Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In September 2023
CVE-2023-28072
Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. A local malicious user could potentially send specially crafted requests to the .NET Remoting server to run arbitrary code on the system.
CVSS Score
7.8
EPSS Score
0.001
Published
2023-09-04
CVE-2023-4750
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-09-04
CVE-2023-4752
Use After Free in GitHub repository vim/vim prior to 9.0.1858.
CVSS Score
7.8
EPSS Score
0.0
Published
2023-09-04
CVE-2023-4755
Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV.
CVSS Score
5.3
EPSS Score
0.0
Published
2023-09-04
CVE-2023-4733
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
CVSS Score
7.3
EPSS Score
0.0
Published
2023-09-04
CVE-2023-3222
Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing userĀ“s password by adding a 6-digit numeric token. An attacker could create an automatic script to test all possible values because the platform has no limit on the number of requests.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-09-04
CVE-2023-3221
User enumeration vulnerability in Password Recovery plugin 1.2 version for Roundcube, which could allow a remote attacker to create a test script against the password recovery function to enumerate all users in the database.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-09-04
CVE-2023-4019
The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-09-04
CVE-2023-4059
The Profile Builder WordPress plugin before 3.9.8 lacks authorisation and CSRF in its page creation function which allows unauthenticated users to create the register, log-in and edit-profile pages from the plugin on the blog
CVSS Score
4.3
EPSS Score
0.001
Published
2023-09-04
CVE-2023-4151
The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
6.1
EPSS Score
0.088
Published
2023-09-04


Products
Pricing
Contact Us

Shodan ® - All rights reserved