Skip to main content
CVE-2023-5879 MEDIUM This Month

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Aladdin Connect Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-5138 MEDIUM This Month

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Gecko Software Development Kit
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2023-41776 MEDIUM This Month

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. Rated medium severity (CVSS 6.7). No vendor patch available.

Zte Privilege Escalation Zxcloud Irai
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-6540 MEDIUM This Month

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Google Code Injection Browser Hd +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-30617 MEDIUM PATCH This Month

Kruise provides automated management of large-scale applications on Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Privilege Escalation Kruise
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46740 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cubefs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46738 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Cubefs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46739 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cubefs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-6747 MEDIUM This Month

The Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-6986 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Google
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-41780 MEDIUM This Month

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Rated medium severity (CVSS 6.4). No vendor patch available.

Zte Path Traversal Zxcloud Irai
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2023-6629 MEDIUM PATCH This Month

The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6981 MEDIUM PATCH This Month

The WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress SQLi
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-50344 MEDIUM This Month

HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dryice Myxalytics
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0201 MEDIUM This Month

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-6984 MEDIUM PATCH This Month

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Elementor
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-6004 MEDIUM This Month

A flaw was found in libssh. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Libssh Fedora Enterprise Linux
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-46742 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity.

Information Disclosure Cubefs
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2023-46741 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cubefs
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2023-52302 MEDIUM PATCH This Month

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52312 MEDIUM PATCH This Month

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52303 MEDIUM PATCH This Month

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38676 MEDIUM PATCH This Month

Nullptr in paddle.dot in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52313 MEDIUM PATCH This Month

FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52308 MEDIUM PATCH This Month

FPE in paddle.amin in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52306 MEDIUM PATCH This Month

FPE in paddle.lerp in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52305 MEDIUM PATCH This Month

FPE in paddle.topk in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38677 MEDIUM PATCH This Month

FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38675 MEDIUM PATCH This Month

FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38674 MEDIUM PATCH This Month

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38678 MEDIUM PATCH This Month

OOB access in paddle.mode in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-41779 MEDIUM This Month

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. Rated medium severity (CVSS 4.4). No vendor patch available.

Zte Buffer Overflow Zxcloud Irai
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-7068 MEDIUM PATCH This Month

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-6980 MEDIUM PATCH This Month

The WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-41783 MEDIUM This Month

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Command Injection RCE Code Injection Zxcloud Irai
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-50345 LOW Monitor

HCL DRYiCE MyXalytics is impacted by an Open Redirect vulnerability which could allow an attacker to redirect users to malicious sites, potentially leading to phishing attacks or other security. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Dryice Myxalytics
NVD
CVSS 3.1
3.7
EPSS
0.2%
CVE-2023-50348 LOW Monitor

HCL DRYiCE MyXalytics is impacted by an improper error handling vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Dryice Myxalytics
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2023-50346 LOW Monitor

HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Dryice Myxalytics
NVD
CVSS 3.1
3.1
EPSS
0.2%
CVE-2024-21634 HIGH PATCH This Month

Amazon Ion is a Java implementation of the Ion data notation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Java Ion
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-21631 MEDIUM PATCH This Month

Vapor is an HTTP web framework for Swift. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Vapor
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-21622 MEDIUM PATCH This Month

Craft is a content management system. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0217 LOW PATCH Monitor

A use-after-free flaw was found in PackageKitd. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Packagekit Enterprise Linux +1
NVD GitHub
CVSS 3.1
3.3
EPSS
0.0%
CVE-2024-0211 HIGH POC This Month

DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0210 HIGH POC This Month

Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-0209 HIGH POC This Month

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Wireshark
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-0208 HIGH POC This Month

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-0207 HIGH POC This Month

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Wireshark
NVD
CVSS 3.1
7.8
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy