Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-33706
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-11-24
CVE-2023-26279
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.
CVSS Score
3.3
EPSS Score
0.0
Published
2023-11-24
CVE-2021-39008
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.
CVSS Score
2.7
EPSS Score
0.001
Published
2023-11-23
CVE-2023-49213
The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1.
CVSS Score
8.8
EPSS Score
0.016
Published
2023-11-23
CVE-2023-49214
Usedesk before 1.7.57 allows chat template injection.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-11-23
CVE-2023-49215
Usedesk before 1.7.57 allows filter reflected XSS.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-11-23
CVE-2023-49216
Usedesk before 1.7.57 allows profile stored XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-11-23
CVE-2023-47244
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.This issue affects Email Marketing for WooCommerce by Omnisend: from n/a through 1.13.8.
CVSS Score
5.3
EPSS Score
0.003
Published
2023-11-23
CVE-2023-47529
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.This issue affects Cloud Templates & Patterns collection: from n/a through 1.2.2.
CVSS Score
5.3
EPSS Score
0.034
Published
2023-11-23
CVE-2023-49210
The openssl (aka node-openssl) NPM package through 2.0.0 was characterized as "a nonsense wrapper with no real purpose" by its author, and accepts an opts argument that contains a verb field (used for command execution). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
9.8
EPSS Score
0.005
Published
2023-11-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved