Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In November 2023
CVE-2023-6014
An attacker is able to arbitrarily create an account in MLflow bypassing any authentication requirment.
CVSS Score
9.1
EPSS Score
0.007
Published
2023-11-16
CVE-2023-6020
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication.
CVSS Score
7.5
EPSS Score
0.835
Published
2023-11-16
CVE-2023-46213
In Splunk Enterprise versions below 9.0.7 and 9.1.2, ineffective escaping in the “Show syntax Highlighted” feature can result in the execution of unauthorized code in a user’s web browser.
CVSS Score
4.8
EPSS Score
0.002
Published
2023-11-16
CVE-2023-46214
In Splunk Enterprise versions below 9.0.7 and 9.1.2, Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that an attacker can upload malicious XSLT which can result in remote code execution on the Splunk Enterprise instance.
CVSS Score
8.0
EPSS Score
0.881
Published
2023-11-16
CVE-2023-39926
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Acurax Under Construction / Maintenance Mode from Acurax plugin <= 2.6 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-11-16
CVE-2023-36008
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVSS Score
6.6
EPSS Score
0.01
Published
2023-11-16
CVE-2023-36026
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVSS Score
4.3
EPSS Score
0.002
Published
2023-11-16
CVE-2023-28621
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wishfulthemes Raise Mag, Wishfulthemes Wishful Blog themes allows Reflected XSS.This issue affects Raise Mag: from n/a through 1.0.7; Wishful Blog: from n/a through 2.0.1.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-11-16
CVE-2023-32796
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in MingoCommerce WooCommerce Product Enquiry plugin <= 2.3.4 versions.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-11-16
CVE-2023-32957
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dazzlersoft Team Members Showcase plugin <= 1.3.4 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-11-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved