Skip to main content
CVE-2023-48242 MEDIUM This Month

The vulnerability allows an authenticated remote attacker to download arbitrary files in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nexo Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-48249 MEDIUM This Month

The vulnerability allows an authenticated remote attacker to list arbitrary folders in all paths of the system under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nexo Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-40385 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-42865 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +4
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-42862 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +4
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-6158 MEDIUM PATCH This Month

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-48255 MEDIUM This Month

The vulnerability allows an unauthenticated remote attacker to send malicious network requests containing arbitrary client-side script code and obtain its execution inside a victim’s session via a. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-29444 MEDIUM This Month

An uncontrolled search path element vulnerability (DLL hijacking) has been discovered that could allow a locally authenticated adversary to escalate privileges to SYSTEM. Rated medium severity (CVSS 6.3). No vendor patch available.

RCE Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-41781 MEDIUM This Month

There is a Cross-site scripting (XSS) vulnerability in ZTE MF258. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Zte XSS Mf258 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2023-29447 MEDIUM This Month

An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
5.7
EPSS
0.1%
CVE-2023-42829 MEDIUM This Month

The issue was addressed with additional restrictions on the observability of app states. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-48258 MEDIUM This Month

The vulnerability allows a remote attacker to delete arbitrary files on the file system via a crafted URL or HTTP request through a victim’s session. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

CSRF Nexo Os
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-48577 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-48248 MEDIUM This Month

The vulnerability allows an authenticated remote attacker to upload a malicious file to the SD card containing arbitrary client-side script code and obtain its execution inside a victim’s session via. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-48504 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-32931 MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-41994 MEDIUM This Month

A logic issue was addressed with improved checks This issue is fixed in macOS Sonoma 14. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40430 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-41987 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40411 MEDIUM This Month

This issue was addressed with improved data protection. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42929 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-46710 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-38607 MEDIUM This Month

The issue was addressed with improved handling of caches. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42831 MEDIUM This Month

This issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-41069 MEDIUM This Month

This issue was addressed by improving Face ID anti-spoofing models. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Ipados Iphone Os iOS
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40437 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42872 MEDIUM This Month

The issue was addressed with additional permissions checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Safari Ipados Iphone Os +2
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40438 MEDIUM This Month

An issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-42816 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-28185 MEDIUM This Month

An integer overflow was addressed through improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Apple Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-45793 MEDIUM This Month

Sysmac Studio installs executables in a directory with poor permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Automation Software Sysmac Studio
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-40433 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-32424 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Watchos +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-48783 MEDIUM This Month

An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortiportal
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-48256 MEDIUM This Month

The vulnerability allows a remote attacker to inject arbitrary HTTP response headers or manipulate HTTP response bodies inside a victim’s session via a crafted URL or HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-48261 MEDIUM This Month

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-48260 MEDIUM This Month

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-48259 MEDIUM This Month

The vulnerability allows a remote unauthenticated attacker to read arbitrary content of the results database via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41603 MEDIUM PATCH This Month

D-Link R15 before v1.08.02 was discovered to contain no firewall restrictions for IPv6 traffic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass D-Link R15 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-48247 MEDIUM This Month

The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-48254 MEDIUM This Month

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-48244 MEDIUM This Month

The vulnerability allows a remote attacker to inject and execute arbitrary client-side script code inside a victim’s session via a crafted URL or HTTP request. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Nexo Os
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-42941 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.8). No vendor patch available.

Denial Of Service Apple Ipados Iphone Os iOS
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2022-32919 MEDIUM This Month

The issue was addressed with improved UI handling. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-29446 MEDIUM This Month

An improper input validation vulnerability has been discovered that could allow an adversary to inject a UNC path via a malicious project file. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Code Injection Kepware Kepserverex Thingworx Kepware Server Thingworx Industrial Connectivity
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-37934 MEDIUM This Month

An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiPAM 1.0 all versions allows an authenticated attacker to perform a denial of service attack via sending crafted. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Fortipam
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-42934 MEDIUM This Month

An information disclosure issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os macOS +1
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2023-49619 LOW PATCH Monitor

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.2.0. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Apache Race Condition Information Disclosure Answer
NVD
CVSS 3.1
3.1
EPSS
1.3%
CVE-2023-40394 LOW Monitor

The issue was addressed with improved validation of environment variables. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os iOS
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-28197 LOW Monitor

An access issue was addressed with additional sandbox restrictions. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Information Disclosure macOS
NVD
CVSS 3.1
3.3
EPSS
0.1%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy