Skip to main content
CVE-2023-24369 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ujcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0878 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Nuxt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-24785 MEDIUM POC This Month

An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Peazip
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24769 MEDIUM POC PATCH This Month

Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Changedetection
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0879 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22232 MEDIUM POC THREAT This Month

Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Adobe Authentication Bypass Connect
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
81.9%
CVE-2023-0880 MEDIUM POC PATCH This Month

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-23922 MEDIUM PATCH This Month

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-23921 MEDIUM PATCH This Month

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-23695 MEDIUM This Month

Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Secure Connect Gateway
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-22233 MEDIUM This Month

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure After Effects
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22231 MEDIUM This Month

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Bridge
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-21620 MEDIUM This Month

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-21593 MEDIUM This Month

Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Null Pointer Dereference Indesign
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-21584 MEDIUM This Month

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-21583 MEDIUM This Month

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Bridge
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-21578 MEDIUM This Month

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Photoshop
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-21577 MEDIUM This Month

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Photoshop
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-0482 MEDIUM PATCH This Month

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Resteasy Active Iq Unified Manager Oncommand Workflow Automation
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-24809 MEDIUM This Month

NetHack is a single player dungeon exploration game. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Nethack
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24964 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a local user to obtain sensitive information from a log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-23586 MEDIUM PATCH This Month

Due to a vulnerability in the io_uring subsystem, it is possible to leak kernel memory information to the user process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22868 MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Aspera Faspex
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-24388 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Booking calendar, Appointment Booking System plugin <= 3.2.3 versions affects plugin forms actions (create, duplicate, edit, delete). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Booking Calendar
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-23899 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Extensions For CF7 plugin <= 2.0.8 versions leads to arbitrary plugin activation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Extensions For Cf7
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy