Skip to main content
CVE-2023-25282 MEDIUM POC This Month

A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Denial Of Service Dir 820L Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-27102 MEDIUM POC This Month

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-27234 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jizhicms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1418 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Friendly Island Pizza Website And Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-25804 MEDIUM POC This Month

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Path Traversal Nginx Roxy Wi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-26912 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS S Mall Ssm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25680 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22876 MEDIUM PATCH This Month

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Sterling B2b Integrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0322 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unis
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-1421 MEDIUM This Month

A reflected cross-site scripting vulnerability in the OAuth flow completion endpoints in Mattermost allows an attacker to send AJAX requests on behalf of the victim via sharing a crafted link with a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost XSS Mattermost Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25695 MEDIUM PATCH This Month

Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.5.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy