CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2023-39978
Low

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.

CVE-2023-36926
Low

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.

CVE-2023-4177
Low

A vulnerability was found in EmpowerID up to version 7.205.0.0 related to the Multi-Factor Authentication Code Handler, leading to information disclosure. The attack complexity is high and exploitation is known to be difficult.

CVE-2023-4175
Low

A vulnerability was found in mooSocial mooTravel version 3.1.8, classified as problematic. The manipulation leads to cross site scripting.

CVE-2023-4174
LowEPSS 92%

A vulnerability has been found in mooSocial mooStore version 3.1.6, leading to cross site scripting attacks. An attacker can remotely manipulate an unknown functionality of the application.

CVE-2023-4173
LowEPSS 87%

A vulnerability was found in mooSocial mooStore version 3.1.6 that allows cross site scripting (XSS) attacks through manipulation of the argument q in the /search/index file.

CVE-2023-4170
Low

A vulnerability was found in DedeBIZ 6.2.10, rated as problematic. It affects some unknown functionality of the Article Handler component and leads to cross site scripting attacks.

CVE-2023-4167
Low

A vulnerability was found in Media Browser Emby Server 4.7.13.0, leading to cross site scripting attacks. The issue affects some unknown processing of the file /web/ and may be exploited remotely.

CVE-2023-38700
Low

In versions prior to 1.0.1, matrix-appservice-irc allowed crafting an event that could leak part of a message from another bridged room. This required knowing the event ID to target.

CVE-2023-3669
Low

A missing Brute-Force protection in CODESYS Development System prior to version 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.

CVE-2023-4118
Low

A vulnerability was found in Cute Http File Server 2.0, classified as problematic. It affects an unknown part of the search component and leads to cross site scripting attacks.

CVE-2023-4110
LowEPSS 75%

A vulnerability has been found in PHP Jabbers Availability Booking Calendar version 5.0, allowing cross site scripting attacks through manipulation of the session_id argument in the /index.php file.

CVE-2023-26979
Low

The BluetensQ app version 4.3.15 for Bluetens Electrostimulation Device is vulnerable to Man-in-the-Middle attacks over BLE. Attackers can hijack BLE communication to decrease or increase stimulator intensity.

CVE-2023-4016
Low

CVE-2023-4016 allows a user with access to run the 'ps' utility on a machine to write almost unlimited amounts of unfiltered data into the process heap.

CVE-2023-3488
Low

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.

CVE-2023-37904
Low

Discourse is an open source discussion platform, where prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in versions 3.0.6 and 3.1.0.beta7.

CVE-2023-3990
LowEPSS 68%

A vulnerability has been found in Mingsoft MCMS up to version 5.3.1 that allows cross site scripting attacks through manipulation of the 'style' argument in the search.do file. The attack can be initiated remotely.

CVE-2023-3989
Low

A vulnerability was found in SourceCodester Jewelry Store System 1.0, rated as problematic. It affects some unknown functionality of the file add_customer.php, leading to cross-site scripting attacks.

CVE-2023-3986
Low

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 that allows cross-site scripting (XSS) attacks by manipulating the First Name/Last Name/Username arguments in the /admin/?page=user/list file.

CVE-2023-37900
Low

In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane allows high-privileged users to create Packages referencing arbitrarily large images. This could lead to exhausting available memory and result in the container being OOMKilled.

PreviousPage 26 of 62Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS