Skip to main content
CVE-2023-1117 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1116 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1115 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1104 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Flatpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26608 MEDIUM POC This Month

SOLDR (System of Orchestration, Lifecycle control, Detection and Response) 1.1.0 allows stored XSS via the module editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Soldr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-45608 HIGH This Week

An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thingsboard
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1113 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Payroll System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Payroll System With Dynamic Tax Bracket
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-0953 HIGH This Week

Insufficient input sanitization in the documentation feature of Devolutions Server 2022.3.12 and earlier allows an authenticated attacker to perform an SQL Injection, potentially resulting in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Devolutions Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0951 HIGH This Week

Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0847 HIGH This Week

The Sub-IoT implementation of the DASH 7 Alliance protocol has a vulnerability that can lead to an out-of-bounds write prior to implementation version 0.5.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow RCE Dash7 Alliance Protcol
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-26281 HIGH PATCH This Week

IBM HTTP Server 8.5 used by IBM WebSphere Application Server could allow a remote user to cause a denial of service using a specially crafted URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Http Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-20014 HIGH This Week

A vulnerability in the DNS functionality of Cisco Nexus Dashboard Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nexus Dashboard
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-0460 HIGH This Week

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Youtube Android Player Api
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-22770 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22769 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22768 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22767 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22766 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22765 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22764 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22763 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22762 HIGH This Week

Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Arubaos Sd Wan
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-22761 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22760 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22759 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-22758 HIGH This Week

Authenticated remote command injection vulnerabilities exist in the ArubaOS web-based management interface. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sd Wan Arubaos
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-20009 HIGH This Week

A vulnerability in the Web UI and administrative CLI of the Cisco Secure Email Gateway (ESA) and Cisco Secure Email and Web Manager (SMA) could allow an authenticated remote attacker and or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cisco Email Security Appliance Secure Email And Web Manager
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-25931 MEDIUM This Month

Medtronic identified that the Pelvic Health clinician apps, which are installed on the Smart Programmer mobile device, have a password vulnerability that requires a security update to fix. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Interstim X Clinician Micro Clinician
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-20075 MEDIUM This Month

Vulnerability in the CLI of Cisco Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary commands. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Email Security Appliance
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-22738 MEDIUM PATCH This Month

vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Vantage6
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-25544 MEDIUM This Month

Dell NetWorker versions 19.5 and earlier contain 'Apache Tomcat' version disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Dell Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-24567 MEDIUM This Month

Dell NetWorker versions 19.5 and earlier contain 'RabbitMQ' version disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Networker
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23973 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in a3rev Software Contact Us Page - Contact People plugin <= 3.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contact Us Page Contact People
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-22777 MEDIUM This Month

An authenticated information disclosure vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22775 MEDIUM This Month

A vulnerability exists which allows an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22774 MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22773 MEDIUM This Month

Authenticated path traversal vulnerabilities exist in the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Arubaos Sd Wan
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22772 MEDIUM This Month

An authenticated path traversal vulnerability exists in the ArubaOS web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sd Wan Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0952 MEDIUM This Month

Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1131 MEDIUM This Month

A vulnerability has been found in SourceCodester Computer Parts Sales and Inventory System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Computer Parts Sales And Inventory System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-20085 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-20053 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Nexus Dashboard
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23006 MEDIUM PATCH This Month

In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23005 MEDIUM PATCH This Month

In the Linux kernel before 6.2, mm/memory-tiers.c misinterprets the alloc_memory_type return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Linux Enterprise Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23004 MEDIUM PATCH This Month

In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23002 MEDIUM PATCH This Month

In the Linux kernel before 5.16.3, drivers/bluetooth/hci_qca.c misinterprets the devm_gpiod_get_index_optional return value (expects it to be NULL in the error case, whereas it is actually an error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23001 MEDIUM PATCH This Month

In the Linux kernel before 5.16.3, drivers/scsi/ufs/ufs-mediatek.c misinterprets the regulator_get return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Mediatek Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23000 MEDIUM PATCH This Month

In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-0594 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Grafana XSS
NVD
CVSS 3.1
5.4
EPSS
9.2%
CVE-2023-0507 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Grafana XSS
NVD
CVSS 3.1
5.4
EPSS
15.5%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy