Skip to main content
CVE-2023-23853 MEDIUM This Month

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-23852 MEDIUM This Month

SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Solution Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22376 MEDIUM This Month

Reflected cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a remote unauthenticated attacker to inject arbitrary script to inject an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cs Wmv02G Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-21693 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 Windows 10 1607 +11
NVD
CVSS 3.1
5.7
EPSS
1.4%
CVE-2023-22940 MEDIUM This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure Splunk Cloud Platform
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-21567 MEDIUM PATCH This Month

Visual Studio Denial of Service Vulnerability. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity.

Denial Of Service Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.6
EPSS
0.8%
CVE-2023-22490 MEDIUM PATCH This Month

Git is a revision control system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Git
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-21714 MEDIUM PATCH This Month

Microsoft Office Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft 365 Apps Office Long Term Servicing Channel
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-21697 MEDIUM PATCH This Month

Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 Windows 10 1607 +8
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-21687 MEDIUM PATCH This Month

HTTP.sys Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 11 21H2 Windows 11 22h2 Windows Server 2022
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-24377 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.3 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ecwid Ecommerce Shopping Cart
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-21573 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-21571 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-21570 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25571 MEDIUM PATCH This Month

Backstage is an open platform for building developer portals. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Backstage Catalog Model Backstage Core Components Backstage Plugin Catalog Backend
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24525 MEDIUM This Month

SAP CRM WebClient UI - versions WEBCUIF 748, 800, 801, S4FND 102, 103, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Customer Relationship Management Webclient Ui S4Fnd
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23856 MEDIUM This Month

In SAP BusinessObjects Business Intelligence (Web Intelligence user interface) - version 430, some calls return json with wrong content type in the header of the response. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Objects Business Intelligence Platform
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23855 MEDIUM This Month

SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Open Redirect Solution Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23854 MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, does not perform necessary authorization checks for an authenticated user, resulting in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-23851 MEDIUM This Month

SAP Business Planning and Consolidation - versions 200, 300, allows an attacker with business authorization to upload any files (including web pages) without the proper file format validation. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP File Upload Business Planning And Consolidation
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0025 MEDIUM This Month

SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Solution Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0024 MEDIUM This Month

SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Solution Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-21720 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Google Microsoft Edge Chromium
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-21699 MEDIUM PATCH This Month

Windows Internet Storage Name Service (iSNS) Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 Windows 10 1607 +8
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-22943 MEDIUM This Month

In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Information Disclosure Add On Builder Cloudconnect Software Development Kit
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-0655 MEDIUM This Month

SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Email Security
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-22370 MEDIUM This Month

Stored cross-site scripting vulnerability in Wired/Wireless LAN Pan/Tilt Network Camera CS-WMV02G all versions allows a network-adjacent authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS Cs Wmv02G
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2023-21722 MEDIUM PATCH This Month

.NET Framework Denial of Service Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Denial Of Service Net Framework
NVD
CVSS 3.1
5.0
EPSS
0.9%
CVE-2023-21794 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Google Authentication Bypass Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-22942 MEDIUM This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, a cross-site request forgery in the Splunk Secure Gateway (SSG) app in the ‘kvstore_client’ REST endpoint lets a potential attacker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk CSRF
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-22938 MEDIUM This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-22937 MEDIUM This Month

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Information Disclosure Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-22931 MEDIUM This Month

In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-25758 MEDIUM This Month

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Onekey Touch Firmware Onekey Mini Firmware
NVD GitHub
CVSS 3.1
4.2
EPSS
0.3%
CVE-2023-23934 LOW PATCH Monitor

Werkzeug is a comprehensive WSGI web application library. Rated low severity (CVSS 3.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Werkzeug
NVD GitHub
CVSS 3.1
3.5
EPSS
0.5%
CVE-2023-24566 LOW Monitor

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Solid Edge Se2023
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-24565 LOW Monitor

A vulnerability has been identified in Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Solid Edge Se2023
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy