Skip to main content
CVE-2022-45836 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Download Manager
NVD
CVSS 3.1
6.3
EPSS
7.2%
CVE-2023-29854 MEDIUM POC This Month

DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the foreground. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dircms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2153 MEDIUM POC This Month

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27092 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jbootfly
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2155 MEDIUM POC This Month

A vulnerability was found in SourceCodester Air Cargo Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Air Cargo Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-21934 MEDIUM This Month

Vulnerability in the Java VM component of Oracle Database Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Java Oracle Authentication Bypass Database
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-21922 MEDIUM PATCH This Month

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Health Sciences Inform
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-21918 MEDIUM PATCH This Month

Vulnerability in the Oracle Database Recovery Manager component of Oracle Database Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Database Recovery Manager
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2023-21969 MEDIUM This Month

Vulnerability in Oracle SQL Developer (component: Installation). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Sql Developer
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28856 MEDIUM PATCH This Month

Redis is an open source, in-memory database that persists on disk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Redis Debian Linux Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-25548 MEDIUM This Month

A CWE-863: Incorrect Authorization vulnerability exists that could allow access to device credentials on specific DCE endpoints not being properly secured when a hacker is using a low privileged. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Struxureware Data Center Expert
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-21993 MEDIUM This Month

Vulnerability in the Oracle Clinical Remote Data Capture product of Oracle Health Sciences Applications (component: Forms). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Clinical Remote Data Capture
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-21984 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Libraries). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Solaris
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-21978 MEDIUM This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: GUI). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Application Object Library
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-21946 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-21910 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web General). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-21909 MEDIUM PATCH This Month

Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: UI Framework). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Siebel Crm
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2120 MEDIUM This Month

The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Thumbnail Carousel Slider
NVD VulDB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-2119 MEDIUM This Month

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.19 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Responsive Filterable Portfolio
NVD VulDB
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-29002 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Cilium
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-28141 MEDIUM This Month

An NTFS Junction condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.8.0.31. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Microsoft Cloud Agent
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-29196 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-25553 MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE endpoint through the logging capabilities of the webserver. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Struxureware Data Center Expert
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25551 MEDIUM This Month

A CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists on a DCE file upload endpoint when tampering with parameters over HTTP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload XSS Struxureware Data Center Expert
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-21956 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-21906 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: SMS Module). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Virtual Account Management
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-21905 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: Routing Hub). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Virtual Account Management
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-22002 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Vm Virtualbox
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2023-21989 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Vm Virtualbox
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2023-21908 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Oracle Authentication Bypass Banking Virtual Account Management
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2023-21907 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn Journal Domain). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Oracle Authentication Bypass Banking Virtual Account Management
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2023-21967 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Denial Of Service Graalvm Jdk +8
NVD
CVSS 3.1
5.9
EPSS
1.5%
CVE-2023-21954 MEDIUM This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
5.9
EPSS
1.4%
CVE-2023-21924 MEDIUM PATCH This Month

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Health Sciences Inform
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-21986 MEDIUM This Month

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Native Image). Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java Oracle Denial Of Service Graalvm
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-21970 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Security). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-21965 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-21952 MEDIUM This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-21960 MEDIUM This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Denial Of Service Weblogic Server
NVD
CVSS 3.1
5.6
EPSS
0.4%
CVE-2023-21929 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2023-21926 MEDIUM PATCH This Month

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Health Sciences Inform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22307 MEDIUM This Month

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.4 allows local attacker to retrieve passwords via reading log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Checkmk Appliance Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1548 MEDIUM This Month

A CWE-269: Improper Privilege Management vulnerability exists that could cause a local user to perform a denial of service through the console server service that is part of EcoStruxure Control. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Denial Of Service Ecostruxure Control Expert
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30538 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-21992 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Administer Workforce). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Peoplesoft Enterprise Human Capital Management Human Resources
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-21973 MEDIUM This Month

Vulnerability in the Oracle iProcurement product of Oracle E-Business Suite (component: E-Content Manager Catalog). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Iprocurement
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-21936 MEDIUM This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-21921 MEDIUM PATCH This Month

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Health Sciences Inform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29774 MEDIUM This Month

Dreamer CMS 3.0.1 is vulnerable to stored Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dreamer Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2022-45839 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wha Puzzle
NVD
CVSS 3.1
5.3
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy