Skip to main content
CVE-2023-28263 MEDIUM PATCH This Month

Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-28253 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-28228 MEDIUM PATCH This Month

Windows Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-25955 MEDIUM This Month

National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE National Land Numerical Information Data Conversion Tool
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28309 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-26260 MEDIUM This Month

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Oxid Eshop
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22641 MEDIUM This Month

A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Open Redirect Fortiproxy Fortios
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-26847 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Opencats
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26846 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Opencats
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-24464 MEDIUM PATCH This Month

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bs Gs2008 Firmware Bs Gs2016 Firmware Bs Gs2024 Firmware Bs Gs2048 Firmware +3
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29189 MEDIUM This Month

SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Customer Relationship Management S4Fnd Customer Relationship Management Webclient Ui
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29112 MEDIUM This Month

The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Application Interface
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-29110 MEDIUM This Month

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Abap Platform Application Interface Framework Basis +1
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28226 MEDIUM PATCH This Month

Windows Enroll Engine Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Microsoft Windows 10 1507 Windows 10 1607 +6
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-21729 MEDIUM PATCH This Month

Remote Procedure Call Runtime Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 20H2 +9
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-30465 MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization SQLi Inlong
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-27464 MEDIUM This Month

A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Forgot Password
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-29108 MEDIUM This Month

The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Kernel Web Dispatcher
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-24527 MEDIUM This Month

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver As Java For Deploy Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-28277 MEDIUM PATCH This Month

Windows DNS Server Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows Server 2022
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2023-23572 MEDIUM This Month

Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Lp 9200Ps2 Firmware Lp 9200Ps3 Firmware Lp 8200C Firmware Lp 9600 Firmware +46
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-29109 MEDIUM This Month

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Code Injection Abap Platform Application Interface Framework Basis +1
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-28276 MEDIUM PATCH This Month

Windows Group Policy Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2023-28284 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-1939 MEDIUM This Month

No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Remote Desktop Manager
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-26845 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Opencats
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-23575 MEDIUM This Month

Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cps Mg341 Adsc1 111 Firmware Cps Mg341 Adsc1 931 Firmware Cps Mg341G Adsc1 111 Firmware Cps Mg341G Adsc1 930 Firmware +15
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-29111 MEDIUM This Month

The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Application Interface Framework
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-1903 MEDIUM This Month

SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Hcm Fiori App My Forms
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy