Skip to main content
CVE-2023-25136 MEDIUM POC PATCH THREAT This Month

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 88.3%.

RCE SSH Openssh Fedora Ontap Select Deploy Administration Utility +3
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
88.3%
Threat
5.4
CVE-2023-22975 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in JFinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-36712 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in yzmcms 6.1 allows attackers to steal user cookies via image clipping function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yzmcms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-23636 MEDIUM POC PATCH This Month

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jellyfin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-23635 MEDIUM POC PATCH This Month

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jellyfin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-23082 MEDIUM POC PATCH This Month

A heap buffer overflow vulnerability in Kodi Home Theater Software up to 19.5 allows attackers to cause a denial of service due to an improper length of the value passed to the offset argument. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service Kodi
NVD GitHub
CVSS 3.1
4.6
EPSS
0.7%
CVE-2023-23937 MEDIUM PATCH This Month

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-23615 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-23940 MEDIUM PATCH This Month

OpenZeppelin Contracts for Cairo is a library for secure smart contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Authentication Bypass Contracts
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-24613 MEDIUM This Month

The user interface of Array Networks AG Series and vxAG through 9.4.0.470 could allow a remote attacker to use the gdb tool to overwrite the backend function call stack after accessing the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Arrayos Ag
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-23933 MEDIUM This Month

OpenSearch Anomaly Detection identifies atypical data and receives automatic notifications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Opensearch
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy