Skip to main content
CVE-2023-2952 MEDIUM POC This Month

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-32699 MEDIUM POC PATCH This Month

MeterSphere is an open source continuous testing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Metersphere
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1524 MEDIUM POC This Month

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Download Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34204 MEDIUM POC This Month

imapsync through 2.229 uses predictable paths under /tmp and /var/tmp in its default mode of operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imapsync
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33962 MEDIUM POC PATCH This Month

JStachio is a type-safe Java Mustache templating engine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java XSS Jstachio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2973 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Students Online Internship Timesheet Syste 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Students Online Internship Timesheet System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2518 MEDIUM POC This Month

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape a parameter before outputting it back in the page when the debug option is enabled, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Forms For Mailchimp
NVD WPScan
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-2296 MEDIUM POC This Month

The Loginizer WordPress plugin before 1.7.9 does not escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Loginizer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2256 MEDIUM POC This Month

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.7 does not sanitize and escape some URL parameters, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Addons Fields For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-2023 MEDIUM POC This Month

The Custom 404 Pro WordPress plugin before 3.7.3 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Custom 404 Pro
NVD WPScan
CVSS 3.1
6.1
EPSS
1.7%
CVE-2023-0733 MEDIUM POC This Month

The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsletter Popup
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-32691 MEDIUM POC This Month

gost (GO Simple Tunnel) is a simple tunnel written in golang. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Go Simple Tunnel
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-34151 MEDIUM POC This Month

A vulnerability was found in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Imagemagick Extra Packages For Enterprise Linux Fedora +2
NVD GitHub
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-29735 MEDIUM POC This Month

An issue found in edjing Mix v.7.09.01 for Android allows a local attacker to cause a denial of service via the database files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Edjing Mix
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33656 MEDIUM POC This Month

A memory leak vulnerability exists in NanoMQ 0.17.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29737 MEDIUM POC This Month

An issue found in Wave Animated Keyboard Emoji v.1.70.7 for Android allows a local attacker to cause a denial of service via the database files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Wave Animated Keyboard Emoji
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23956 MEDIUM POC This Month

A user can supply malicious HTML and JavaScript code that will be executed in the client browser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Symantec Siteminder Webagent
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
3.1%
CVE-2023-2981 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pydio Cells
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0443 MEDIUM POC This Month

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Anywhere Elementor
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-2111 MEDIUM POC This Month

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Hollerbox
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-2470 MEDIUM POC This Month

The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Add To Feedly
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2223 MEDIUM POC This Month

The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Login Rebuilder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2113 MEDIUM POC This Month

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Autoptimize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2978 MEDIUM POC PATCH This Month

A vulnerability was found in Abstrium Pydio Cells 4.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pydio Cells
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-2287 MEDIUM POC This Month

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Orbitfox
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2940 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-33180 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33179 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33178 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-31187 MEDIUM This Month

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ix Workforce Engagement
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32689 MEDIUM PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Node.js File Upload Parse Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2650 MEDIUM PATCH This Month

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

OpenSSL Canonical Denial Of Service Debian Linux
NVD
CVSS 3.1
6.5
EPSS
75.1%
CVE-2023-2970 MEDIUM This Month

A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Mindspore
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-32218 MEDIUM This Month

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ix Workforce Engagement
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-23754 MEDIUM This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Redirect Joomla
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20884 MEDIUM PATCH This Month

VMware Workspace ONE Access and VMware Identity Manager contain an insecure redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Information Disclosure VMware Open Redirect Identity Manager Workspace One Access +2
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-33186 MEDIUM PATCH This Month

Zulip is an open-source team collaboration tool with unique topic-based threading that combines the best of email and chat to make remote work productive and delightful. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zulip Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-33974 MEDIUM PATCH This Month

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Race Condition Denial Of Service Riot
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-23561 MEDIUM This Month

Stormshield Endpoint Security 2.3.0 through 2.3.2 has Incorrect Access Control: authenticated users can read sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Security
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-32448 MEDIUM PATCH This Month

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains License Key Stored in Cleartext vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Powerpath
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33961 MEDIUM This Month

Leantime is a lean open source project management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Leantime
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32685 MEDIUM PATCH This Month

Kanboard is project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kanboard
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33181 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xibo
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-31186 MEDIUM This Month

Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ix Workforce Engagement
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-33955 MEDIUM PATCH This Month

Minio Console is the UI for MinIO Object Storage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Console
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1711 MEDIUM This Month

A vulnerability exists in a FOXMAN-UN and UNEM logging component, it only affects systems that use remote authentication to the network elements. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Foxman Un Unem
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-2941 MEDIUM This Month

Inappropriate implementation in Extensions API in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the UI via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2938 MEDIUM This Month

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-2937 MEDIUM This Month

Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-24568 MEDIUM This Month

Dell NetWorker, contains an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port which could disallow replacing CA signed certificates. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Networker
NVD
CVSS 3.1
4.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy