Skip to main content
CVE-2023-23169 MEDIUM POC This Month

Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal SSRF Pdfocus
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-2671 MEDIUM POC This Month

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2667 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-29808 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Companymaps
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-47880 MEDIUM POC This Month

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure PHP Jedox Jedox Cloud
NVD Exploit-DB VulDB
CVSS 3.1
5.3
EPSS
3.2%
CVE-2023-31921 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31920 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31919 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31918 MEDIUM POC This Month

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31916 MEDIUM POC This Month

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31914 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31913 MEDIUM POC This Month

Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29983 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Companymaps
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
5.1%
CVE-2023-2678 MEDIUM POC This Month

A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS File Tracker Manager System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2674 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-20880 MEDIUM This Month

VMware Aria Operations contains a privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Authentication Bypass Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20879 MEDIUM This Month

VMware Aria Operations contains a Local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Cloud Foundation Vrealize Operations
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-31199 MEDIUM PATCH This Month

Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Authentication Bypass Solid State Drive Toolbox
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-30768 MEDIUM This Month

Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Server Board S1200V3Rpl Firmware Server Board S1200V3Rpm Firmware +62
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-30763 MEDIUM PATCH This Month

Heap-based overflow in Intel(R) SoC Watch based software before version 2021.1 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Buffer Overflow Intel Heap Overflow Battery Life Diagnostic Tool +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-2181 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2088 MEDIUM This Month

A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Openstack
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-32081 MEDIUM PATCH This Month

Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Vert X Stomp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2682 MEDIUM This Month

A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical.cgi of the component Mini_HTTPD. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Caton Live
NVD VulDB
CVSS 3.1
6.3
EPSS
1.9%
CVE-2023-27237 MEDIUM This Month

LavaLite CMS v 9.0.0 was discovered to be vulnerable to a host header injection attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lavalite
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29818 MEDIUM This Month

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Secureanywhere
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29819 MEDIUM This Month

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Secureanywhere
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29820 MEDIUM This Month

An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Secureanywhere
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32303 MEDIUM PATCH This Month

Planet is software that provides satellite data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Planet
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23867 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Buttons X
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28520 MEDIUM PATCH This Month

IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Planning Analytics Local
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28936 MEDIUM PATCH This Month

Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Openmeetings
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-27863 MEDIUM PATCH This Month

IBM Spectrum Protect Plus Server 10.1.13, under specific configurations, could allow an elevated user to obtain SMB credentials that may be used to access vSnap data stores. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Spectrum Protect
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-28414 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apexchat
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25958 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Tooltips
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25460 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Ad Manager
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23810 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Panorama
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22685 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Category Specific Rss Feed Subscription
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy