Skip to main content
CVE-2023-27249 MEDIUM POC This Month

swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1609 MEDIUM POC This Month

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Crmeb Java
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1410 MEDIUM POC PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Grafana XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2023-20100 MEDIUM This Month

A vulnerability in the access point (AP) joining process of the Control and Provisioning of Wireless Access Points (CAPWAP) protocol of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.8%
CVE-2023-20082 MEDIUM This Month

A vulnerability in Cisco IOS XE Software for Cisco Catalyst 9300 Series Switches could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-20097 MEDIUM This Month

A vulnerability in Cisco access points (AP) software could allow an authenticated, local attacker to inject arbitrary commands and execute them with root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Wireless Lan Controller Software Aironet Access Point Software Ios Xe
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28772 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.13.3. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Linux Linux Kernel
NVD GitHub
CVSS 3.1
6.7
EPSS
0.7%
CVE-2023-28330 MEDIUM PATCH This Month

Insufficient sanitizing in backup resulted in an arbitrary file read risk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Moodle
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-20861 MEDIUM PATCH This Month

In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Framework
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-0056 MEDIUM This Month

An uncontrolled resource consumption vulnerability was discovered in HAProxy which could crash the service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Haproxy Ceph Storage Software Collections Openshift Container Platform +5
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-20112 MEDIUM This Month

A vulnerability in Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Cisco Denial Of Service Business 150Ax Firmware Business 151Axm Firmware +29
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-20067 MEDIUM This Month

A vulnerability in the HTTP-based client profiling feature of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could allow an unauthenticated, adjacent attacker to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-20066 MEDIUM This Month

A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform a directory traversal and access resources that are outside the filesystem mountpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cisco Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-20059 MEDIUM This Month

A vulnerability in the implementation of the Cisco Network Plug-and-Play (PnP) agent of Cisco DNA Center could allow an authenticated, remote attacker to view sensitive information in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Catalyst Center
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1544 MEDIUM PATCH This Month

A flaw was found in the QEMU implementation of VMWare's paravirtual RDMA device. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure VMware Qemu Fedora
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-1051 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in As Koc Energy Web Report System allows Reflected XSS.03.10. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Report System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-28332 MEDIUM PATCH This Month

If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-28331 MEDIUM PATCH This Month

Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-1613 MEDIUM This Month

A vulnerability has been found in Rebuild up to 3.2.3 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rebuild
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22704 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 8.1.8 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teachpress
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1593 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Automatic Question Paper Generator System 1.0.php?f=save_class. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Automatic Question Paper Generator System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20081 MEDIUM This Month

A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Denial Of Service Apple Heap Overflow Cisco +4
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-20859 MEDIUM PATCH This Month

In Spring Vault, versions 3.0.x prior to 3.0.2 and versions 2.3.x prior to 2.3.3 and older versions, an application is vulnerable to insertion of sensitive information into a log file when it. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Java Information Disclosure Hashicorp Spring Cloud Config Spring Cloud Vault +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1249 MEDIUM This Month

A use-after-free flaw was found in the Linux kernel’s core dump subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-20056 MEDIUM This Month

A vulnerability in the management CLI of Cisco access point (AP) software could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Denial Of Service Command Injection Wireless Lan Controller Software Aironet Access Point Software +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23707 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Unrestricted Upload of File with Dangerous Type vulnerability in Awsm Innovations Embed Any Document - Embed PDF,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Embed Any Document
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23728 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Flipclock
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22702 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple XSS Google Wpmobile App
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23864 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS Very Simple Google Maps
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23650 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Code Snippets Extension
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22712 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Templatesnext Toolkit
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28470 MEDIUM This Month

In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Couchbase Server
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-26361 MEDIUM PATCH This Month

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Adobe Coldfusion
NVD
CVSS 3.1
4.9
EPSS
62.3%
CVE-2023-26008 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Top 10 Popular Posts
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25992 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cm Answers
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25456 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Klaviyo
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23722 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Ebay Product Feeds
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22716 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Oopspam Anti Spam
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22715 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Commentnavi
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28422 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0590 MEDIUM This Month

A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. Rated medium severity (CVSS 4.7). No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-28336 MEDIUM PATCH This Month

Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-28334 MEDIUM PATCH This Month

Authenticated users were able to enumerate other users' names via the learning plans page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-1402 MEDIUM PATCH This Month

The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Moodle
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy