Skip to main content
CVE-2023-1542 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-1536 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1535 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1527 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository tsolucio/corebos prior to 8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1540 MEDIUM POC PATCH This Month

Observable Response Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1539 MEDIUM POC PATCH This Month

Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1538 MEDIUM POC PATCH This Month

Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-25134 MEDIUM This Month

McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Total Protection
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-27873 MEDIUM PATCH This Month

IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27979 MEDIUM PATCH This Month

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could allow the renaming of files in the IGSS project report directory, this could lead to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-1154 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pacsrapor allows Reflected XSS.22. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pacsrapor
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-25686 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1262 MEDIUM This Month

Missing MAC layer security in Silicon Labs Wi-SUN Linux Border Router v1.5.2 and earlier allows malicious node to route malicious messages through network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wireless Smart Ubiquitous Network Linux Border Router Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-1261 MEDIUM This Month

Missing MAC layer security in Silicon Labs Wi-SUN SDK v1.5.0 and earlier allows malicious node to route malicious messages through network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wi Sun Software Development Kit
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-25689 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-27983 MEDIUM PATCH This Month

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server TCP interface that could allow deletion of reports from the IGSS project report directory, this would. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-27977 MEDIUM PATCH This Month

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists in the Data Server that could cause access to delete files in the IGSS project report directory, this could lead to loss. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Custom Reports Igss Dashboard Igss Data Server
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-25687 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to obtain sensitive information from log files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy