Skip to main content
CVE-2023-24044 MEDIUM POC This Month

A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Obsidian
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2023-24056 MEDIUM POC PATCH This Month

In pkgconf through 1.9.3, variable duplication can cause unbounded string expansion due to incorrect checks in libpkgconf/tuple.c:pkgconf_tuple_parse. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Pkgconf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-24058 MEDIUM POC This Month

Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Booked
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-24055 MEDIUM PATCH This Month

KeePass through 2.53 (in a default installation) allows an attacker, who has write access to the XML configuration file, to obtain the cleartext passwords by adding an export trigger. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Keepass
NVD
CVSS 3.1
5.5
EPSS
3.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy