Skip to main content
CVE-2023-22911 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-22899 MEDIUM POC PATCH This Month

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Zip4J
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2022-4711 MEDIUM POC This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-21563 MEDIUM This Month

BitLocker Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 20H2 Windows 10 21h2 +11
NVD
CVSS 3.1
6.8
EPSS
1.5%
CVE-2023-0012 MEDIUM This Month

In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

SAP Microsoft Authentication Bypass Host Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-21560 MEDIUM This Month

Windows Boot Manager Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Heap Overflow Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
6.6
EPSS
1.1%
CVE-2022-4710 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 1.3.59, due to due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
6.1
EPSS
2.4%
CVE-2023-22479 MEDIUM PATCH This Month

KubePi is a modern Kubernetes panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Session Fixation Kubepi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-0140 MEDIUM This Month

Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Chrome
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0139 MEDIUM This Month

Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google Microsoft Chrome
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0133 MEDIUM This Month

Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0132 MEDIUM This Month

Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Microsoft Chrome
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0131 MEDIUM This Month

Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0130 MEDIUM This Month

Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22898 MEDIUM PATCH This Month

workers/extractor.py in Pandora (aka pandora-analysis/pandora) 1.3.0 allows a denial of service when an attacker submits a deeply nested ZIP archive (aka ZIP bomb). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Pandora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-21725 MEDIUM This Month

Windows Malicious Software Removal Tool Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Microsoft Windows Malicious Software Removal Tool
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-0018 MEDIUM This Month

Due to improper input sanitization of user-controlled input in SAP BusinessObjects Business Intelligence Platform CMC application - versions 420, and 430, an attacker with basic user-level privileges. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Businessobjects Business Intelligence Platform
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0013 MEDIUM This Month

The ABAP Keyword Documentation of SAP NetWeaver Application Server - versions 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, for ABAP and ABAP Platform does not sufficiently encode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0023 MEDIUM This Month

In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Bank Account Management
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-0162 MEDIUM PATCH This Month

The CPO Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several of its content type settings parameters in versions up to, and including, 1.0.4 due to insufficient. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Cpo Companion
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21776 MEDIUM This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 Windows 11 +8
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-21753 MEDIUM This Month

Event Tracing for Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows Server 2019
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-21559 MEDIUM This Month

Windows Cryptographic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 20H2 Windows 10 21h2 +5
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-21550 MEDIUM This Month

Windows Cryptographic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 20H2 Windows 10 21h2 +5
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-21540 MEDIUM This Month

Windows Cryptographic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10 1809 Windows 10 20H2 Windows 10 21h2 +5
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-4700 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-4704 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_templates_kit' AJAX action in versions up to, and including, 1.3.59. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-4702 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0015 MEDIUM This Month

In SAP BusinessObjects Business Intelligence Platform (Web Intelligence user interface) - version 420, some calls return json with wrong content type in the header of the response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-21743 MEDIUM This Month

Microsoft SharePoint Server Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-21682 MEDIUM This Month

Windows Point-to-Point Protocol (PPP) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 +13
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2023-21525 MEDIUM This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Windows 10 1607 Windows 10 1809 Windows 10 20H2 Windows 10 21h2 +11
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2023-22909 MEDIUM PATCH This Month

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mediawiki Fedora
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-21766 MEDIUM This Month

Windows Overlay Filter Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Microsoft Windows 10 Windows 11 Windows Server 2016 +2
NVD
CVSS 3.1
4.7
EPSS
0.9%
CVE-2023-21536 MEDIUM This Month

Event Tracing for Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). No vendor patch available.

Buffer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 20H2 +6
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2022-4701 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-4703 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_reset_previous_import' AJAX action in versions up to, and including, 1.3.59. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-4709 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_import_library_template' AJAX action in versions up to, and including, 1.3.59. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-4708 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_template_conditions' AJAX action in versions up to, and including, 1.3.59. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-4705 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_final_settings_setup' AJAX action in versions up to, and including, 1.3.59. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-4707 MEDIUM This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.59. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-0141 MEDIUM This Month

Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy