Skip to main content
CVE-2023-23296 MEDIUM POC This Month

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jetwave 2212G Firmware Jetwave 2212X Firmware Jetwave 2212S Firmware Jetwave 2211C Firmware +11
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-23916 MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Debian Linux H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-0987 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-22476 MEDIUM POC PATCH This Month

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Mantisbt
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-20015 MEDIUM This Month

A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ucs Central Software Ucs 6536 Firmware Ucs 64108 Firmware +9
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-23915 MEDIUM This Month

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-20089 MEDIUM This Month

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-20016 MEDIUM This Month

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Ucs Central Software Ucs 6536 Firmware Ucs 64108 Firmware +9
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-0815 MEDIUM PATCH This Month

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Horizon Meridian
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25621 MEDIUM PATCH This Month

Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Sling I18N
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-0044 MEDIUM PATCH This Month

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS CSRF Quarkus Build Of Quarkus
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0869 MEDIUM PATCH This Month

Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0868 MEDIUM PATCH This Month

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0867 MEDIUM PATCH This Month

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0597 MEDIUM PATCH This Month

A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26303 MEDIUM PATCH This Month

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Markdown It Py
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20012 MEDIUM This Month

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Authentication Bypass Nexus 93180Yc Fx3S Firmware Nexus 93180Yc Fx3 Firmware +4
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-23920 MEDIUM PATCH This Month

An untrusted search path vulnerability exists in Node.js. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Node.js Information Disclosure Node Js Debian Linux
NVD
CVSS 3.1
4.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy