NVD disclosure day
CVE-2023-4762
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in Google Chrome allows attackers to execute arbitrary code via a crafted HTML page, impacting organizations using affected browsers. This could lead to unauthorized code execution, data compromise, and system disruption.
CVE-2023-4531
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
Mestav E-commerce Software has a critical flaw allowing attackers to steal customer data or control your site. Act now to protect sensitive information.
CVE-2023-4178
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
An external attacker can bypass login security on Neutron Smart VMS to gain full control of the system. This allows them to view live surveillance feeds, delete recorded video logs, and alter configurations, compromising the physical security of our facilities.
CVE-2023-4034
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can bypass security controls in the Smartrise Document Management System. This allows them to steal administrative credentials and proprietary company documents, potentially leading to widespread data theft and unauthorized access to other areas of the network.
CVE-2023-3616
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
Mava Hotel Management System has a critical flaw allowing unauthenticated attackers to steal or alter sensitive data from its database.
CVE-2023-35072
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A critical flaw in Coyav Travel Proagent lets anyone steal or alter sensitive data. Update immediately to prevent unauthorized access.
CVE-2023-35068
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can exploit the BMA Personnel Tracking System to manipulate its database. This could allow them to view, change, or delete sensitive employee records, resulting in the unauthorized access or loss of confidential personnel information.
CVE-2023-35065
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker can take advantage of Osoft Paint Production Management to steal sensitive production records and administrative credentials. This exposes critical business information and could lead to a full compromise of the system.
CVE-2023-3375
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An external attacker could exploit Unisign Bookreen by uploading a malicious file, allowing them to run system commands and potentially gain unauthorized control. This matters because it could lead to complete compromise of the affected system.
CVE-2023-3374
Halo Surface Signal: 2 out of 5 — less likely to be public-facing.
An internal attacker with existing access to Unisign Bookreen could trick the system into granting them full administrative rights. This creates a significant risk by enabling unauthorized access to critical system settings, which could lead to full control over the platform.