Skip to main content
CVE-2023-22958 MEDIUM POC This Month

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Open Redirect Secure Login
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22487 MEDIUM POC PATCH This Month

Flarum is a forum software for building communities. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Flarum
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-20527 MEDIUM This Month

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +60
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20525 MEDIUM This Month

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22492 MEDIUM PATCH This Month

ZITADEL is a combination of Auth0 and Keycloak. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-20523 MEDIUM This Month

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-20532 MEDIUM This Month

Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-22963 MEDIUM This Month

The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Personnummer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-22945 MEDIUM PATCH This Month

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mediawiki Fedora
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy