Skip to main content
CVE-2023-2745 MEDIUM POC PATCH THREAT This Month

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 79.5%.

XSS WordPress Path Traversal
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
79.5%
Threat
5.0
CVE-2023-31847 MEDIUM POC This Month

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Davinci
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2731 MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31725 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31723 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2768 MEDIUM POC This Month

A vulnerability was found in Sucms 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sucms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-31698 MEDIUM POC This Month

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.6%
CVE-2023-31699 MEDIUM POC This Month

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.5%
CVE-2023-1972 MEDIUM PATCH This Month

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Binutils
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1764 MEDIUM This Month

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ij Network Tool
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-1763 MEDIUM This Month

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ij Network Tool
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-29837 MEDIUM This Month

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Exelysis Unified Communications Solution
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2509 MEDIUM This Month

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adm Looksgood Soundsgood
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-31135 MEDIUM PATCH This Month

Dgraph is an open source distributed GraphQL database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dgraph
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2528 MEDIUM This Month

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Contact Form
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-2753 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2752 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-30452 MEDIUM This Month

The MoroSystems EasyMind - Mind Maps plugin before 2.15.0 for Confluence allows persistent XSS when saving a Mind Map with the hyperlink parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Easymind
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-26044 MEDIUM PATCH This Month

react/http is an event-driven, streaming HTTP client and server implementation for ReactPHP. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Http
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-1859 MEDIUM This Month

A use-after-free flaw was found in xen_9pfs_front_removet in net/9p/trans_xen.c in Xen transport for 9pfs in the Linux Kernel. Rated medium severity (CVSS 4.7). No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-22348 MEDIUM This Month

Improper Authorization in RestAPI in Checkmk GmbH's Checkmk versions <2.1.0p28 and <2.2.0b8 allows remote authenticated users to read arbitrary host_configs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Checkmk
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2679 MEDIUM This Month

Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Microsoft Snow License Manager
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-0864 MEDIUM This Month

Cleartext Transmission of Sensitive Information vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE). Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Information Disclosure Terra Ac Wallbox Ul40 Firmware Terra Ac Wallbox 80A Firmware Terra Ac Wallbox Ul32A Firmware +5
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy