NVD

2022-23 Change Timeline

Icon for CISA Known Exploited Vulnerabilities Catalog Announcement

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2023-41691 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.
Published: September 29, 2023; 10:15:10 AM -0400

V3.1: 6.1 MEDIUM
CVE-2023-44168 - The 'phone' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: September 28, 2023; 6:15:10 PM -0400

V3.1: 9.8 CRITICAL
CVE-2023-44167 - The 'name' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: September 28, 2023; 6:15:10 PM -0400

V3.1: 9.8 CRITICAL
CVE-2023-44166 - The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: September 28, 2023; 6:15:10 PM -0400

V3.1: 9.8 CRITICAL
CVE-2023-44165 - The 'Password' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: September 28, 2023; 6:15:10 PM -0400

V3.1: 9.8 CRITICAL
CVE-2023-44164 - The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: September 28, 2023; 6:15:10 PM -0400

V3.1: 9.8 CRITICAL
CVE-2023-44163 - The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: September 28, 2023; 6:15:10 PM -0400

V3.1: 9.8 CRITICAL
CVE-2023-43739 - The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database.
Published: September 28, 2023; 6:15:10 PM -0400

V3.1: 9.8 CRITICAL
CVE-2023-20033 - A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition... read CVE-2023-20033
Published: September 27, 2023; 2:15:10 PM -0400

V3.1: 8.6 HIGH
CVE-2023-41878 - MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, at... read CVE-2023-41878
Published: September 27, 2023; 11:19:30 AM -0400

V3.1: 9.8 CRITICAL
CVE-2023-41335 - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capab... read CVE-2023-41335
Published: September 27, 2023; 11:19:30 AM -0400

V3.1: 3.7 LOW
CVE-2023-41333 - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster... read CVE-2023-41333
Published: September 27, 2023; 11:19:30 AM -0400

V3.1: 8.1 HIGH
CVE-2023-43124 - BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
Published: September 27, 2023; 12:21:33 PM -0400

V3.1: 7.1 HIGH
CVE-2023-4505 - The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible ... read CVE-2023-4505
Published: September 27, 2023; 11:19:40 AM -0400

V3.1: 4.9 MEDIUM
CVE-2023-4506 - The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for auth... read CVE-2023-4506
Published: September 27, 2023; 11:19:40 AM -0400

V3.1: 6.5 MEDIUM
CVE-2023-4565 - Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.
Published: September 27, 2023; 11:19:40 AM -0400

V3.1: 5.3 MEDIUM
CVE-2023-4264 - Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
Published: September 27, 2023; 11:19:40 AM -0400

V3.1: 9.6 CRITICAL
CVE-2023-4262 - Possible buffer overflow in Zephyr mgmt subsystem when asserts are disabled
Published: September 27, 2023; 11:19:40 AM -0400

V3.1: 10.0 CRITICAL
CVE-2023-4260 - Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
Published: September 27, 2023; 11:19:40 AM -0400

V3.1: 10.0 CRITICAL
CVE-2023-43871 - A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
Published: September 28, 2023; 10:15:23 AM -0400

V3.1: 5.4 MEDIUM

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: