Skip to main content
CVE-2023-2336 MEDIUM POC PATCH This Month

Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Pimcore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-25292 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Group Office
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-29489 MEDIUM POC THREAT This Month

An issue was discovered in cPanel before 11.109.9999.116. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cpanel
NVD
CVSS 3.1
6.1
EPSS
65.5%
CVE-2023-2341 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-31290 MEDIUM POC PATCH This Month

Trust Wallet Core before 3.1.1, as used in the Trust Wallet browser extension before 0.0.183, allows theft of funds because the entropy is 32 bits, as exploited in the wild in December 2022 and March. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Trust Wallet Browser Extension Trust Wallet Core
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-29950 MEDIUM POC This Month

swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2350 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Service Provider Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2349 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Service Provider Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30338 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Emlog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2343 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2342 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2340 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2339 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2328 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2327 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2323 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2322 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30444 MEDIUM PATCH This Month

IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Watson Machine Learning On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28286 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24966 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31285 MEDIUM PATCH This Month

An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Serene Startsharp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-28261 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Microsoft Edge Chromium
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-29471 MEDIUM PATCH This Month

Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Alpakka Kafka
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27860 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Maximo Asset Management
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-31286 MEDIUM PATCH This Month

An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Serene Startsharp
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-30852 MEDIUM PATCH This Month

Pimcore is an open source data and experience management platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Pimcore
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-22901 MEDIUM This Month

ChangingTec MOTP system has a path traversal vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mobile One Time Password
NVD
CVSS 3.1
4.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy