Skip to main content
CVE-2023-3075 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Corebos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-25741 MEDIUM POC This Month

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-2835 MEDIUM POC PATCH This Month

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Wp Directory Kit
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-33763 MEDIUM POC This Month

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simpleredak
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33761 MEDIUM POC This Month

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simpleredak
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33731 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-29725 MEDIUM POC This Month

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Bt21 X Bts Wallpaper
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-33717 MEDIUM POC This Month

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3073 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3074 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3071 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3070 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3067 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trilium
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3060 MEDIUM POC This Month

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Agro School Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3058 MEDIUM POC This Month

A vulnerability was found in 07FLY CRM up to 1.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Customer Relationship Management
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3031 MEDIUM POC This Month

Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.3.15. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal King Avis
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-28700 MEDIUM This Month

OMICARD EDM backend system’s file uploading function does not restrict upload of file with dangerous type. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-2816 MEDIUM PATCH This Month

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HashiCorp Consul
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32211 MEDIUM This Month

A type checking bug would have led to invalid code being compiled. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-32206 MEDIUM This Month

An out-of-bound read could have led to a crash in the RLBox Expat driver. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-29549 MEDIUM This Month

Under certain circumstances, a call to the <code>bind</code> function may have resulted in the incorrect realm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Focus
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-29548 MEDIUM This Month

A wrong lowering instruction in the ARM64 Ion compiler resulted in a wrong optimization result. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-29547 MEDIUM This Month

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-29544 MEDIUM This Month

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Denial Of Service Google Firefox +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-29535 MEDIUM This Month

Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Google Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28164 MEDIUM This Month

Dragging a URL from a cross-origin iframe that was removed during the drag could have led to user confusion and website spoofing attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28163 MEDIUM This Month

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mozilla Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-28160 MEDIUM This Month

When following a redirect to a publicly accessible web extension file, the URL may have been translated to the actual local path, leaking potentially sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25752 MEDIUM This Month

When accessing throttled streams, the count of available bytes needed to be checked in the calling function to be within bounds. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25751 MEDIUM This Month

Sometimes, when invalidating JIT code while following an iterator, the newly generated code could be overwritten incorrectly. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-25742 MEDIUM This Month

When importing a SPKI RSA public key as ECDSA P-256, the key would be handled incorrectly causing the tab to crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25738 MEDIUM This Month

Members of the <code>DEVMODEW</code> struct set by the printer device driver weren't being validated and could have resulted in invalid values which in turn would cause the browser to attempt out of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Microsoft Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25728 MEDIUM This Month

The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-23604 MEDIUM This Month

A duplicate `SystemPrincipal` object could be created when parsing a non-system html document via `DOMParser::ParseFromSafeString`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23603 MEDIUM This Month

Regular expressions used to filter out forbidden properties and values from style directives in calls to `console.log` weren't accounting for external URLs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23602 MEDIUM This Month

A mishandled security check when creating a WebSocket in a WebWorker caused the Content Security Policy connect-src header to be ignored. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23601 MEDIUM This Month

Navigations were being allowed when dragging a URL from a cross-origin iframe into the same tab which could lead to website spoofing attacks This vulnerability affects Firefox < 109, Firefox ESR <. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-23600 MEDIUM This Month

Per origin notification permissions were being stored in a way that didn't take into account what browsing context the permission was granted in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23599 MEDIUM This Month

When copying a network request from the developer tools panel as a curl command the output was not being properly sanitized and could allow arbitrary commands to be hidden within. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23598 MEDIUM This Month

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23597 MEDIUM This Month

A compromised web child process could disable web security opening restrictions, leading to a new child process being spawned within the `file://` context. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1945 MEDIUM This Month

Unexpected data returned from the Safe Browsing API could have led to memory corruption and a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0616 MEDIUM This Month

If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way Thunderbird repeatedly attempts to process and display the message, which could cause Thunderbird's user interface to lock up. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0547 MEDIUM This Month

OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and revoked certificates would be accepted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-0430 MEDIUM This Month

Certificate OCSP revocation status was not checked when verifying S/Mime signatures. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-2062 MEDIUM This Month

Missing Password Field Masking vulnerability in Mitsubishi Electric Corporation EtherNet/IP configuration tools SW1DNN-EIPCT-BD and SW1DNN-EIPCTFX5-BD allows a remote unauthenticated attacker to know. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx5 Enet Ip Firmware Sw1Dnn Eipct Bd Firmware Rj71Eip91 Firmware Sw1Dnn Eipctfx5 Bd Firmware
NVD
CVSS 3.1
6.2
EPSS
0.3%
CVE-2023-29540 MEDIUM This Month

Using a redirect embedded into <code>sourceMappingUrls</code> could allow for navigation to external protocol links in sandboxed iframes without <code>allow-top-navigation-to-custom-protocols</code>. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Open Redirect Firefox Focus
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-28705 MEDIUM This Month

Openfind Mail2000 has insufficient filtering special characters of email content of its content filtering function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mail2000
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25780 MEDIUM This Month

It is identified a vulnerability of insufficient authentication in an important specific function of Status PowerBPM. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Powerbpm
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-28469 MEDIUM This Month

An issue was discovered in the Arm Mali GPU Kernel Driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Avalon Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy