CVE & Exploit Intelligence Database

CVE-2023-34189 6.5 MEDIUM EPSS 0.00

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences.  Users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109  to solve it.

CWE-668 Jul 25, 2023

CVE-2023-37645 5.3 MEDIUM NUCLEI EPSS 0.48

eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.

CWE-668 Jul 20, 2023

CVE-2023-3299 3.4 LOW EPSS 0.00

HashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.

CWE-201 Jul 20, 2023

CVE-2023-32760 7.7 HIGH EPSS 0.00

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.

CWE-668 Jul 14, 2023

CVE-2023-32759 7.5 HIGH EPSS 0.00

An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.

CWE-668 Jul 14, 2023

CVE-2023-37599 7.5 HIGH 1 PoC Analysis NUCLEI EPSS 0.86

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory

CWE-668 Jul 13, 2023

CVE-2023-34119 8.2 HIGH EPSS 0.00

Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.

CWE-668 Jul 11, 2023

CVE-2023-31818 7.5 HIGH EPSS 0.00

An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.

CWE-668 Jul 11, 2023

CVE-2023-30960 4.3 MEDIUM EPSS 0.00

A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.

CWE-639 Jul 10, 2023

CVE-2023-3270 8.6 HIGH EPSS 0.00

Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.

CWE-668 Jul 10, 2023

CVE-2023-35696 7.5 HIGH EPSS 0.00

Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests.

CWE-668 Jul 10, 2023

CVE-2023-3456 5.3 MEDIUM EPSS 0.00

Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.

CWE-20 Jul 06, 2023

CVE-2023-3455 9.1 CRITICAL EPSS 0.00

Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.

CWE-200 Jul 05, 2023

CVE-2023-32613 8.1 HIGH EPSS 0.00

Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in.

CWE-668 Jun 30, 2023

CVE-2023-32394 2.4 LOW EPSS 0.00

The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.

CWE-668 Jun 23, 2023

CVE-2023-35151 7.5 HIGH 1 Writeup EPSS 0.00

XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.

CWE-359 Jun 23, 2023

CVE-2023-34467 7.5 HIGH 1 Writeup EPSS 0.01

XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.

CWE-668 Jun 23, 2023

CVE-2023-2820 6.1 MEDIUM EPSS 0.00

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. 

CWE-200 Jun 14, 2023

CVE-2023-32019 4.7 MEDIUM EPSS 0.03

Windows Kernel Information Disclosure Vulnerability

CWE-668 Jun 14, 2023

CVE-2023-29355 5.3 MEDIUM EPSS 0.01

DHCP Server Service Information Disclosure Vulnerability

CWE-668 Jun 14, 2023