Skip to main content
CVE-2023-27589 MEDIUM POC This Month

Minio is a Multi-Cloud Object Storage framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Minio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-24180 MEDIUM POC This Month

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Libelfin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1397 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1396 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Tours Travels Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1395 MEDIUM POC This Month

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Yoga Class Registration System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24279 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onos
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27070 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openplatform
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-27069 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openplatform
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-23408 MEDIUM POC PATCH This Month

Azure Apache Ambari Spoofing Vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Apache XSS Microsoft Azure Hdinsight
NVD Exploit-DB
CVSS 3.1
4.5
EPSS
4.0%
CVE-2023-27073 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) in Online Food Ordering System v1.0 allows attackers to change user details and credentials via a crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-24922 MEDIUM PATCH This Month

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-24906 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-24890 MEDIUM PATCH This Month

Microsoft OneDrive for iOS Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Apple Microsoft Onedrive
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-24870 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-24866 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-24865 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-24863 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-24857 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-23411 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23396 MEDIUM PATCH This Month

Microsoft Excel Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Office Online Server Office Web Apps Server
NVD
CVSS 3.1
6.5
EPSS
3.8%
CVE-2023-27895 MEDIUM This Month

SAP Authenticator for Android - version 1.3.0, allows the screen to be captured, if an authorized attacker installs a malicious app on the mobile device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Google Authenticator
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-27270 MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in a class for test purposes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25618 MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23389 MEDIUM PATCH This Month

Microsoft Defender Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.3).

Information Disclosure Microsoft Malware Protection Engine
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2021-4195 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Customer Relation Manager
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-23791 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Customer Relation Manager
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2022-23790 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Technology Customer Relation Manager
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-26457 MEDIUM This Month

SAP Content Server - version 7.53, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Content Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0021 MEDIUM This Month

Due to insufficient encoding of user input, SAP NetWeaver - versions 700, 701, 702, 731, 740, 750, allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure XSS Netweaver
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23391 MEDIUM PATCH This Month

Office for Android Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Google Office
NVD VulDB
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-24923 MEDIUM PATCH This Month

Microsoft OneDrive for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Microsoft Onedrive
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-24882 MEDIUM PATCH This Month

Microsoft OneDrive for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Microsoft Onedrive
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-24862 MEDIUM PATCH This Month

Windows Secure Channel Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 10 1507 +12
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-23409 MEDIUM PATCH This Month

Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 20H2 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-23394 MEDIUM PATCH This Month

Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 20H2 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-24921 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-24920 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Microsoft XSS CSRF Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-24919 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-24891 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-24879 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1296 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Nomad
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-27894 MEDIUM This Month

SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-27268 MEDIUM This Month

SAP NetWeaver AS Java (Object Analyzing Service) - version 7.50, does not perform necessary authorization checks, allowing an unauthenticated attacker to attach to an open interface and make use of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-26460 MEDIUM This Month

Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-24526 MEDIUM This Month

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-26461 MEDIUM This Month

SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure XXE Netweaver Enterprise Portal
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-25615 MEDIUM This Month

Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791, allows an authenticated high privileged user to alter the current session of the user by injecting the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SQLi Abap Platform
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-23383 MEDIUM PATCH This Month

Service Fabric Explorer Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Azure Service Fabric
NVD
CVSS 3.1
4.7
EPSS
11.7%
CVE-2023-24880 MEDIUM KEV PATCH THREAT This Month

Windows SmartScreen Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows 10 1607 Windows 10 1809 Windows 10 20H2 +7
NVD
CVSS 3.1
4.4
EPSS
78.2%
CVE-2023-24911 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
4.3
EPSS
1.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy