Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2023
CVE-2023-32230
An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-18
CVE-2023-28053
Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. A remote unauthenticated attacker could potentially exploit this vulnerability leading to some information disclosure.
CVSS Score
5.3
EPSS Score
0.001
Published
2023-12-18
CVE-2023-50372
Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Post Type Page Template.This issue affects Custom Post Type Page Template: from n/a through 1.1.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-12-18
CVE-2023-49854
Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy – Smart Side Cart for WooCommerce.This issue affects Caddy – Smart Side Cart for WooCommerce: from n/a through 1.9.7.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-12-18
CVE-2023-49855
Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.This issue affects Menu Bar Cart Icon For WooCommerce By Binary Carpenter: from n/a through 1.49.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-12-18
CVE-2023-32728
The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution.
CVSS Score
4.6
EPSS Score
0.005
Published
2023-12-18
CVE-2023-32725
The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. The received session cookie can then be used to access the frontend as the particular user.
CVSS Score
9.6
EPSS Score
0.002
Published
2023-12-18
CVE-2023-32726
The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server.
CVSS Score
3.9
EPSS Score
0.001
Published
2023-12-18
CVE-2023-32727
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
CVSS Score
6.8
EPSS Score
0.004
Published
2023-12-18
CVE-2023-41314
The api /api/snapshot and /api/get_log_file would allow unauthenticated access. It could allow a DoS attack or get arbitrary files from FE node. Please upgrade to 2.0.3 to fix these issues.
CVSS Score
8.2
EPSS Score
0.003
Published
2023-12-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved