Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In August 2023
CVE-2023-28693
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Balasaheb Bhise Advanced Youtube Channel Pagination plugin <= 1.0 version.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-17
CVE-2023-28783
Auth. (shop manager+) Stored Cross-Site Scripting (XSS) vulnerability in PHPRADAR Woocommerce Tip/Donation plugin <= 1.2 versions.
CVSS Score
5.9
EPSS Score
0.0
Published
2023-08-17
CVE-2023-31072
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Praveen Goswami Advanced Category Template plugin <= 0.1 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-17
CVE-2023-31079
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Chris Roberts Tippy plugin <= 6.2.1 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-08-17
CVE-2023-40272
Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to read files on the Airflow server. It is recommended to upgrade to a version that is not affected.
CVSS Score
7.5
EPSS Score
0.006
Published
2023-08-17
CVE-2023-34412
A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject malicious HTML or JavaScript code (XSS).
CVSS Score
4.8
EPSS Score
0.0
Published
2023-08-17
CVE-2023-38902
A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers v.EG_3.0(1)B11P219, EAP and RAP series wireless access points v.AP_3.0(1)B11P219, and NBC series wireless controllers v.AC_3.0(1)B11P219 allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /cgi-bin/luci/api/cmd via the remoteIp field.
CVSS Score
8.8
EPSS Score
0.018
Published
2023-08-17
CVE-2023-4394
A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. This flaw allows a local attacker with special privileges to cause a system crash or leak internal kernel information
CVSS Score
6.7
EPSS Score
0.0
Published
2023-08-17
CVE-2023-38838
SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component.
CVSS Score
7.5
EPSS Score
0.0
Published
2023-08-17
CVE-2023-31074
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in hupe13 Extensions for Leaflet Map plugin <= 3.4.1 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-08-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved