Skip to main content
CVE-2023-27008 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Atutor
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-27247 MEDIUM POC This Month

Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions by disabling process privilege tokens. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Client Agent
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-25721 MEDIUM PATCH This Month

Veracode Scan Jenkins Plugin before 23.3.19.0, when the "Connect using proxy" option is enabled and configured with proxy credentials and when the Jenkins global system setting debug is enabled and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Veracode
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0775 MEDIUM This Month

An invalid ‘prepare write request’ command can cause the Bluetooth LE stack to run out of memory and fail to be able to handle subsequent connection requests, resulting in a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-25197 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation apache fineract. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Fineract
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2023-28648 MEDIUM This Month

Osprey Pump Controller version 1.01 inputs passed to a GET parameter are not properly sanitized before being returned to the user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Osprey Pump Controller Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-28447 MEDIUM PATCH This Month

Smarty is a template engine for PHP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Authentication Bypass Smarty Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-1677 MEDIUM This Month

A vulnerability was found in DriverGenius 9.70.0.346. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Drivergenius
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26356 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26355 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26354 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26353 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-26352 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26351 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26350 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26349 MEDIUM This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Adobe Denial Of Service Memory Corruption Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-26348 MEDIUM This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26346 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26345 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26344 MEDIUM This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe Information Disclosure Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26343 MEDIUM This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26342 MEDIUM This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26341 MEDIUM This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26340 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26339 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26338 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25722 MEDIUM PATCH This Month

A credential-leak issue was discovered in related Veracode products before 2023-03-27. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Java Information Disclosure Microsoft Veracode
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0466 MEDIUM PATCH This Month

The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2023-0465 MEDIUM PATCH This Month

Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2023-25704 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Interactive Svg Image Map Builder
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-20903 MEDIUM This Month

This disclosure regards a vulnerability related to UAA refresh tokens and external identity providers.Assuming that an external identity provider is linked to the UAA, a refresh token is issued to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure User Account And Authentication
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-25196 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache Fineract. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SQLi Fineract
NVD
CVSS 3.1
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy