Skip to main content
CVE-2023-27043 MEDIUM POC CISA This Month

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Authentication Bypass Fedora Active Iq Unified Manager Ontap Select Deploy Administration Utility
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
Threat
4.6
CVE-2023-30605 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30558 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30557 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30556 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30555 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30554 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30553 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30552 MEDIUM POC This Month

Archery is an open source SQL audit platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Oracle SQLi Archery
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-29520 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-1585 MEDIUM POC This Month

Avast and AVG Antivirus for Windows were susceptible to a Time-of-check/Time-of-use (TOCTOU) vulnerability in the Quarantine process, leading to arbitrary file/directory deletion. Rated medium severity (CVSS 6.3). Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Antivirus Anti Virus
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-1587 MEDIUM POC This Month

Avast and AVG Antivirus for Windows were susceptible to a NULL pointer dereference issue via RPC-interface. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Antivirus Anti Virus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27776 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /index.php?page=category_list of Online Jewelry Shop v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Jewelry Shop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29515 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-29922 MEDIUM POC This Month

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Powerjob
NVD GitHub
CVSS 3.1
5.3
EPSS
3.0%
CVE-2023-29923 MEDIUM POC This Month

PowerJob V4.3.1 is vulnerable to Insecure Permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Powerjob
NVD GitHub
CVSS 3.1
5.3
EPSS
9.5%
CVE-2023-29921 MEDIUM POC This Month

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Powerjob
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-22894 MEDIUM POC PATCH This Month

Strapi through 4.5.5 allows attackers (with access to the admin panel) to discover sensitive user details by exploiting the query filter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
4.9
EPSS
1.7%
CVE-2023-29513 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-21084 MEDIUM This Month

In buildPropFile of filesystem.go, there is a possible insecure hash due to an improperly used crypto. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20941 MEDIUM This Month

In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
6.6
EPSS
0.2%
CVE-2023-25620 MEDIUM This Month

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause denial of service of the controller when a malicious project file is loaded onto the controller. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Modicon M580 Firmware Modicon M340 Firmware Modicon Momentum Unity M1E Processor Firmware Modicon Mc80 Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20862 MEDIUM PATCH This Month

In Spring Security, versions 5.7.x prior to 5.7.8, versions 5.8.x prior to 5.8.3, and versions 6.0.x prior to 6.0.3, the logout support does not properly clean the security context if using. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Security Active Iq Unified Manager
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-30614 MEDIUM PATCH This Month

Pay is a payments engine for Ruby on Rails 6.0 and higher. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pay
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26599 MEDIUM This Month

XSS vulnerability in TripleSign in Tripleplay Platform releases prior to Caveman 3.4.0 allows attackers to inject client-side code to run as an authenticated user via a crafted link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tripleplay
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2170 MEDIUM PATCH This Month

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Taxopress
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2169 MEDIUM PATCH This Month

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Taxopress
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2168 MEDIUM PATCH This Month

The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Suggest Terms Title field in versions up to, and including, 3.6.4 due to insufficient input sanitization and. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Taxopress
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2166 MEDIUM This Month

A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28328 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28327 MEDIUM PATCH This Month

A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2162 MEDIUM PATCH This Month

A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28124 MEDIUM This Month

Improper usage of symmetric encryption in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow users with access to UI Desktop configuration files to decrypt their content.This. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Desktop
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28123 MEDIUM This Month

A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could allow an user to hijack VPN credentials while UID VPN is starting.This vulnerability is fixed in Version. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Desktop
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21091 MEDIUM PATCH This Month

In canDisplayLocalUi of AppLocalePickerActivity.java, there is a possible way to change system app locales due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Denial Of Service Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21087 MEDIUM PATCH This Month

In PreferencesHelper.java, an uncaught exception may cause the device to get stuck in a boot loop. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21082 MEDIUM This Month

In getNumberFromCallIntent of NewOutgoingCallIntentBroadcaster.java, there is a possible way to enumerate other user's contact phone number due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21080 MEDIUM This Month

In register_notification_rsp of btif_rc.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20935 MEDIUM This Month

In deserialize of multiple files, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20909 MEDIUM This Month

In multiple functions of RunningTasks.java, there is a possible privilege escalation due to a missing privilege check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1900 MEDIUM This Month

A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30610 MEDIUM PATCH This Month

aws-sigv4 is a rust library for low level request signing in the aws cloud platform. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aws Sigv4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29586 MEDIUM This Month

Code Sector TeraCopy 3.9.7 does not perform proper access validation on the source folder during a copy operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Teracopy
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27777 MEDIUM This Month

Cross-site scripting (XSS) vulnerability was discovered in Online Jewelry Shop v1.0 that allows attackers to execute arbitrary script via a crafted URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Online Jewelry Shop
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25759 MEDIUM This Month

OS Command Injection in TripleData Reporting Engine in Tripleplay Platform releases prior to Caveman 3.4.0 allows authenticated users to run unprivileged OS level commands via a crafted request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tripleplay
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-30611 MEDIUM PATCH This Month

Discourse-reactions is a plugin that allows user to add their reactions to the post in the Discourse messaging platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Reactions
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-21090 MEDIUM PATCH This Month

In parseUsesPermission of ParsingPackageUtils.java, there is a possible boot loop due to resource exhaustion. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Google Android
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2023-30612 MEDIUM PATCH This Month

Cloud hypervisor is a Virtual Machine Monitor for Cloud workloads. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Cloud Hypervisor
NVD GitHub
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-0317 MEDIUM This Month

Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gatemanager
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-1382 MEDIUM This Month

A data race flaw was found in the Linux kernel, between where con is allocated and con->sock is set. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy