Skip to main content
CVE-2023-28841 MEDIUM POC PATCH This Month

Moby is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Linux Docker Moby
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2023-28853 MEDIUM POC PATCH This Month

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Code Injection LDAP Mastodon
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-27492 MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28997 MEDIUM POC PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-28999 MEDIUM POC PATCH This Month

Nextcloud is an open-source productivity platform. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Apple Google Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.4
EPSS
0.7%
CVE-2023-0738 MEDIUM POC This Month

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Orangescrum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0486 MEDIUM POC This Month

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vitalpbx
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0357 MEDIUM POC This Month

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Helpy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-0325 MEDIUM POC This Month

Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Community Skeleton
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28998 MEDIUM POC PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-26974 MEDIUM POC This Month

Irfanview v4.62 allows a user-mode write access violation via a crafted JPEG 2000 file starting at JPEG2000+0x0000000000001bf0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Irfanview
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-28842 MEDIUM PATCH This Month

Moby) is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Linux Docker Moby
NVD GitHub
CVSS 3.1
6.8
EPSS
1.4%
CVE-2023-1823 MEDIUM This Month

Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1822 MEDIUM This Month

Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1821 MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-1819 MEDIUM This Month

Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1817 MEDIUM This Month

Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-1816 MEDIUM This Month

Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-1814 MEDIUM This Month

Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1813 MEDIUM This Month

Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1749 MEDIUM This Month

The listed versions of Nexx Smart Home devices lack proper access control when executing actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-29000 MEDIUM PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-25942 MEDIUM PATCH This Month

Dell PowerScale OneFS versions 8.2.x-9.4.x contain an uncontrolled resource consumption vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Dell Emc Powerscale Onefs
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-26777 MEDIUM This Month

Cross Site Scripting vulnerability found in : louislam Uptime Kuma v.1.19.6 and before allows a remote attacker to execute arbitrary commands via the description, title, footer, and incident creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Uptime Kuma
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-26776 MEDIUM This Month

Cross Site Scripting vulnerability found in Monitorr v.1.7.6 allows a remote attacker to execute arbitrary code via the title parameter of the post_receiver-services.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS Monitorr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-27734 MEDIUM PATCH This Month

An issue found in Eteran edb-debugger v.1.3.0 allows a local attacker to causea denial of service via the collect_symbols function in plugins/BinaryInfo/symbols.cpp. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Edb Debugger
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28848 MEDIUM PATCH This Month

user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Nextcloud User Oidc
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23977 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Social Comments
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23878 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS WordPress Wp Maps
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23686 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Staff List
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23685 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Portfolio
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1751 MEDIUM This Month

The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-26437 MEDIUM This Month

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.6.5, through 4.7.4 , through 4.8.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recursor
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1768 MEDIUM PATCH This Month

Inappropriate error handling in Tribe29 Checkmk <= 2.1.0p25, <= 2.0.0p34, <= 2.2.0b3 (beta), and all versions of Checkmk 1.6.0 causes the symmetric encryption of agent data to fail silently and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Checkmk
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-23870 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Responsive Vertical Icon Menu
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23821 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Interactive Polish Map
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1840 MEDIUM This Month

The Sp*tify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.07 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

WordPress XSS Spotify Play Button For Wordpress
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-1752 MEDIUM This Month

The listed versions of Nexx Smart Home devices could allow any user to register an already registered alarm or associated device with only the device’s MAC address. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nxal 100 Firmware Nxg 100B Firmware Nxpg 100W Firmware Nxg 200 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy