Skip to main content
CVE-2023-31406 MEDIUM This Month

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Businessobjects Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30743 MEDIUM This Month

Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Sapui5
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30742 MEDIUM This Month

SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Customer Relationship Management S4Fnd Customer Relationship Management Webclient Ui
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30741 MEDIUM This Month

Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Businessobjects Business Intelligence
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20098 MEDIUM This Month

A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Cisco Catalyst Sd Wan Manager Sd Wan Vmanage
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2023-28126 MEDIUM This Month

An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Avalanche
NVD
CVSS 3.1
5.9
EPSS
66.7%
CVE-2023-28125 MEDIUM This Month

An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Avalanche
NVD
CVSS 3.1
5.9
EPSS
2.3%
CVE-2023-24900 MEDIUM PATCH This Month

Windows NTLM Security Support Provider Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2023-31136 MEDIUM PATCH This Month

PostgresNIO is a Swift client for PostgreSQL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Code Injection PostgreSQL Postgresnio
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-28764 MEDIUM This Month

SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP Information Disclosure Businessobjects
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-30057 MEDIUM This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Origination Manager Decision
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28251 MEDIUM PATCH This Month

Windows Driver Revocation List Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-24945 MEDIUM PATCH This Month

Windows iSCSI Target Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-30985 MEDIUM This Month

A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Solid Edge Se2023
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32112 MEDIUM This Month

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass S4core Vendor Master Hierarchy
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-31807 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31806 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31804 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31802 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31800 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32066 MEDIUM PATCH This Month

Time Tracker is an open source time tracking system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Time Tracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25834 MEDIUM PATCH This Month

Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Portal For Arcgis
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-31134 MEDIUM PATCH This Month

Tauri is software for building applications for multi-platform deployment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Tauri
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-23647 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Team Member Team With Slider
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23862 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vertical Scroll Recent Post
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23664 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Convertbox Auto Embed
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31407 MEDIUM This Month

SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business Planning And Consolidation
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-29188 MEDIUM This Month

SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Customer Relationship Management Webclient Ui S4Fnd Sapscore
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28318 MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-28317 MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-28290 MEDIUM This Month

Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Remote Desktop App
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-29107 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Information Disclosure 6Gk1411 1Ac00 Firmware 6Gk1411 5Ac00 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-31404 MEDIUM This Month

Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
5.0
EPSS
0.5%
CVE-2023-31805 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31803 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31799 MEDIUM This Month

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Chamilo Lms
NVD VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24372 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Custom Author Profiles
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23884 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Kanban Boards For Wordpress
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23883 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Content Filter Censor All Offensive Content From Your Site
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23734 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Userlike
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23733 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Lazy Social Comments
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23732 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Disqus Conditional Load
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23793 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Read More Without Refresh
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23863 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Treepress
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29103 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >=. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass 6Gk1411 1Ac00 Firmware 6Gk1411 5Ac00 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-29333 LOW PATCH Monitor

Microsoft Access Denial of Service Vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Microsoft Denial Of Service 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
3.3
EPSS
0.5%
CVE-2023-27409 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Siemens Scalance Lpe9403 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-27408 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Siemens Scalance Lpe9403 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-29128 LOW PATCH Monitor

A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal 6Gk1411 1Ac00 Firmware 6Gk1411 5Ac00 Firmware
NVD
CVSS 3.1
2.7
EPSS
0.7%
CVE-2023-27410 LOW Monitor

A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Siemens Scalance Lpe9403 Firmware
NVD
CVSS 3.1
2.7
EPSS
0.6%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy