Skip to main content
CVE-2023-30024 MEDIUM POC This Month

The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation A921 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2023-2411 MEDIUM POC This Month

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ac Repair And Services System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2410 MEDIUM POC This Month

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ac Repair And Services System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2409 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ac Repair And Services System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2408 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ac Repair And Services System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-26782 MEDIUM POC This Month

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Denial Of Service Mccms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2380 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Denial Of Service Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-2396 MEDIUM POC This Month

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-2395 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-30125 MEDIUM POC This Month

EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30405 MEDIUM POC THREAT This Month

A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wireless N Repeater Mini Router Firmware
NVD
CVSS 3.1
5.4
EPSS
29.3%
CVE-2023-30123 MEDIUM POC This Month

wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wuzhicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2364 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Resort Reservation System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-2361 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2397 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0.php?f=save_field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Mobile Comparison Website
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2394 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2393 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2392 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2391 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic.cgi?page=time_zone.htm of the component Web Management Interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2390 MEDIUM POC This Month

A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-2389 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-2388 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2387 MEDIUM POC This Month

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2386 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2385 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2384 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2383 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-2382 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2381 MEDIUM POC This Month

A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2372 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Dj Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-29058 MEDIUM This Month

A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-30853 MEDIUM This Month

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Build Action
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-30454 MEDIUM This Month

An issue was discovered in ebankIT before 7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ebankit
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28475 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) versions 8.5.12 and below, and versions 9.0 through 9.1.3 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29056 MEDIUM This Month

A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-25930 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-27864 MEDIUM PATCH This Month

IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28820 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28819 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) versions 8.5.12 and below, 9.0.0 through 9.0.2 is vulnerable to Stored XSS in uploaded file and folder names. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28477 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 is vulnerable to stored XSS on API Integrations via the name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28476 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Tags on uploaded files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28474 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS on Saved Presets on search. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28471 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28821 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concrete Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-28472 MEDIUM PATCH This Month

Concrete CMS (previously concrete5) versions 8.5.12 and below, and 9.0 through 9.1.3 does not have Secure and HTTP only attributes set for ccmPoll cookies. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Concrete Cms
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-25495 MEDIUM This Month

A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-1526 MEDIUM This Month

Certain DesignJet and PageWide XL TAA compliant models may have risk of potential information disclosure if the hard disk drive is physically removed from the printer. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Designjet Z6 Firmware Designjet Z6Dr Firmware Designjet Z9 Firmware Designjet Z9Dr Firmware +6
NVD
CVSS 3.1
4.6
EPSS
1.2%
CVE-2023-29334 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Google Authentication Bypass Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy