Skip to main content
CVE-2023-1975 MEDIUM POC PATCH This Month

Insertion of Sensitive Information Into Sent Data in GitHub repository answerdev/answer prior to 1.0.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1974 MEDIUM POC PATCH This Month

Exposure of Sensitive Information Through Metadata in GitHub repository answerdev/answer prior to 1.0.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23277 MEDIUM POC This Month

Snippet-box 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Snippet Box
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-29576 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_TrunAtom::SetDataOffset(int) function in Ap4TrunAtom.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24182 MEDIUM POC PATCH This Month

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /system/sshkeys.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openwrt
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25415 MEDIUM POC This Month

Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pe8108 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-25414 MEDIUM POC This Month

Aten PE8108 2.4.232 is vulnerable to denial of service (DOS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pe8108 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-1988 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-25411 MEDIUM POC This Month

Aten PE8108 2.4.232 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Pe8108 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-28270 MEDIUM PATCH This Month

Windows Lock Screen Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows 10 1809 Windows 10 20H2 Windows 10 21h2 +5
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-28269 MEDIUM PATCH This Month

Windows Boot Manager Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-28249 MEDIUM PATCH This Month

Windows Boot Manager Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-28235 MEDIUM PATCH This Month

Windows Lock Screen Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1809 Windows 10 20H2 Windows 10 21h2 +2
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-29187 MEDIUM This Month

A Windows user with basic user authorization can exploit a DLL hijacking attack in SapSetup (Software Installation Program) - version 9.0, resulting in a privilege escalation running code as. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Microsoft Sapsetup
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28308 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28307 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28306 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28305 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28278 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-28256 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2023-28255 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2023-28223 MEDIUM PATCH This Month

Windows Domain Name Service Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +3
NVD
CVSS 3.1
6.6
EPSS
1.1%
CVE-2023-28312 MEDIUM PATCH This Month

Azure Machine Learning Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Authentication Bypass Azure Machine Learning
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-28267 MEDIUM PATCH This Month

Remote Desktop Protocol Client Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Remote Desktop Client Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2023-24883 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-1980 MEDIUM This Month

Two factor authentication bypass on login in Devolutions Remote Desktop Manager 2022.3.35 and earlier allow user to cancel the two factor authentication via the application user interface and open. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-27520 MEDIUM This Month

Cross-site request forgery (CSRF) vulnerability in SEIKO EPSON printers/network interface Web Config allows a remote unauthenticated attacker to hijack the authentication and perform unintended. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lp 9200Ps2 Firmware Lp 9200Ps3 Firmware Lp 8200C Firmware Lp 9600 Firmware +116
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-29186 MEDIUM This Month

In SAP NetWeaver (BI CONT ADDON) - versions 707, 737, 747, 757, an attacker can exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver
NVD
CVSS 3.1
6.5
EPSS
23.0%
CVE-2023-29185 MEDIUM This Month

SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver As Abap Business Server Pages
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28763 MEDIUM This Month

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Denial Of Service Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28761 MEDIUM This Month

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Enterprise Portal
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28340 MEDIUM PATCH This Month

Zoho ManageEngine Applications Manager through 16320 allows the admin user to conduct an XXE attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Zoho Manageengine Applications Manager
NVD
CVSS 3.1
6.5
EPSS
3.2%
CVE-2023-26555 MEDIUM This Month

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
6.4
EPSS
0.5%
CVE-2023-23588 MEDIUM This Month

A vulnerability has been identified in SIMATIC IPC1047 (All versions), SIMATIC IPC1047E (All versions with maxView Storage Manager < 4.09.00.25611 on Windows), SIMATIC IPC647D (All versions), SIMATIC. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Microsoft Simatic Ipc647D Firmware Simatic Ipc847D Firmware Simatic Ipc1047 Firmware +1
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-27897 MEDIUM This Month

In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Code Injection Customer Relationship Management
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2023-28314 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28313 MEDIUM PATCH This Month

Microsoft Dynamics 365 Customer Voice Cross-Site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Send Customer Voice Survey From Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-24935 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Google Microsoft Open Redirect Edge Chromium
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-27499 MEDIUM This Month

SAP GUI for HTML - versions KERNEL 7.22, 7.53, 7.54, 7.77, 7.81, 7.85, 7.89, 7.91, KRNL64UC, 7.22, 7.22EXT, KRNL64UC 7.22, 7.22EXT does not sufficiently encode user-controlled inputs, resulting in a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Netweaver Application Server Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28341 MEDIUM PATCH This Month

Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zoho Manageengine Applications Manager
NVD
CVSS 3.1
6.1
EPSS
98.8%
CVE-2023-28828 MEDIUM This Month

A vulnerability has been identified in Polarion ALM (All versions < V22R2). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XXE Polarion Alm
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-28368 MEDIUM This Month

TP-Link L2 switch T2600G-28SQ firmware versions prior to 'T2600G-28SQ(UN)_V1_1.0.6 Build 20230227' uses vulnerable SSH host keys. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure TP-Link T2600G 28Sq Firmware
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-26554 MEDIUM This Month

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a '\0' character. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
5.6
EPSS
0.6%
CVE-2023-26553 MEDIUM This Month

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when copying the trailing number. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
5.6
EPSS
0.7%
CVE-2023-26552 MEDIUM This Month

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write when adding a decimal point. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
5.6
EPSS
0.6%
CVE-2023-26551 MEDIUM This Month

mstolfp in libntp/mstolfp.c in NTP 4.2.8p15 has an out-of-bounds write in the cp<cpdec while loop. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Ntp
NVD GitHub
CVSS 3.1
5.6
EPSS
0.7%
CVE-2023-28299 MEDIUM PATCH This Month

Visual Studio Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Visual Studio 2017 Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-28298 MEDIUM PATCH This Month

Windows Kernel Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 1607 Windows 10 1809 Windows 10 20H2 +9
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-28271 MEDIUM PATCH This Month

Windows Kernel Memory Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-28266 MEDIUM PATCH This Month

Windows Common Log File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
4.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy