Skip to main content
CVE-2023-23151 MEDIUM POC This Month

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Bloofoxcms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-22971 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hx200 Firmware Hx90 Firmware Hx50L Firmware Hn9460 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-0448 MEDIUM POC THREAT This Month

The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Helper Premium
NVD
CVSS 3.1
6.1
EPSS
44.5%
CVE-2023-0469 MEDIUM POC This Month

A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-0519 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Modoboa
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0488 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pyload Pyload Ng
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-0470 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Modoboa
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0513 MEDIUM POC This Month

A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dreamer Cms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0468 MEDIUM POC This Month

A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-23608 MEDIUM POC PATCH This Month

Spotipy is a light weight Python library for the Spotify Web API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Python Spotipy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-20924 MEDIUM This Month

In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-24495 MEDIUM PATCH This Month

A Server Side Request Forgery (SSRF) vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Tenable Sc
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-24459 MEDIUM This Month

A missing permission check in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Bearychat
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-24457 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Keycloak Authentication Plugin 2.3.0 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Keycloak Authentication
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-24453 MEDIUM This Month

A missing check in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified username and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Testquality Updater
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-24450 MEDIUM This Month

Jenkins view-cloner Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure View Cloner
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24448 MEDIUM This Month

A missing permission check in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified AMQP(S) URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Rabbitmq Consumer
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-24438 MEDIUM This Month

A missing permission check in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Atlassian Jira Pipeline Steps
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24435 MEDIUM This Month

A missing permission check in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Github Pull Request Builder
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24433 MEDIUM PATCH This Month

Missing permission checks in Jenkins Orka by MacStadium Plugin 1.31 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Orka By Macstadium
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24425 MEDIUM PATCH This Month

Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Jenkins Authentication Bypass Kubernetes Credentials Provider
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24423 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Gerrit Trigger Plugin 2.38.0 and earlier allows attackers to rebuild previous builds triggered by Gerrit. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Gerrit Trigger
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23613 MEDIUM PATCH This Month

OpenSearch is an open source distributed and RESTful search engine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Opensearch
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-23610 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22739 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0476 MEDIUM PATCH This Month

A LDAP injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Tenable Sc
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0417 MEDIUM PATCH This Month

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0416 MEDIUM PATCH This Month

GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0415 MEDIUM PATCH This Month

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0414 MEDIUM PATCH This Month

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-0413 MEDIUM PATCH This Month

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0411 MEDIUM PATCH This Month

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0229 MEDIUM PATCH This Month

A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-24445 MEDIUM This Month

Jenkins OpenID Plugin 2.4 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Open Redirect Openid
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-23951 MEDIUM This Month

Ability to enumerate the Oracle LDAP attributes for the current user by modifying the query used by the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23950 MEDIUM This Month

User’s supplied input (usually a CRLF sequence) can be used to split a returning response into two responses. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22722 MEDIUM This Month

GLPI is a Free Asset and IT Management Software package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24493 MEDIUM PATCH This Month

A formula injection vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Tenable Sc
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-24428 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket OAuth Plugin 0.12 and earlier allows attackers to trick users into logging in to the attacker's account. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins CSRF Bitbucket Oauth
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-24454 MEDIUM This Month

Jenkins TestQuality Updater Plugin 1.3 and earlier stores the TestQuality Updater password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Testquality Updater
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24442 MEDIUM This Month

Jenkins GitHub Pull Request Coverage Status Plugin 2.2.0 and earlier stores the GitHub Personal Access Token, Sonar access token and Sonar password unencrypted in its global configuration file on the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Github Pull Request Coverage Status
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24440 MEDIUM This Month

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier transmits the private key in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Atlassian Jira Pipeline Steps
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24439 MEDIUM This Month

Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier stores the private keys unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Atlassian Jira Pipeline Steps
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20923 MEDIUM This Month

In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20922 MEDIUM This Month

In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20908 MEDIUM This Month

In several functions of SettingsState.java, there is a possible system crash loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-0394 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-24494 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Tenable.sc due to improper validation of user-supplied input before returning it to users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Tenable Sc
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-23949 MEDIUM This Month

An authenticated user can supply malicious HTML and JavaScript code that will be executed in the client browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Symantec Identity Governance And Administration Symantec Identity Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-23611 MEDIUM PATCH This Month

LTI Consumer XBlock implements the consumer side of the LTI specification enabling integration of third-party LTI provider tools. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xblock Lti Consumer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy