Skip to main content
CVE-2023-28313 MEDIUM PATCH This Month

Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Send Customer Voice Survey From Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-24935 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Google Microsoft Open Redirect Edge Chromium
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-27499 MEDIUM This Month

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28341 MEDIUM PATCH This Month

Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zoho Manageengine Applications Manager
NVD
CVSS 3.1
6.1
EPSS
98.8%
CVE-2023-28828 MEDIUM This Month

A vulnerability has been identified in Polarion ALM (All versions < V22R2). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Polarion Alm
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-28368 MEDIUM This Month

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link T2600G 28Sq Firmware
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-26554 MEDIUM This Month

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
5.6
EPSS
0.6%
CVE-2023-26553 MEDIUM This Month

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
5.6
EPSS
0.7%
CVE-2023-26552 MEDIUM This Month

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
5.6
EPSS
0.6%
CVE-2023-26551 MEDIUM This Month

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
5.6
EPSS
0.7%
CVE-2023-28299 MEDIUM PATCH This Month

Visual Studio Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-28298 MEDIUM PATCH This Month

Windows Kernel Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 1607 Windows 10 1809 Windows 10 20H2 +9
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-28271 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-28266 MEDIUM PATCH This Month

Windows Common Log File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
4.4%
CVE-2023-28263 MEDIUM PATCH This Month

Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-28253 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-28228 MEDIUM PATCH This Month

Windows Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-25955 MEDIUM This Month

National land numerical information data conversion tool all versions improperly restricts XML external entity references (XXE). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE National Land Numerical Information Data Conversion Tool
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28309 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-26260 MEDIUM This Month

OXID eShop 6.2.x before 6.4.4 and 6.5.x before 6.5.2 allows session hijacking, leading to partial access of a customer's account by an attacker, due to an improper check of the user agent. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Oxid Eshop
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22641 MEDIUM This Month

A url redirection to untrusted site ('open redirect') in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.9, FortiOS versions 6.4.0 through 6.4.12, FortiOS all versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Open Redirect Fortiproxy Fortios
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-26847 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the state parameter at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Opencats
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26846 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in OpenCATS v0.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the city parameter at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Opencats
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-24464 MEDIUM PATCH This Month

Stored-cross-site scripting vulnerability in Buffalo network devices allows an attacker with access to the web management console of the product to execute arbitrary JavaScript on a legitimate user's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Bs Gs2008 Firmware Bs Gs2016 Firmware Bs Gs2024 Firmware Bs Gs2048 Firmware +3
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29189 MEDIUM This Month

SAP CRM (WebClient UI) - versions S4FND 102, 103, 104, 105, 106, 107, WEBCUIF, 700, 701, 731, 730, 746, 747, 748, 800, 801, allows an authenticated attacker to modify HTTP verbs used in requests to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Customer Relationship Management S4Fnd Customer Relationship Management Webclient Ui
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29112 MEDIUM This Month

The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized attacker to input links or headings with custom CSS classes into a comment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Application Interface
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-29110 MEDIUM This Month

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows the usage HTML tags. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Abap Platform Application Interface Framework Basis +1
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28226 MEDIUM PATCH This Month

Windows Enroll Engine Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Jwt Attack Microsoft Windows 10 1507 Windows 10 1607 +6
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-21729 MEDIUM PATCH This Month

Remote Procedure Call Runtime Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1607 Windows 10 1809 Windows 10 20H2 +9
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-30465 MEDIUM PATCH This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.5.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization SQLi Inlong
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-27464 MEDIUM This Month

A vulnerability has been identified in Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.1), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.1), Mendix Forgot. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Forgot Password
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-29108 MEDIUM This Month

The IP filter in ABAP Platform and SAP Web Dispatcher - versions WEBDISP 7.85, 7.89, KERNEL 7.85, 7.89, 7.91, may be vulnerable by erroneous IP netmask handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Abap Platform Kernel Web Dispatcher
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-24527 MEDIUM This Month

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver As Java For Deploy Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-28277 MEDIUM PATCH This Month

Windows DNS Server Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows Server 2022
NVD
CVSS 3.1
4.9
EPSS
1.4%
CVE-2023-23572 MEDIUM This Month

Cross-site scripting vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote authenticated attacker with an administrative privilege to inject an arbitrary script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Lp 9200Ps2 Firmware Lp 9200Ps3 Firmware Lp 8200C Firmware Lp 9600 Firmware +46
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-29109 MEDIUM This Month

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756, SAP_ABA 75C, 75D, 75E, application allows an Excel formula injection. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Code Injection Abap Platform Application Interface Framework Basis +1
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-28276 MEDIUM PATCH This Month

Windows Group Policy Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2023-28284 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-1939 MEDIUM This Month

No access control for the OTP key on OTP entries in Devolutions Remote Desktop Manager Windows 2022.3.33.0 and prior versions and Remote Desktop Manager Linux 2022.3.2.0 and prior versions allows non. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Remote Desktop Manager
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-26845 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) in OpenCATS 0.9.7 allows attackers to force users into submitting web requests via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Opencats
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-23575 MEDIUM This Month

Improper access control vulnerability in CONPROSYS IoT Gateway products allows a remote authenticated attacker to bypass access restriction and access Network Maintenance page, which may result in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cps Mg341 Adsc1 111 Firmware Cps Mg341 Adsc1 931 Firmware Cps Mg341G Adsc1 111 Firmware Cps Mg341G Adsc1 930 Firmware +15
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-29111 MEDIUM This Month

The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Application Interface Framework
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-1903 MEDIUM This Month

SAP HCM Fiori App My Forms (Fiori 2.0) - version 605, does not perform necessary authorization checks for an authenticated user exposing the restricted header data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Hcm Fiori App My Forms
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-28301 LOW PATCH Monitor

Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
3.7
EPSS
0.9%
CVE-2023-22808 LOW Monitor

An issue was discovered in the Arm Android Gralloc Module. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Avalon Android Gralloc Module Bifrost Android Gralloc Module +1
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy