Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In July 2023
CVE-2023-3587
Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-07-17
CVE-2023-3590
Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.
CVSS Score
3.1
EPSS Score
0.003
Published
2023-07-17
CVE-2023-3591
Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-07-17
CVE-2022-36424
Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2022-38062
Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-35818
An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-07-17
CVE-2023-36656
Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component.
CVSS Score
5.4
EPSS Score
0.005
Published
2023-07-17
CVE-2023-37968
Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-07-17
CVE-2022-47172
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-17
CVE-2023-2958
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-07-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved