Skip to main content
CVE-2023-27066 MEDIUM POC This Month

Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Experience Platform
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-33281 MEDIUM POC This Month

The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sylphy Classic 2021 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-31816 MEDIUM POC This Month

IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Content Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31584 MEDIUM POC This Month

GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Silicon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-28467 MEDIUM POC PATCH This Month

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2837 MEDIUM POC PATCH This Month

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-33293 MEDIUM POC This Month

An issue was discovered in KaiOS 3.0 and 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kaios
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-31101 MEDIUM PATCH This Month

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.5.0 through 1.6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-31245 MEDIUM This Month

Devices using Snap One OvrC cloud are sent to a web address when accessing a web management interface using a HTTP connection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Orvc
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32348 MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a virtual private network (VPN) hub feature for cross-device communication that uses OpenVPN. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Remote Management System
NVD
CVSS 3.1
5.8
EPSS
0.5%
CVE-2023-31779 MEDIUM PATCH This Month

Wekan v6.84 and earlier is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Wekan
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28412 MEDIUM This Month

When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32346 MEDIUM This Month

Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Remote Management System
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-33285 MEDIUM This Month

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Qt
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-45079 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Loginizer plugin <= 1.7.5 versions. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Loginizer
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-33288 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 6.2.9. Rated medium severity (CVSS 4.7). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-33264 MEDIUM PATCH This Month

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, configuration routines don't mask passwords in the member configuration properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Hazelcast
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy