CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2023-3784
Low

A vulnerability was found in Dooblou WiFi File Explorer version 1.13.3 that leads to cross-site scripting (XSS) attacks through manipulation of the search, order, download, or mode arguments. The attack can be launched remotely.

CVE-2023-3783
Low

A vulnerability was found in Webile 1.0.1, classified as problematic. It affects an unknown function of the HTTP POST Request Handler component, where manipulation of the argument new_file_name/c leads to cross site scripting.

CVE-2023-3299
Low

In HashiCorp Nomad Enterprise versions 1.2.11 to 1.5.6 and 1.4.10, ACL policies using a block without a label generate unexpected results. This issue is fixed in versions 1.6.0, 1.5.7, and 1.4.11.

CVE-2023-3674
Low

A flaw was found in the Keylime attestation verifier, which fails to flag a device as untrusted when the TPM quote's signature does not validate. Instead, it only logs an error.

CVE-2023-3763
Low

A vulnerability was found in Intergard SGS 8.7.0 affecting unknown code of the SQL Query Handler component. The manipulation leads to cleartext transmission of sensitive information.

CVE-2023-3761
Low

A vulnerability was found in Intergard SGS 8.7.0, affecting some unknown functionality of the Password Change Handler component. Manipulation leads to cleartext transmission of sensitive information.

CVE-2023-3757
Low

A vulnerability has been identified in GZ Scripts Car Rental Script version 1.8 that allows cross site scripting (XSS) attacks through manipulation of arguments in the /EventBookingCalendar/load.php file. An attacker can remotely exploit this vulnerability by injecting malicious data into the first_name, second_name, phone, address_1, and country fields.

CVE-2023-3756
Low

A vulnerability was found in Creativeitem Atlas Business Directory Listing version 2.13, allowing cross-site scripting (XSS) attacks through manipulation of the search_string argument in the /home/search file.

CVE-2023-3755
Low

A vulnerability has been found in Creativeitem Atlas Business Directory Listing version 2.13, allowing cross site scripting attacks through manipulation of the price-range argument in the /home/filter_listings file.

CVE-2023-3754
Low

A vulnerability was identified in Creativeitem Ekushey Project Manager CRM 5.0 that allows cross site scripting attacks through manipulation of the message argument in the file /index.php/client/message/message_read/xxxxxxxx[random-msg-hash].

CVE-2023-3753
Low

A vulnerability has been found in Creativeitem Mastery LMS version 1.2 that allows cross site scripting attacks through manipulation of an argument in the /browse file. The attack can be initiated remotely.

CVE-2023-3752
Low

A vulnerability was found in Creativeitem Academy LMS 5.15, rated as problematic. Manipulation of the sort_by argument in the /home/courses file leads to cross-site scripting attacks.

CVE-2023-37481
Low

Fides is an open-source privacy engineering platform that is vulnerable to a Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload malicious SVG files, leading to resource exhaustion in Admin UI browser tabs.

CVE-2023-37480
Low

Fides is an open-source privacy engineering platform that is vulnerable to a Denial of Service (DoS) attack through the upload of a malicious zip bomb file. Versions of Fides from `2.11.0` to `2.15.1` are affected by this vulnerability, which requires elevated privileges to exploit.

CVE-2023-3613
Low

The Mattermost WelcomeBot plugin fails to validate membership status when inviting or adding users to channels, allowing guest accounts to be added by default.

CVE-2023-3590
Low

Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.

CVE-2023-3587
Low

Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state. This allows any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.

CVE-2023-3584
Low

Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request. This allows an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.

CVE-2023-3577
Low

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.

CVE-2023-35901
Low

IBM Robotic Process Automation versions 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 are vulnerable to client side validation bypass, which could allow invalid changes or values in some fields.

PreviousPage 31 of 63Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS