Skip to main content
CVE-2023-33754 MEDIUM POC This Month

The captive portal in Inpiazza Cloud WiFi versions prior to v4.2.17 does not enforce limits on the number of attempts for password recovery, allowing attackers to brute force valid user accounts to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Wifi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-32324 MEDIUM POC This Month

OpenPrinting CUPS is an open source printing system. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Cups Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
1.5%
CVE-2023-33546 MEDIUM POC This Month

Janino 3.1.9 and earlier are subject to denial of service (DOS) attacks when using the expression evaluator.guess parameter name method. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Janino
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33544 MEDIUM POC This Month

hawtio 2.17.2 is vulnerable to Path Traversal. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Hawtio
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33719 MEDIUM POC This Month

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4SdpAtom::Read() at atom_sdp.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33461 MEDIUM POC This Month

iniparser v4.1 is vulnerable to NULL Pointer Dereference in function iniparser_getlongint which misses check NULL for function iniparser_getstring's return. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Iniparser
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-33764 MEDIUM POC This Month

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component #/de/casting/show/detail/<ID>. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simpleredak
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3035 MEDIUM POC This Month

A vulnerability has been found in Guangdong Pythagorean OA Office System up to 4.50.31 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Pythagorean Oa Office System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30758 MEDIUM POC PATCH This Month

Cross-site scripting vulnerability in Pleasanter 1.3.38.1 and earlier allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pleasanter
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-34091 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Kyverno
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32716 MEDIUM This Month

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Denial Of Service Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32706 MEDIUM This Month

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, an unauthenticated attacker can send specially-crafted messages to the XML parser within SAML authentication to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Denial Of Service XXE Splunk Cloud Platform
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28043 MEDIUM This Month

Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Secure Connect Gateway
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-32181 MEDIUM This Month

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf allows for DoS via malformed configuration files5.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libeconf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22652 MEDIUM This Month

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.5.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libeconf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32715 MEDIUM This Month

In the Splunk App for Lookup File Editing versions below 4.0.1, a user can insert potentially malicious JavaScript code into the app, which causes that code to run on the user’s machine. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS Splunk App For Lookup File Editing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3026 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Drawio
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33716 MEDIUM This Month

mp4v2 v2.1.3 was discovered to contain a memory leak via the class MP4StringProperty at mp4property.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2985 MEDIUM PATCH This Month

A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32711 MEDIUM This Month

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, a Splunk dashboard view lets a low-privileged user exploit a vulnerability in the Bootstrap web framework (CVE-2019-8331) and build a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk XSS
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23954 MEDIUM This Month

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to a Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Advanced Secure Gateway Content Analysis
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32710 MEDIUM This Month

In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Splunk Information Disclosure Splunk Cloud Platform
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-28824 MEDIUM This Month

Server-side request forgery vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Conprosys Hmi System
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-28651 MEDIUM This Month

Cross-site scripting vulnerability exists in CONPROSYS HMI System (CHS) versions prior to 3.5.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Conprosys Hmi System
NVD
CVSS 3.1
4.8
EPSS
62.4%
CVE-2023-32717 MEDIUM This Month

On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32709 MEDIUM This Month

In Splunk Enterprise versions below 9.0.5, 8.2.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk Authentication Bypass Splunk Cloud Platform
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy