perform a Denial of Service of the diagnostic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Controller 6000 Firmware Command Centre
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-5056 MEDIUM This Month

A flaw was found in the Skupper operator, which may permit a certain configuration to create a service account that would allow an authenticated attacker in the adjacent cluster to view deployments. Rated medium severity (CVSS 4.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Service Interconnect
NVD
CVSS 3.1
4.1
EPSS
0.3%
CVE-2023-6228 LOW Monitor

An issue was found in the tiffcp utility distributed by the libtiff package where a crafted TIFF file on processing may cause a heap-based buffer overflow leads to an application crash. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Libtiff
NVD
CVSS 3.1
3.3
EPSS
0.4%
CVE-2023-5384 LOW PATCH Monitor

A flaw was found in Infinispan. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Grid Jboss Data Grid Infinispan
NVD
CVSS 3.1
2.7
EPSS
0.5%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy