Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-39796
SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter.
CVSS Score
9.8
EPSS Score
0.83
Published
2023-11-10
CVE-2023-47246
Known exploited
In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023.
CVSS Score
9.8
EPSS Score
0.944
Published
2023-11-10
CVE-2023-45167
IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. IBM X-Force ID: 267965.
CVSS Score
6.2
EPSS Score
0.0
Published
2023-11-10
CVE-2023-46729
sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.
CVSS Score
9.3
EPSS Score
0.011
Published
2023-11-10
CVE-2023-6069
Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0.
CVSS Score
9.9
EPSS Score
0.003
Published
2023-11-10
CVE-2023-36014
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
7.3
EPSS Score
0.004
Published
2023-11-10
CVE-2023-36024
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVSS Score
7.1
EPSS Score
0.001
Published
2023-11-10
CVE-2023-31086
Cross-Site Request Forgery (CSRF) vulnerability in Igor Benic Simple Giveaways – Grow your business, email lists and traffic with contests plugin <= 2.46.0 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
CVE-2023-31088
Cross-Site Request Forgery (CSRF) vulnerability in Faraz Quazi Floating Action Button plugin <= 1.2.1 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09
CVE-2023-31093
Cross-Site Request Forgery (CSRF) vulnerability in Chronosly Chronosly Events Calendar plugin <= 2.6.2 versions.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved