CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2023-4707
Low

A vulnerability was found in Infosoftbd Clcknshop 1.0.0, leading to cross site scripting (XSS) attacks through manipulation of the argument q in the file /collection/all. The attack can be initiated remotely.

CVE-2023-41045
Low

Graylog, a log management platform, uses a single source port for DNS queries, which goes against recommended security practices. This could allow DNS cache poisoning attacks, where an external attacker can inject forged DNS responses into Graylog's cache.

CVE-2023-41044
Low

Graylog has a partial path traversal vulnerability in the `Support Bundle` feature that allows an attacker with valid Admin role credentials to download or delete files in sibling directories. The issue is caused by improper input validation in an HTTP API resource.

CVE-2023-33833
Low

IBM Security Verify Information Queue versions 10.0.4 and 10.0.5 stores sensitive information in plain clear text, which can be read by a local user.

CVE-2023-4654
Low

In the GitHub repository instantsoft/icms2 prior to version 2.16.1, there is a vulnerability related to a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute.

CVE-2023-41041
Low

In the Graylog platform, in multi-node clusters, a user session may still be used for API requests after logout until it reaches its original expiry time. Each node maintains a local cache of user sessions, leading to situations where other nodes may still accept the session after it has been removed from the local cache.

CVE-2023-40184
Low

xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions.

CVE-2023-4624
Low

There is a Server-Side Request Forgery (SSRF) vulnerability in the GitHub repository bookstackapp/bookstack prior to version 23.08. This allows attackers to send requests to internal server services, potentially leading to the exposure of sensitive information.

CVE-2023-4555
Low

A vulnerability has been identified in SourceCodester Inventory Management System version 1.0 that allows cross site scripting (XSS) attacks through manipulation of the name/company argument in the suppliar_data.php file. The attack can be launched remotely.

CVE-2023-4547
LowEPSS 99%

A vulnerability was found in SPA-Cart eCommerce CMS version 1.9.0.3, rated as problematic. Manipulation of the arguments filter[brandid] and filter[price] in the /search file leads to cross-site scripting attacks.

CVE-2023-4546
LowEPSS 62%

A vulnerability was found in Byzoro Smart S85F Management Platform up to version 20230816, concerning an unknown functionality of the file /sysmanage/licence.php. Manipulation of this functionality leads to improper access controls.

CVE-2023-4534
Low

A vulnerability was found in the NeoMind Fusion Platform up to version 20230731, allowing cross site scripting (XSS) attacks through manipulation of the link argument in the /fusion/portal/action/Link file. The attack can be executed remotely.

CVE-2023-41250
Low

In JetBrains TeamCity versions before 2023.05.3, reflected XSS was possible during user registration.

CVE-2023-40182
Low

In the password recovery form of Silverware Games, the response time varies depending on whether the specified email address exists in the database. This issue has been fixed in version 1.3.7.

CVE-2023-34973
Low

An insufficient entropy vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to predict secret via unspecified vectors.

CVE-2023-34972
Low

A vulnerability has been reported affecting QNAP operating systems regarding the cleartext transmission of sensitive information. If exploited, local network clients may read unexpected sensitive data via unspecified vectors.

CVE-2023-4228
Low

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation.

CVE-2023-40370
Low

IBM Robotic Process Automation versions 21.0.0 through 21.0.7.1 is vulnerable to information disclosure of script content if the remote REST request policy is enabled.

CVE-2023-38158
LowEPSS 64%

A vulnerability in Microsoft Edge (Chromium-based) allows for information disclosure. An attacker could exploit this flaw to gain access to sensitive user data.

CVE-2023-39061
Low

A CSRF vulnerability in Chamilo versions 1.11 through 1.11.20 allows a remote authenticated privileged attacker to execute arbitrary code. The flaw stems from insufficient cross-site request forgery protections.

PreviousPage 25 of 63Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS