Skip to main content
CVE-2023-2050 MEDIUM POC This Month

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-2074 MEDIUM POC This Month

A SQL injection vulnerability exists in Campcodes Online Traffic Offense Management System version 1.0 within the /classes/Master.php file, where the 'id' parameter is not properly sanitized, allowing authenticated attackers to execute arbitrary SQL queries remotely. An attacker with valid credentials can leverage this vulnerability to read, modify, or delete database contents, potentially compromising sensitive traffic offense records. Public proof-of-concept code is available, increasing real-world exploitation risk.

SQLi PHP Online Traffic Offense Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2051 MEDIUM POC This Month

A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2052 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2075 MEDIUM POC This Month

A SQL injection vulnerability exists in Campcodes Online Traffic Offense Management System version 1.0, specifically in the /admin/offenses/view_details.php file where the 'id' parameter is improperly sanitized. An authenticated attacker with low privileges can exploit this remotely without user interaction to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. A public proof-of-concept has been disclosed, though the EPSS score of 0.07% (20th percentile) suggests real-world exploitation remains relatively unlikely despite the theoretical severity.

SQLi PHP Online Traffic Offense Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2054 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2053 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2049 MEDIUM POC This Month

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2048 MEDIUM POC This Month

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2047 MEDIUM POC This Month

A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2058 MEDIUM POC This Month

A vulnerability was found in EyouCms up to 1.6.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2057 MEDIUM POC This Month

A vulnerability was found in EyouCms 1.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-26123 MEDIUM POC PATCH This Month

Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) such that the SetClipboardText API does not properly escape the ' character, allowing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Raylib
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29623 MEDIUM POC This Month

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Purchase Order Management
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-29569 MEDIUM POC This Month

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29847 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aerocms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2059 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7.87. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
2.4%
CVE-2023-2042 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in DataGear up to 4.7.0/5.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Datagear
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2023-22949 MEDIUM POC This Month

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Tigergraph Enterprise
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-27666 MEDIUM This Month

Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Auto Dealer Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2044 MEDIUM This Month

A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Control Id Idsecure
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25597 MEDIUM This Month

A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Micollab
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-1285 MEDIUM This Month

Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Gc Enet Com Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-24934 MEDIUM PATCH This Month

Microsoft Defender Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Microsoft Authentication Bypass Malware Protection Platform
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-28091 MEDIUM This Month

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28085 MEDIUM This Month

An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview Global Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27890 MEDIUM This Month

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Export User
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-29529 MEDIUM PATCH This Month

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Javascript Sdk
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-26559 MEDIUM This Month

A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Oxygen Content Fusion Oxygen Xml Web Author
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-29132 MEDIUM This Month

Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Irssi
NVD
CVSS 3.1
5.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy