Skip to main content
CVE-2023-2393 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2392 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2391 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic.cgi?page=time_zone.htm of the component Web Management Interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-29057 HIGH This Week

A valid XCC user's local account permissions overrides their active directory permissions under specific configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2390 MEDIUM POC This Month

A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-2389 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-2388 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2387 MEDIUM POC This Month

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2386 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2385 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2384 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2383 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-2382 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2381 MEDIUM POC This Month

A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-1477 HIGH This Week

Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.10.2, before 8.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Keycloak Authenticator
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-2372 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Dj Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-25496 HIGH This Week

A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Lenovo Authentication Bypass Drivers Management
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31436 HIGH PATCH This Week

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-31444 HIGH This Week

In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Studio
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26022 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26021 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1968 HIGH This Week

Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iscan Firmware Iseq 100 Firmware Miniseq Firmware Miseq Firmware +7
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-30455 HIGH This Week

An issue was discovered in ebankIT before 7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ebankit
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27555 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2360 HIGH This Week

Sensitive information disclosure due to CORS misconfiguration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cors Misconfiguration Information Disclosure Cyber Infrastructure
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28882 HIGH This Week

Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Modsecurity
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27557 HIGH This Week

IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Safer Payments
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-27556 HIGH This Week

IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Safer Payments
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-29058 MEDIUM This Month

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-30853 MEDIUM This Month

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Build Action
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-30454 MEDIUM This Month

An issue was discovered in ebankIT before 7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ebankit
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28475 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29056 MEDIUM This Month

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-25930 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-27864 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28820 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28819 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28477 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28476 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28474 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28471 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28821 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concrete Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-28472 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concrete Cms
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-25495 MEDIUM This Month

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-1526 MEDIUM This Month

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Designjet Z6 Firmware Designjet Z6Dr Firmware Designjet Z9 Firmware Designjet Z9Dr Firmware +6
NVD
CVSS 3.1
4.6
EPSS
1.2%
CVE-2023-29334 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Google Authentication Bypass Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2023-30857 LOW PATCH Monitor

@aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure Prototype Pollution Ion
NVD GitHub
CVSS 3.1
3.7
EPSS
0.5%
CVE-2023-28473 LOW PATCH Monitor

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to possible Auth bypass in the jobs section. Rated low severity (CVSS 3.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Concrete Cms
NVD
CVSS 3.1
3.3
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy