Uncategorized CVEs — 2023 (Page 5/24)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2023-10-17

Medium

CVE-2023-22117

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 12.3, 12.4, 14.0-14.3 a…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-22115

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22114

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allows high priv…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22112

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high priv…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22111

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22110

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high priv…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22109

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Dashboards). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0…

CVSS: 4.6CWE: N/A

High

CVE-2023-22108

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabili…

CVSS: 7.5CWE: N/A

Medium

CVE-2023-22107

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: UI Components). Supported versions that are affected are ECC: 8, 9 and 10. Easily expl…

CVSS: 6.1CWE: N/A

Medium

CVE-2023-22106

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: API). Supported versions that are affected are ECC: 8, 9 and 10. Easily exploitable vu…

CVSS: 6.5CWE: N/A

Medium

CVE-2023-22105

Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-22104

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged atta…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22103

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Easily exploitable vulnerability allow…

CVSS: 4.9CWE: N/A

High

CVE-2023-22100

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.12. Easily exploitable vulnerability allows high p…

CVSS: 7.9CWE: N/A

High

CVE-2023-22098

CVSS: 8.2CWE: N/A

Medium

CVE-2023-22097

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22096

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows low privileged attacker…

CVSS: 4.3CWE: N/A

Medium

CVE-2023-22095

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). The supported version that is affected is 8.1.0. Easily exploitable vulnerability allows low privileged att…

CVSS: 6.5CWE: N/A

High

CVE-2023-22094

Vulnerability in the MySQL Installer product of Oracle MySQL (component: Installer: General). Supported versions that are affected are Prior to 1.6.8. Easily exploitable vulnerability allows low pri…

CVSS: 7.9CWE: N/A

Medium

CVE-2023-22093

Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerab…

CVSS: 6.5CWE: N/A

Medium

CVE-2023-22092

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22091

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.…

CVSS: 4.8CWE: N/A

Medium

CVE-2023-22090

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Events & Notifications). The supported version that is affected is 9.2. Easily expl…

CVSS: 6.5CWE: N/A

Critical

CVE-2023-22089

CVSS: 9.8CWE: N/A

Medium

CVE-2023-22088

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: User Management). Supported versions that are affected are 7.4.0 and…

CVSS: 4.3CWE: N/A

High

CVE-2023-22085

Vulnerability in the Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Opera). The supported version that is affected is 5.6. Easily exploitable vulnerabi…

CVSS: 8.8CWE: N/A

Medium

CVE-2023-22084

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.43 and prior, 8.0.34 and prior and 8.1.0. Easily exploitable vulnerabilit…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22083

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications (component: Web UI). Supported versions that are affected are 9.0-9.2. Easily exploitable vulnerabil…

CVSS: 4.3CWE: N/A

Medium

CVE-2023-22082

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exp…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-22081

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8…

CVSS: 5.3CWE: N/A

Medium

CVE-2023-22080

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vuln…

CVSS: 6.1CWE: N/A

Medium

CVE-2023-22079

CVSS: 6.5CWE: N/A

Medium

CVE-2023-22078

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22077

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allow…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22076

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulner…

CVSS: 6.1CWE: N/A

Low

CVE-2023-22075

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high p…

CVSS: 2.4CWE: N/A

Low

CVE-2023-22074

CVSS: 2.4CWE: N/A

Medium

CVE-2023-22073

Vulnerability in the Oracle Notification Server component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows unau…

CVSS: 4.3CWE: N/A

Medium

CVE-2023-22071

Vulnerability in the PL/SQL component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker…

CVSS: 5.9CWE: N/A

Medium

CVE-2023-22070

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22068

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22066

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22065

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22064

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22059

CVSS: 6.5CWE: N/A

Medium

CVE-2023-22032

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22029

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). The supported version that is affected is 11.3.2. Easily exploitable vulnerability allows unaut…

CVSS: 6.1CWE: N/A

Medium

CVE-2023-22028

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.43 and prior and 8.0.31 and prior. Easily exploitable vulnerab…

CVSS: 4.9CWE: N/A

Medium

CVE-2023-22026

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.42 and prior and 8.0.31 and prior. Easily exploitable vulnerab…

CVSS: 4.9CWE: N/A

Low

CVE-2023-22025

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java S…

CVSS: 3.7CWE: N/A

Medium

CVE-2023-22015

CVSS: 4.9CWE: N/A

Medium

CVE-2023-4896

A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the att…

CVSS: 6.8CWE: N/A

2023-10-16

Medium

CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on a…

CVSS: 5.3CWE: N/A

Medium

CVE-2023-5177

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode.

CVSS: 5.3CWE: N/A

Medium

CVE-2023-5167

The User Activity Log Pro WordPress plugin before 2.3.4 does not properly escape recorded User-Agents in the user activity logs dashboard, which may allow visitors to conduct Stored Cross-Site Script…

CVSS: 5.4CWE: N/A

High

CVE-2023-5133

This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the s…

CVSS: 7.5CWE: N/A

Medium

CVE-2023-5089

The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page…

CVSS: 5.3CWE: N/A

Medium

CVE-2023-5087

The Page Builder: Pagelayer WordPress plugin before 1.7.8 doesn't prevent attackers with author privileges and higher from inserting malicious JavaScript inside a post's header or footer code.

CVSS: 5.4CWE: N/A

Medium

CVE-2023-5057

The ActivityPub WordPress plugin before 1.0.0 does not escape user metadata before outputting them in mentions, which could allow users with a role of Contributor and above to perform Stored XSS atta…

CVSS: 5.4CWE: N/A

High

CVE-2023-5003

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.10 stores sensitive LDAP logs in a buffer file when an administrator wants to export said logs. Unfortunately, this log…

CVSS: 7.5CWE: N/A

Medium

CVE-2023-4950

The Interactive Contact Form and Multi Step Form Builder WordPress plugin before 3.4 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Script…

CVSS: 6.1CWE: N/A

Medium

CVE-2023-4862

The File Manager Pro WordPress plugin before 1.8.1 does not adequately validate and escape some inputs, leading to XSS by high-privilege users.

CVSS: 4.8CWE: N/A

High

CVE-2023-4861

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as…

CVSS: 7.2CWE: N/A

Medium

CVE-2023-4821

The Drag and Drop Multiple File Upload for WooCommerce WordPress plugin before 1.1.1 does not filter all potentially dangerous file extensions. Therefore, an attacker can upload unsafe .shtml or .svg…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-4820

The PowerPress Podcasting plugin by Blubrry WordPress plugin before 11.0.12 does not sanitize and escape the media url field in posts, which could allow users with privileges as low as contributor to…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-4819

The Shared Files WordPress plugin before 1.7.6 does not return the right Content-Type header for the specified uploaded file. Therefore, an attacker can upload an allowed file extension injected with…

CVSS: 6.1CWE: N/A

Medium

CVE-2023-4811

The WordPress File Upload WordPress plugin before 4.23.3 does not sanitise and escape some of its settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Sc…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-4805

The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-4800

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users.

CVSS: 6.5CWE: N/A

Medium

CVE-2023-4798

The User Avatar WordPress plugin before 1.2.2 does not properly sanitize and escape certain of its shortcodes attributes, which could allow relatively low-privileged users like contributors to conduc…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-4795

The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a ro…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-4783

The Magee Shortcodes WordPress plugin through 2.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-4725

The Simple Posts Ticker WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…

CVSS: 4.8CWE: N/A

High

CVE-2023-4691

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploi…

CVSS: 7.2CWE: N/A

Medium

CVE-2023-4687

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts.

CVSS: 6.1CWE: N/A

Critical

CVE-2023-4666

The Form Maker by 10Web WordPress plugin before 1.15.20 does not validate signatures when creating them on the server from user input, allowing unauthenticated users to create arbitrary files and lea…

CVSS: 9.8CWE: N/A

Medium

CVE-2023-4646

The Simple Posts Ticker WordPress plugin before 1.1.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which coul…

CVSS: 5.4CWE: N/A

High

CVE-2023-4643

The Enable Media Replace WordPress plugin before 4.1.3 unserializes user input via the Remove Background feature, which could allow Author+ users to perform PHP Object Injection when a suitable gadge…

CVSS: 8.8CWE: N/A

Medium

CVE-2023-4388

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even whe…

CVSS: 4.8CWE: N/A

Medium

CVE-2023-4290

The WP Matterport Shortcode WordPress plugin before 2.1.7 does not escape the PHP_SELF server variable when outputting it in attributes, leading to Reflected Cross-Site Scripting issues which could b…

CVSS: 6.1CWE: N/A

Medium

CVE-2023-4289

The WP Matterport Shortcode WordPress plugin before 2.1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which…

CVSS: 5.4CWE: N/A

Medium

CVE-2023-3746

The ActivityPub WordPress plugin before 1.0.0 does not sanitize and escape some data from post content, which could allow contributor and above role to perform Stored Cross-Site Scripting attacks

CVSS: 5.4CWE: N/A

Medium

CVE-2023-3707

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve t…

CVSS: 4.3CWE: N/A

Medium

CVE-2023-3706

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the…

CVSS: 4.3CWE: N/A

Medium

CVE-2023-3279

The WordPress Gallery Plugin WordPress plugin before 3.39 does not validate some block attributes before using them to generate paths passed to include function/s, allowing Admin users to perform LFI…

CVSS: 4.9CWE: N/A

High

CVE-2023-3154

The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to PHAR Deserialization due to a lack of input parameter validation in the `gallery_edit` function, allowing an attacker to acc…

CVSS: 7.5CWE: N/A

Medium

CVE-2023-5575

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific combinat…

CVSS: 6.5CWE: N/A

High

CVE-2023-4827

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file…

CVSS: 8.8CWE: N/A

Medium

CVE-2023-4620

The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against…

CVSS: 6.1CWE: N/A

High

CVE-2023-3392

The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a…

CVSS: 7.2CWE: N/A

Medium

CVE-2023-40791

extract_user_to_sg in lib/scatterlist.c in the Linux kernel before 6.4.12 fails to unpin pages in a certain situation, as demonstrated by a WARNING for try_grab_page.

CVSS: 6.3CWE: N/A

2023-10-13

Medium

CVE-2023-36559

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVSS: 4.2CWE: N/A

Low

CVE-2023-5449

A potential security vulnerability has been identified in certain HP Displays supporting the Theft Deterrence feature which may allow a monitor’s Theft Deterrence to be deactivated.

CVSS: 3.3CWE: N/A

Medium

CVE-2023-5409

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. These models may be susceptible to a physical attack, allowing an untrusted source to tamper with the system fir…

CVSS: 6.8CWE: N/A

Medium

CVE-2023-4995

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output e…

CVSS: 6.4CWE: N/A

2023-10-12

Medium

CVE-2023-5470

The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output esc…

CVSS: 6.4CWE: N/A

Critical

CVE-2023-40833

An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting.

CVSS: 9.8CWE: N/A

2023-10-11

Medium

CVE-2023-5487

Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a cr…

CVSS: 6.5CWE: N/A

Medium

CVE-2023-5486

Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)

CVSS: 4.3CWE: N/A

Medium

CVE-2023-5484

Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

CVSS: 6.5CWE: N/A

Medium

CVE-2023-5483

Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Mediu…

CVSS: 6.5CWE: N/A

Medium

CVE-2023-5481

Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)

CVSS: 6.5CWE: N/A

Medium

CVE-2023-5479

Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a c…

CVSS: 6.5CWE: N/A

Medium

CVE-2023-5478

Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)

CVSS: 4.3CWE: N/A

Medium

CVE-2023-5477

Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: L…

CVSS: 4.3CWE: N/A

Medium

CVE-2023-5475

Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a…

CVSS: 6.5CWE: N/A

High

CVE-2023-40142

In TBD of TBD, there is a possible way to bypass carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed…

CVSS: 7.8CWE: N/A

Critical

CVE-2023-44107

Vulnerability of defects introduced in the design process in the screen projection module.Successful exploitation of this vulnerability may affect service availability and integrity.

CVSS: 9.1CWE: N/A

2023-10-10

High

CVE-2023-36732

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2023-36720

Windows Mixed Reality Developer Tools Denial of Service Vulnerability

CVSS: 7.5CWE: N/A

Medium

CVE-2023-36717

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2023-36712

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2023-36590

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVSS: 7.3CWE: N/A

Medium

CVE-2023-36584

Windows Mark of the Web Security Feature Bypass Vulnerability

CVSS: 5.4CWE: N/A

Medium

CVE-2023-36564

Windows Search Security Feature Bypass Vulnerability

CVSS: 6.5CWE: N/A

High

CVE-2023-36557

PrintHTML API Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2023-36438

Windows TCP/IP Information Disclosure Vulnerability

CVSS: 7.5CWE: N/A

High

CVE-2023-36436

Windows MSHTML Platform Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2023-5468

The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and…

CVSS: 6.4CWE: N/A

High

CVE-2023-44848

An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.

CVSS: 8.1CWE: N/A