Skip to main content
CVE-2023-2926 MEDIUM POC This Month

A vulnerability was found in SeaCMS 11.6 and classified as problematic.php of the component Picture Upload Handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Seacms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2922 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Comment System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-33195 MEDIUM POC PATCH This Month

Craft is a CMS for creating custom digital experiences on the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-2945 MEDIUM POC PATCH This Month

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2944 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2925 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Krayin Crm
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2947 MEDIUM POC PATCH THREAT This Month

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
90.4%
CVE-2023-32325 MEDIUM PATCH MAL This Month

PostHog-js is a library to interface with the PostHog analytics tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Posthog Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33188 MEDIUM This Month

Omni-notes is an open source note-taking application for Android. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Omni Notes
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-32686 MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33184 MEDIUM PATCH This Month

Nextcloud Mail is a mail app in Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy