Skip to main content
CVE-2023-1743 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Grade Point Average GPA Calculator 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Grade Point Average Gpa Calculator
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26692 MEDIUM POC This Month

ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zbbs Zcbs Zpbs
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.7%
CVE-2023-27537 MEDIUM POC This Month

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libcurl Active Iq Unified Manager Clustered Data Ontap Brocade Fabric Operating System Firmware +5
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2023-27536 MEDIUM POC This Month

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +6
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2023-27535 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +6
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2023-27538 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +7
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-1746 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dreamer Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26118 MEDIUM POC This Month

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Angularjs Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2023-26117 MEDIUM POC This Month

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Angularjs Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2023-26116 MEDIUM POC This Month

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Angularjs Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2023-28647 MEDIUM PATCH This Month

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Apple Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-0620 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft SQLi Hashicorp Vault
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-0665 MEDIUM PATCH This Month

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1013 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Virames Vira-Investing allows Cross-Site Scripting (XSS).0.84.86. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vira Investing
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-28733 MEDIUM This Month

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Acymailing
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23677 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Gtmetrix
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25040 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Shortcodes Ultimate
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-24399 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ocean Extra
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23681 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Image Hover Effects For Wpbakery Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23670 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Fancy Comments
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23675 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Smart Preloader
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25000 MEDIUM PATCH This Month

HashiCorp Vault's implementation of Shamir's secret sharing used precomputed table lookups, and was vulnerable to cache-timing attacks. Rated medium severity (CVSS 4.7).

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
4.7
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy