Skip to main content
CVE-2023-27095 MEDIUM POC This Month

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hippo4J
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28155 MEDIUM POC PATCH This Month

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js SSRF Request
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28113 MEDIUM POC PATCH This Month

russh is a Rust SSH client and server library. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Russh
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-27059 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1429 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27084 MEDIUM POC This Month

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. Rated medium severity (CVSS 5.3). Public exploit code available and no vendor patch available.

Information Disclosure Dreamer Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-28106 MEDIUM POC PATCH This Month

Pimcore is an open source data and experience management platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-27711 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Typecho
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-27131 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Typecho
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-27130 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Typecho
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-24571 MEDIUM This Month

Dell BIOS contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Embedded Box Pc 3000 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28109 MEDIUM PATCH This Month

Play With Docker is a browser-based Docker playground. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Docker Play With Docker
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28100 MEDIUM PATCH This Month

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Information Disclosure Flatpak
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-27494 MEDIUM PATCH This Month

Streamlit, software for turning data scripts into web applications, had a cross-site scripting (XSS) vulnerability in versions 0.63.0 through 0.80.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Streamlit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-21465 MEDIUM This Month

Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bixbytouch
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21461 MEDIUM This Month

Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21456 MEDIUM This Month

Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21453 MEDIUM This Month

Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21449 MEDIUM This Month

Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26951 MEDIUM This Month

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Member List module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Onekeyadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-1431 MEDIUM This Month

The WP Simple Shopping Cart plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.6.3 due to the plugin saving shopping cart data exports in a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wordpress Simple Paypal Shopping Cart
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-28487 MEDIUM PATCH This Month

Sudo before 1.9.13 does not escape control characters in sudoreplay output. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sudo Active Iq Unified Manager
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-28486 MEDIUM PATCH This Month

Sudo before 1.9.13 does not escape control characters in log messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Sudo Active Iq Unified Manager
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-21460 MEDIUM This Month

Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-23935 MEDIUM PATCH This Month

Discourse is an open-source messaging platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-28101 MEDIUM PATCH This Month

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Flatpak
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy