| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-41896 | Fake websocket server installation permits full takeover in Home Assistant Core | home-assistant | core | High | 7.1 | 2023-10-19 22:30:50 | Deep Dive |
| CVE-2023-41897 | Lack of XFO header allows clickjacking in Home Assistant Core | home-assistant | core | High | 8.8 | 2023-10-19 22:23:32 | Deep Dive |
| CVE-2023-41899 | Partial Server-Side Request Forgery in Home Assistant Core | home-assistant | core | Medium | 6.6 | 2023-10-19 22:18:31 | Deep Dive |
| CVE-2023-41898 | Arbitrary URL load in Android WebView in `MyActivity.kt` in Home Assistant Companion for Android | home-assistant | core | High | 8.6 | 2023-10-19 22:08:41 | Deep Dive |
| CVE-2023-44385 | Client-Side Request Forgery in Home Assistant iOS/macOS native Apps | home-assistant | core | High | 8.6 | 2023-10-19 22:02:53 | Deep Dive |
| CVE-2023-24385 | WordPress Media Library Assistant Plugin <= 3.11 is vulnerable to Cross Site Scripting (XSS) | David Lingren | Media Library Assistant | Medium | 5.9 | 2023-10-17 08:58:25 | Deep Dive |
| CVE-2023-45063 | WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF) | ReCorp | AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One | Medium | 4.3 | 2023-10-12 12:41:26 | Deep Dive |
| CVE-2023-30736 | SAMSUNG Mobile devices 安全漏洞 | Samsung Mobile | Samsung Assistant | Medium | 4.4 | 2023-10-04 03:02:49 | Deep Dive |
| CVE-2023-4716 | Media Library Assistant <= 3.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode | dglingren | Media Library Assistant | Medium | 6.4 | 2023-09-22 05:31:26 | Deep Dive |
| CVE-2023-3892 | Unsafe XML parsing of 3rd party DICOM private tags may lead to XXE | MIM Software | MIM Assistant | Medium | 5.6 | 2023-09-19 14:54:13 | Deep Dive |
| CVE-2023-4634 | Media Library Assistant <= 3.09 - Unauthenticated Local/Remote File Inclusion & Remote Code Execution | dglingren | Media Library Assistant | Critical | 9.8 | 2023-09-06 08:27:50 | Deep Dive |
| CVE-2023-4616 | thumbnail Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability | LG Electronics | LG-LED Assistant | High | 7.5 | 2023-09-04 10:42:15 | Deep Dive |
| CVE-2023-4615 | updateFile Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability | LG Electronics | LG-LED Assistant | High | 7.5 | 2023-09-04 10:39:30 | Deep Dive |
| CVE-2023-4614 | setThumbnailRC Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability | LG Electronics | LG-LED Assistant | Critical | 9.8 | 2023-09-04 10:33:29 | Deep Dive |
| CVE-2023-4613 | Upload Directory Path Traversal Allows Unauthenticated Arbitrary File Read Vulnerability | LG Electronics | LG-LED Assistant | Critical | 9.8 | 2023-09-04 08:16:28 | Deep Dive |
| CVE-2023-39438 | Missing Authorization check allows certain operations on CLA Assistant data | SAP_SE | CLA Assistant | High | 8.1 | 2023-08-15 16:23:59 | Deep Dive |
| CVE-2023-34010 | WordPress Media Library Assistant Plugin <= 3.0.7 is vulnerable to Cross Site Scripting (XSS) | David Lingren | Media Library Assistant | Medium | 5.8 | 2023-08-05 22:56:36 | Deep Dive |
| CVE-2023-26527 | WordPress Debug Assistant Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS) | WPIndeed | Debug Assistant | Medium | 5.9 | 2023-06-16 11:02:06 | Deep Dive |
| CVE-2023-32673 | HP PC 安全漏洞 | HP Inc. | HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware | 超危 | - | 2023-06-12 21:39:31 | Deep Dive |
| CVE-2023-3099 | KylinSoft youker-assistant Arbitrary File dbus.SystemBus delete_file access control | KylinSoft | youker-assistant | Medium | 4.4 | 2023-06-05 07:00:04 | Deep Dive |