Skip to main content
CVE-2023-2903 MEDIUM POC This Month

A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nfine Rapid Development Platform
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2902 MEDIUM POC This Month

A vulnerability was found in NFine Rapid Development Platform 20230511. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nfine Rapid Development Platform
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2901 MEDIUM POC This Month

A vulnerability was found in NFine Rapid Development Platform 20230511. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nfine Rapid Development Platform
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2804 MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libjpeg Turbo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-25439 MEDIUM POC This Month

Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Fusioninvoice
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.2%
CVE-2023-33751 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mipjz
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33750 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mipjz
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33356 MEDIUM POC This Month

IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31147 MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Ares Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-26215 MEDIUM This Month

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ebx Add Ons
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22504 MEDIUM This Month

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Atlassian Confluence Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-31130 MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure C Ares Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-28370 MEDIUM PATCH This Month

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Tornado
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-0459 MEDIUM PATCH This Month

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-30615 MEDIUM This Month

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass Iris
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32694 MEDIUM PATCH This Month

Saleor Core is a composable, headless commerce API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Saleor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-2255 MEDIUM This Month

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Libreoffice Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-30851 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-2881 MEDIUM PATCH This Month

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Customer Management Framework
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-47177 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay - Square for WordPress plugin <= 4.1 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Easypay
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2886 MEDIUM This Month

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.0.3.4 Panel: v4.0.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-47165 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Coschedule
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-47149 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enable Accessibility
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-47164 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress CSRF Event Manager And Tickets Selling Plugin For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy