Skip to main content
CVE-2023-1860 MEDIUM This Month

A vulnerability was found in Keysight IXIA Hawkeye 3.3.16.28. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hawkeye
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20030 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to access sensitive information, conduct a server-side. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XXE SSRF Identity Services Engine
NVD
CVSS 3.1
6.0
EPSS
0.8%
CVE-2023-1869 MEDIUM This Month

The YourChannel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.5 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Yourchannel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-1871 MEDIUM PATCH This Month

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Yourchannel
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-1867 MEDIUM PATCH This Month

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Yourchannel
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-1866 MEDIUM PATCH This Month

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Yourchannel
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-24747 MEDIUM This Month

Jfinal CMS v5.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/dict/list. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jfinal Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-20096 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to perform a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Unified Contact Center Express
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28849 MEDIUM PATCH This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS SQLi Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-20132 MEDIUM This Month

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack or upload arbitrary files as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Webex Meetings
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-20131 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow a remote attacker to obtain privileged. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS CSRF Prime Infrastructure Evolved Programmable Network Manager
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28633 MEDIUM PATCH This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28069 MEDIUM This Month

Dell Streaming Data Platform prior to 1.4 contains Open Redirect vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Open Redirect Streaming Data Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26536 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Spotify Play Button For Wordpress
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1787 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-1710 MEDIUM This Month

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-1167 MEDIUM This Month

Improper authorization in Gitlab EE affecting all versions from 12.3.0 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1 allows an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-0319 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 13.6 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-1098 MEDIUM This Month

An information disclosure vulnerability has been discovered in GitLab EE/CE affecting all versions starting from 11.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-28852 MEDIUM PATCH This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-28636 MEDIUM PATCH This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Glpi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-1582 MEDIUM This Month

A race problem was found in fs/proc/task_mmu.c in the memory management sub-component in the Linux kernel. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-0450 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 8.1 to 15.8.5, and from 15.9 to 15.9.4, and from 15.10 to 15.10.1. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2023-20123 MEDIUM This Month

A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and Duo Authentication for Windows Logon and RDP could allow an unauthenticated, physical attacker to. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cisco Apple Microsoft Duo +1
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-1870 MEDIUM PATCH This Month

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Yourchannel
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-1417 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-1071 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-0838 LOW Monitor

An issue has been discovered in GitLab affecting versions starting from 15.1 before 15.8.5, 15.9 before 15.9.4, and 15.10 before 15.10.1. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
3.8
EPSS
0.7%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy