Skip to main content
CVE-2023-23458 MEDIUM This Month

Sunell DVR, latest version, CWE-200: Exposure of Sensitive Information to an Unauthorized Actor through an unspecified request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sn Xvr3804E1 Firmware Sn Xvr3808E2 Firmware Sn Adr3804E1 Firmware Sn Adr3808E1 Firmware +3
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25768 MEDIUM PATCH This Month

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Authentication Bypass Azure Credentials
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23467 MEDIUM This Month

Media CP Media Control Panel latest version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Media Control Panel
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25171 MEDIUM PATCH This Month

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Kiwi Tcms
NVD GitHub
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-20949 MEDIUM This Month

In s2mpg11_pmic_probe of s2mpg11-regulator.c, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-25764 MEDIUM PATCH This Month

Jenkins Email Extension Plugin 2.93 and earlier does not escape, sanitize, or sandbox rendered email template output or log output generated during template rendering, resulting in a stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Email Extension
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25763 MEDIUM PATCH This Month

Jenkins Email Extension Plugin 2.93 and earlier does not escape various fields included in bundled email templates, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Email Extension
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25762 MEDIUM PATCH This Month

Jenkins Pipeline: Build Step Plugin 2.18 and earlier does not escape job names in a JavaScript expression used in the Pipeline Snippet Generator, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Pipeline
NVD
CVSS 3.1
5.4
EPSS
81.4%
CVE-2023-25761 MEDIUM PATCH This Month

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Junit
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0840 MEDIUM This Month

A vulnerability classified as problematic was found in PHPCrazy 1.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Phpcrazy
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25192 MEDIUM This Month

AMI MegaRAC SPX devices allow User Enumeration through Redfish. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-24499 MEDIUM This Month

Butterfly Button plugin may leave traces of its use on user's device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Butterfly Button
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-23850 MEDIUM PATCH This Month

A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Synopsys Coverity
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-23848 MEDIUM PATCH This Month

Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Synopsys Coverity
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-22805 MEDIUM This Month

LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Xbc Dn32U Firmware
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-25766 MEDIUM PATCH This Month

A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Microsoft Authentication Bypass Azure Credentials
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy