Skip to main content
CVE-2022-48111 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wi400
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-1320 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-23326 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avantfax
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-27119 MEDIUM POC This Month

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wabt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27116 MEDIUM POC This Month

WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webassembly
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27115 MEDIUM POC This Month

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webassembly
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27114 MEDIUM POC This Month

radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1318 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-1317 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-1316 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1315 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-23327 MEDIUM POC This Month

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avantfax
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-27164 MEDIUM POC This Month

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Halo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-1319 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1312 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27850 MEDIUM This Month

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that allows users with access to this feature to access arbitrary files on the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Netgear Information Disclosure Rax30 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-25147 MEDIUM This Month

An issue in the Trend Micro Apex One agent could allow an attacker who has previously acquired administrative rights via other means to bypass the protection by using a specifically crafted DLL. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Trend Micro Apex One
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-1203 MEDIUM This Month

Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-1201 MEDIUM This Month

Improper access control in the secure messages feature in Devolutions Server 2022.3.12 and below allows an authenticated attacker that possesses the message UUID to access the data it contains. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-24975 MEDIUM This Month

IBM Spectrum Symphony 7.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS IBM Spectrum Symphony
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0746 MEDIUM This Month

The help page in GigaVUE-FM, when using GigaVUE-OS software version 5.0 202, does not require an authenticated user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Gigavue Os
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25947 MEDIUM This Month

The bundle management subsystem within OpenHarmony-v3.1.4 and prior versions has a null pointer reference vulnerability which local attackers can exploit this vulnerability to cause a DoS attack to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-24465 MEDIUM This Month

Communication Wi-Fi subsystem within OpenHarmony-v3.1.4 and prior versions, OpenHarmony-v3.0.7 and prior versions has a null pointer reference vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0083 MEDIUM This Month

The ArKUI framework subsystem within OpenHarmony-v3.1.5 and prior versions, OpenHarmony-v3.0.7 and prior versions has an Improper Input Validation vulnerability which local attackers can exploit this. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27904 MEDIUM PATCH This Month

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-1337 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the clear_uucss_logs function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
3.0%
CVE-2023-27577 MEDIUM PATCH This Month

flarum is a forum software package for building communities. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Flarum
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-27903 MEDIUM PATCH This Month

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Authentication Bypass
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-0193 MEDIUM This Month

NVIDIA CUDA Toolkit SDK contains a vulnerability in cuobjdump, where a local user running the tool against a malicious binary may cause an out-of-bounds read, which may result in a limited denial of. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Buffer Overflow Information Disclosure Denial Of Service Cuda Toolkit
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-1339 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the uucss_update_rule function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1338 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attach_rule function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1336 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized settings update due to a missing capability check on the ajax_deactivate function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1335 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the ucss_connect function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1334 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the queue_posts function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1333 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1346 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1345 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1344 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1343 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1342 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1341 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1340 MEDIUM PATCH This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-27902 MEDIUM PATCH This Month

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy