Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In October 2023
CVE-2023-45902
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
CVE-2023-45903
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
CVE-2023-45904
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
CVE-2023-45905
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
CVE-2023-45906
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
CVE-2023-45907
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/delete.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-17
CVE-2023-20598
An improper privilege management in the AMD Radeon™ Graphics driver may allow an authenticated attacker to craft an IOCTL request to gain I/O control over arbitrary hardware ports or physical addresses resulting in a potential arbitrary code execution.
CVSS Score
7.8
EPSS Score
0.015
Published
2023-10-17
CVE-2023-43959
An issue in YeaLinkSIP-T19P-E2 v.53.84.0.15 allows a remote privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.
CVSS Score
8.8
EPSS Score
0.08
Published
2023-10-17
CVE-2022-3761
OpenVPN Connect versions before 3.4.0.4506 (macOS) and OpenVPN Connect before 3.4.0.3100 (Windows) allows man-in-the-middle attackers to intercept configuration profile download requests which contains the users credentials
CVSS Score
5.9
EPSS Score
0.001
Published
2023-10-17
CVE-2023-42627
Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a (1) Shipping Name, (2) Shipping Phone Number, (3) Shipping Address, (4) Shipping Address 2, (5) Shipping Address 3, (6) Shipping Zip, (7) Shipping City, (8) Shipping Region (9), Shipping Country, (10) Billing Name, (11) Billing Phone Number, (12) Billing Address, (13) Billing Address 2, (14) Billing Address 3, (15) Billing Zip, (16) Billing City, (17) Billing Region, (18) Billing Country, or (19) Region Code.
CVSS Score
9.6
EPSS Score
0.002
Published
2023-10-17


Products
Pricing
Contact Us

Shodan ® - All rights reserved