Skip to main content
CVE-2023-30408 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30406 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29570 MEDIUM POC This Month

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29583 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29582 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29579 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30627 MEDIUM POC PATCH This Month

jellyfin-web is the web client for Jellyfin, a free-software media system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Jellyfin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2023-1126 MEDIUM POC This Month

The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Fevents Book
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0424 MEDIUM POC This Month

The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ms Reviews
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0418 MEDIUM POC This Month

The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Central
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0276 MEDIUM POC This Month

The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Weaver Xtreme Theme Support
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-30458 MEDIUM POC This Month

A username enumeration issue was discovered in Medicine Tracker System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Medicine Tracker System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-31045 MEDIUM POC PATCH This Month

A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Backdrop Cms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-0420 MEDIUM POC This Month

The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Custom Post Type And Taxonomy Gui Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-27991 HIGH This Week

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +16
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-26060 HIGH This Week

An issue was discovered in Nokia NetAct before 22 FP2211. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Nokia CSRF Netact
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-30622 HIGH PATCH This Week

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Clusternet
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-29848 MEDIUM POC This Month

Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bang Resto
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.9%
CVE-2023-1414 MEDIUM POC This Month

The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Vr
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-22916 HIGH This Week

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +15
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-22913 HIGH This Week

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-2007 HIGH PATCH This Week

The specific flaw exists within the DPT I2O Controller driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Kernel Debian Linux H300s Firmware H500s Firmware +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-2257 HIGH This Week

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Authentication Bypass Workspace
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30533 HIGH This Week

SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Sheetjs
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-22917 HIGH This Week

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +15
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22915 HIGH This Week

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +9
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-24822 HIGH PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24821 HIGH PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-29480 HIGH This Week

Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rnp
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-24820 HIGH PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22577 HIGH This Week

Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure White Rabbit Switch Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22914 HIGH This Week

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +8
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-1731 HIGH This Week

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Lantime Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-26099 HIGH This Week

An issue was discovered in Telindus Apsal 3.14.2022.235 b. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apsal
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-2006 HIGH PATCH This Week

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. Rated high severity (CVSS 7.0).

Race Condition RCE Linux Linux Kernel Hci Baseboard Management Controller
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-2250 MEDIUM PATCH This Month

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Kubernetes Open Cluster Management
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-29469 MEDIUM This Month

An issue was discovered in libxml2 before 2.10.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libxml2 Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-29530 MEDIUM PATCH This Month

Laminas Diactoros provides PSR HTTP Message implementations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Laminas Diactoros Psr 7 Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-22918 MEDIUM PATCH This Month

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +48
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30776 MEDIUM PATCH This Month

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API.3.0 up to 2.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2023-31056 MEDIUM This Month

CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloverdx
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-45084 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Loginizer
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-26097 MEDIUM This Month

An issue was discovered in Telindus Apsal 3.14.2022.235 b. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apsal
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31085 MEDIUM This Month

An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31084 MEDIUM This Month

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Fedora Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31082 MEDIUM This Month

An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31081 MEDIUM This Month

An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-26059 MEDIUM This Month

An issue was discovered in Nokia NetAct before 22 SP1037. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia XSS Netact
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26061 MEDIUM This Month

An issue was discovered in Nokia NetAct before 22 FP2211. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia XSS CSRF Netact
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23892 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS M Chart
NVD
CVSS 3.1
5.4
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy