Skip to main content
CVE-2023-2660 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.8%
CVE-2023-25309 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Rollout Ui
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-2657 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-30256 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Qloapps
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
8.7%
CVE-2023-2664 MEDIUM POC This Month

In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2663 MEDIUM POC This Month

In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-2662 MEDIUM POC This Month

In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-32668 MEDIUM POC PATCH This Month

LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Luatex Miktex Tex Live
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31445 MEDIUM POC This Month

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Access Controller
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-31473 MEDIUM POC This Month

An issue was discovered on GL.iNet devices before 3.216. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware Gl Mt2500 Firmware +28
NVD GitHub
CVSS 3.1
4.9
EPSS
3.9%
CVE-2023-29195 MEDIUM POC PATCH This Month

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Vitess
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-32075 MEDIUM POC PATCH This Month

The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Customer Management Framework
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-28361 MEDIUM This Month

A Cross-site WebSocket Hijacking (CSWSH) vulnerability found in UniFi OS 2.5 and earlier allows a malicious actor to access certain confidential information by persuading a UniFi OS user to visit a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubiquiti CSRF Unifi Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28325 MEDIUM This Month

An improper authorization vulnerability exists in Rocket.Chat <6.0 that could allow a hacker to manipulate the rid parameter and change the updateMessage method that only checks whether the user is. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-29024 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Information Disclosure Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-27554 MEDIUM PATCH This Month

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE IBM Websphere Application Server
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-28358 MEDIUM This Month

A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Chat
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29791 MEDIUM This Month

kodbox <= 1.37 is vulnerable to Cross Site Scripting (XSS) via the debug information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kodbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30394 MEDIUM This Month

The MoveIt framework 1.1.11 for ROS allows cross-site scripting (XSS) via the API authentication function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moveit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29023 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell XSS Information Disclosure Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-27870 MEDIUM PATCH This Month

IBM Spectrum Virtualize 8.5, under certain circumstances, could disclose sensitive credential information while a download from Fix Central is in progress. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Spectrum Virtualize
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-29029 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29028 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29027 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29026 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29025 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29022 MEDIUM This Month

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user with admin privileges and network access to view user. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell XSS Armorstart St 284Ee Firmware Armorstart St 281E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-29286 MEDIUM This Month

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe Information Disclosure Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29279 MEDIUM This Month

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29277 MEDIUM This Month

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Painter
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22720 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Links Page
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28359 MEDIUM This Month

A NoSQL injection vulnerability has been identified in the listEmojiCustom method call within Rocket.Chat. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Rocket Chat
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-0859 MEDIUM This Month

Arbitrary Files can be installed in the Setting Data Import function of Office / Small Office Multifunction Printers and Laser Printers(*). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Mf642Cdw Firmware Mf644Cdw Firmware Mf741Cdw Firmware +42
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-0858 MEDIUM This Month

Improper Authentication of RemoteUI of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger unauthorized access to the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Mf642Cdw Firmware Mf644Cdw Firmware Mf741Cdw Firmware +42
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-29986 MEDIUM This Month

spring-boot-actuator-logview 0.2.13 allows Directory Traversal to sibling directories via LogViewEndpoint.view. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Path Traversal Spring Boot Actuator Logview
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-2490 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Useragent Spy
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2646 MEDIUM This Month

A vulnerability has been found in TP-Link Archer C7v2 v2_en_us_180114 and classified as problematic. Rated medium severity (CVSS 4.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service TP-Link Archer C7 Firmware
NVD VulDB
CVSS 3.1
4.5
EPSS
0.3%
CVE-2023-28360 MEDIUM This Month

An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brave
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-28357 MEDIUM This Month

A vulnerability has been identified in Rocket.Chat, where the ACL checks in the Slash Command /mute occur after checking whether a user is a member of a given channel, leaking private channel members. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rocket Chat
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32082 MEDIUM PATCH This Month

etcd is a distributed key-value store for the data of a distributed system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Etcd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy