Skip to main content
CVE-2023-32750 MEDIUM POC This Month

Pydio Cells through 4.1.2 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cells
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
3.8%
CVE-2023-34969 MEDIUM POC This Month

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dbus Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-3165 MEDIUM POC This Month

A vulnerability was found in SourceCodester Life Insurance Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Life Insurance Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-32751 MEDIUM POC This Month

Pydio Cells through 4.1.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2023-34238 MEDIUM POC PATCH This Month

Gatsby is a free and open source framework based on React. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Gatsby
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-29401 MEDIUM POC PATCH This Month

The filename parameter of the Context.FileAttachment function is not properly sanitized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gin
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-34571 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34570 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34569 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34568 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34567 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34961 MEDIUM PATCH This Month

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23481 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23480 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33846 MEDIUM PATCH This Month

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Txseries For Multiplatform Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34243 MEDIUM PATCH This Month

TGstation is a toolset to manage production BYOND servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Tgstation Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-34959 MEDIUM PATCH This Month

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34958 MEDIUM PATCH This Month

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy