Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In December 2023
CVE-2023-49836
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brontobytes Cookie Bar allows Stored XSS.This issue affects Cookie Bar: from n/a through 2.0.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-12-14
CVE-2023-0757
Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-12-14
CVE-2023-45182
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 is vulnerable to having its key for an encrypted password decoded. By somehow gaining access to the encrypted password, a local attacker could exploit this vulnerability to obtain the password to other systems. IBM X-Force ID: 268265.
CVSS Score
7.4
EPSS Score
0.006
Published
2023-12-14
CVE-2023-45185
IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.
CVSS Score
7.4
EPSS Score
0.015
Published
2023-12-14
CVE-2023-46141
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device.
CVSS Score
9.8
EPSS Score
0.008
Published
2023-12-14
CVE-2023-46142
A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-12-14
CVE-2023-6569
External Control of File Name or Path in h2oai/h2o-3
CVSS Score
9.3
EPSS Score
0.002
Published
2023-12-14
CVE-2023-6570
Server-Side Request Forgery (SSRF) in kubeflow/kubeflow
CVSS Score
7.7
EPSS Score
0.002
Published
2023-12-14
CVE-2023-6571
Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow
CVSS Score
5.4
EPSS Score
0.003
Published
2023-12-14
CVE-2023-48631
@adobe/css-tools versions 4.3.1 and earlier are affected by an Improper Input Validation vulnerability that could result in a denial of service while attempting to parse CSS.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-12-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved