Skip to main content
CVE-2023-24512 MEDIUM POC This Month

On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Eos Ceos Lab Cloudeos Veos Lab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-26841 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to change any user's password except for the user that is currently logged in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Churchcrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-25346 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter of /churchcrm/v2/family/not-found. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-30402 MEDIUM POC This Month

YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30417 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pear Admin Boot
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26843 MEDIUM POC This Month

A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the NoteEditor.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2023-25347 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26840 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to set a person to a user and set that user to be an Administrator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

CSRF Churchcrm
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-2293 MEDIUM POC This Month

A vulnerability was found in SourceCodester Purchase Order Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Purchase Order Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-26839 MEDIUM POC This Month

A cross-site request forgery (CSRF) vulnerability in ChurchCRM v4.5.3 allows attackers to edit information for existing people on the site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Churchcrm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-23839 MEDIUM This Month

The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Solarwinds Platform
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-2282 MEDIUM This Month

Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-30545 MEDIUM PATCH This Month

PrestaShop is an Open Source e-commerce web application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Prestashop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-29200 MEDIUM PATCH This Month

Contao is an open source content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Contao
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-23838 MEDIUM This Month

Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Database Performance Analyzer
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-26058 MEDIUM This Month

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Nokia CSRF Netact
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-26057 MEDIUM This Month

An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Nokia CSRF Netact
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-30177 MEDIUM PATCH This Month

CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Craft Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25314 MEDIUM PATCH This Month

Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20870 MEDIUM This Month

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure VMware Fusion Workstation
NVD
CVSS 3.1
6.0
EPSS
0.4%
CVE-2023-28084 MEDIUM This Month

HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview Oneview Global Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28090 MEDIUM This Month

An HPE OneView appliance dump may expose SNMPv3 read credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28087 MEDIUM This Month

An HPE OneView appliance dump may expose OneView user accounts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28086 MEDIUM This Month

An HPE OneView appliance dump may expose proxy credential settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31223 MEDIUM This Month

Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dradis
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-23889 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quick Paypal Payments
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23866 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Interactive Geo Maps
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27619 MEDIUM This Month

Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes Regina Lite theme <= 2.0.7 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Regina Lite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22665 MEDIUM PATCH This Month

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Jena
NVD
CVSS 3.1
5.4
EPSS
1.3%
CVE-2023-25461 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Insert
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24005 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Inline Tweet Sharer
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23995 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tinymce Custom Styles
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23710 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google XSS WordPress Wordpress Social Login And Register Discord Google Twitter Linkedin
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25793 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Link Juice Keeper
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25485 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Json Content Importer
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25484 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Yearly Archive
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25710 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Click To Call Or Chat Buttons
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25490 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archivist Custom Archive Templates
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25479 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Podlove Subscribe Button
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30609 MEDIUM PATCH This Month

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Matrix React Sdk
NVD GitHub
CVSS 3.1
4.7
EPSS
0.6%
CVE-2023-2269 MEDIUM This Month

A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Fedora Debian Linux +5
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-2281 MEDIUM This Month

When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy