Skip to main content
CVE-2023-28458 MEDIUM POC PATCH This Month

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Pretalx
NVD GitHub
CVSS 3.1
4.3
EPSS
3.4%
CVE-2023-28459 MEDIUM POC PATCH This Month

pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Pretalx
NVD GitHub
CVSS 3.1
6.5
EPSS
6.6%
CVE-2023-27652 MEDIUM POC This Month

An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges cause a denial of service via the update_info field of the _default_.xml file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Super Clean
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27090 MEDIUM POC This Month

Cross Site Scripting vulnerability found in TeaCMS storage allows attacker to cause a leak of sensitive information via the article title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teacms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1767 MEDIUM POC This Month

The Snyk Advisor website (https://snyk.io/advisor/) was vulnerable to a stored XSS prior to 28th March 2023. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Node.js XSS Advisor
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2191 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository azuracast/azuracast prior to 0.18. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Azuracast
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2194 MEDIUM PATCH This Month

An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow RCE Linux Linux Kernel +2
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-27354 MEDIUM This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE One Firmware S1 S2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-27353 MEDIUM This Month

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure One Firmware S1 +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-30616 MEDIUM PATCH This Month

Form block is a wordpress plugin designed to make form creation easier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Form Block
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-27495 MEDIUM PATCH This Month

@fastify/csrf-protection is a plugin which helps protect Fastify servers against CSRF attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Csrf Protection
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22309 MEDIUM This Month

Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Checkmk Appliance Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1255 MEDIUM PATCH This Month

Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure OpenSSL
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-2177 MEDIUM PATCH This Month

A null pointer dereference issue was found in the sctp network protocol in net/sctp/stream_sched.c in Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22846 MEDIUM This Month

Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Crosscadware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22354 MEDIUM This Month

Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Crosscadware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22321 MEDIUM This Month

Datakit CrossCadWare_x64.dll contains an out-of-bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Crosscadware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22295 MEDIUM This Month

Datakit CrossCadWare_x64.dll contains an out of bounds read past the end of an allocated buffer while parsing a specially crafted SLDPRT file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Crosscadware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-23938 MEDIUM PATCH This Month

Tuleap is a Free & Source tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-25601 MEDIUM PATCH This Month

On version 3.0.0 through 3.1.1, Apache DolphinScheduler's python gateway suffered from improper authentication: an attacker could use a socket bytes attack without authentication. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Python Authentication Bypass Dolphinscheduler
NVD
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy