Category: CVSS3 - MEDIUM
CVE-2023-34450

CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the wa ...

Continue Reading

August 15, 2023

CVE-2023-34088

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker ...

Continue Reading

August 15, 2023

CVE-2023-2827

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent ...

Continue Reading

August 15, 2023

CVE-2023-35134

Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only.Read More ...

Continue Reading

August 15, 2023

CVE-2023-35948

Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-sour ...

Continue Reading

August 15, 2023

CVE-2023-35998

A missing authorization check in multiple SOAP endpoints of the Insider Threat Management Server enables an attacker on an adjacent network to read and write unauthorized objects. Successful exploitat ...

Continue Reading

August 15, 2023

CVE-2023-3247

In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower rang ...

Continue Reading

August 15, 2023

CVE-2023-28361

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a ma ...

Continue Reading

August 15, 2023

CVE-2023-34088

Collabora Online is a collaborative online office suite. A stored cross-site scripting (XSS) vulnerability was found in Collabora Online prior to versions 22.05.13, 21.11.9.1, and 6.4.27. An attacker ...

Continue Reading

August 15, 2023

CVE-2023-23602

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. This could lead to connections to restricted origins from insi ...

Continue Reading

August 15, 2023

Load more