U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.


The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, misconfigurations, product names, and impact metrics.

For information on how to the cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity
  • CVE-2023-41691 - Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.
    Published: September 29, 2023; 10:15:10 AM -0400

    V3.1: 6.1 MEDIUM

  • CVE-2023-44168 - The 'phone' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
    Published: September 28, 2023; 6:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-44167 - The 'name' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
    Published: September 28, 2023; 6:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-44166 - The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
    Published: September 28, 2023; 6:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-44165 - The 'Password' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
    Published: September 28, 2023; 6:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-44164 - The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
    Published: September 28, 2023; 6:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-44163 - The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database.
    Published: September 28, 2023; 6:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-43739 - The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database.
    Published: September 28, 2023; 6:15:10 PM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-20033 - A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition... read CVE-2023-20033
    Published: September 27, 2023; 2:15:10 PM -0400

    V3.1: 8.6 HIGH

  • CVE-2023-41878 - MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, at... read CVE-2023-41878
    Published: September 27, 2023; 11:19:30 AM -0400

    V3.1: 9.8 CRITICAL

  • CVE-2023-41335 - Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capab... read CVE-2023-41335
    Published: September 27, 2023; 11:19:30 AM -0400

    V3.1: 3.7 LOW

  • CVE-2023-41333 - Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster... read CVE-2023-41333
    Published: September 27, 2023; 11:19:30 AM -0400

    V3.1: 8.1 HIGH

  • CVE-2023-43124 - BIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
    Published: September 27, 2023; 12:21:33 PM -0400

    V3.1: 7.1 HIGH

  • CVE-2023-4505 - The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible ... read CVE-2023-4505
    Published: September 27, 2023; 11:19:40 AM -0400

    V3.1: 4.9 MEDIUM

  • CVE-2023-4506 - The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for auth... read CVE-2023-4506
    Published: September 27, 2023; 11:19:40 AM -0400

    V3.1: 6.5 MEDIUM

  • CVE-2023-4565 - Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.
    Published: September 27, 2023; 11:19:40 AM -0400

    V3.1: 5.3 MEDIUM

  • CVE-2023-4264 - Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.
    Published: September 27, 2023; 11:19:40 AM -0400

    V3.1: 9.6 CRITICAL

  • CVE-2023-4262 - Possible buffer overflow  in Zephyr mgmt subsystem when asserts are disabled
    Published: September 27, 2023; 11:19:40 AM -0400

  • CVE-2023-4260 - Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.
    Published: September 27, 2023; 11:19:40 AM -0400

  • CVE-2023-43871 - A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
    Published: September 28, 2023; 10:15:23 AM -0400

    V3.1: 5.4 MEDIUM