Skip to main content
CVE-2023-2351 MEDIUM POC PATCH This Month

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Wp Directory Kit
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-2277 MEDIUM POC PATCH This Month

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Wp Directory Kit
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-33621 MEDIUM POC This Month

GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request when the OpenVPN Server config file is downloaded. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Gl Ar750S Firmware
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-33620 MEDIUM POC This Month

GL.iNET GL-AR750S-Ext firmware v3.215 uses an insecure protocol in its communications which allows attackers to eavesdrop via a man-in-the-middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Gl Ar750S Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-34537 MEDIUM POC This Month

A Reflected XSS was discovered in HotelDruid version 3.0.5, an attacker can issue malicious code/command on affected webpage's parameter to trick user on browser and/or exfiltrate data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hoteldruid
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2023-34965 MEDIUM POC This Month

SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sspanel Uim
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-27624 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Redirect After Login
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-3218 MEDIUM POC PATCH This Month

Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Openitcockpit
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2023-33921 MEDIUM PATCH This Month

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Cpci85 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-33920 MEDIUM PATCH This Month

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05), CP-8050 MASTER MODULE (All versions < CPCI85 V05). Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Cpci85 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-34114 MEDIUM This Month

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Zoom
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-28601 MEDIUM This Month

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Zoom
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-28598 MEDIUM This Month

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoom
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33305 MEDIUM This Month

A loop with unreachable exit condition ('infinite loop') in Fortinet FortiOS version 7.2.0 through 7.2.4, FortiOS version 7.0.0 through 7.0.10, FortiOS 6.4 all versions, FortiOS 6.2 all versions,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortiproxy Fortiweb Fortios
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-26207 MEDIUM This Month

An insertion of sensitive information into log file vulnerability in Fortinet FortiOS 7.2.0 through 7.2.4 and FortiProxy 7.0.0 through 7.0.10. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25609 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability [CWE-918] in FortiManager and FortiAnalyzer GUI 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.8 through 6.4.11 may allow a remote and authenticated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-24469 MEDIUM This Month

Potential Cross-Site Scripting in ArcSight Logger versions prior to 7.3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arcsight Logger
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2876 MEDIUM This Month

Sensitive Cookie Without 'HttpOnly' Flag vulnerability in ABB REX640 PCL1 (firmware modules), ABB REX640 PCL2 (Firmware modules), ABB REX640 PCL3 (firmware modules) allows Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb XSS Rex640 Pcl1 Firmware Rex640 Pcl2 Firmware Rex640 Pcl3 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-33986 MEDIUM This Month

SAP CRM ABAP (Grantor Management) - versions 700, 701, 702, 712, 713, 714, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Customer Relationship Management Abap
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33985 MEDIUM This Month

SAP NetWeaver Enterprise Portal - version 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-32115 MEDIUM This Month

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

SQLi Master Data Synchronization
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-2827 MEDIUM This Month

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

SAP Authentication Bypass Digital Manufacturing Plant Connectivity
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-29498 MEDIUM This Month

Improper restriction of XML external entity reference (XXE) vulnerability exists in FRENIC RHC Loader v1.1.0.3 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Frenic Rhc Loader
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33122 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10),. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33121 MEDIUM PATCH This Month

A vulnerability has been identified in JT2Go (All versions < V14.2.0.3), Teamcenter Visualization V13.2 (All versions < V13.2.0.13), Teamcenter Visualization V13.3 (All versions < V13.3.0.10),. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30757 MEDIUM This Month

A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Totally Integrated Automation Portal
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28600 MEDIUM This Month

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoom
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-23831 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ratingwidget
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33984 MEDIUM This Month

SAP NetWeaver (Design Time Repository) - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Netweaver
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34250 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32301 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32061 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31142 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-31439 MEDIUM PATCH This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31438 MEDIUM This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-31437 MEDIUM This Month

An issue was discovered in systemd 253. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Systemd
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-31195 MEDIUM This Month

ASUS Router RT-AX3000 Firmware versions prior to 3.0.0.4.388.23403 uses sensitive cookies without 'Secure' attribute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rt Ax3000 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-2673 MEDIUM This Month

Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fl Mguard 2102 Firmware Fl Mguard 4102 Pci Firmware Fl Mguard 4102 Pcie Firmware Fl Mguard 4302 Firmware +22
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-2638 MEDIUM This Month

Rockwell Automation's FactoryTalk System Services does not verify that a backup configuration archive is password protected. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Rockwell Authentication Bypass Factorytalk Policy Manager Factorytalk System Services
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2023-25978 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Protected Posts Logout Button
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28620 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cyberus Key
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26538 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Chat Bee
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26528 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shipping Management
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25964 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS We Re Open
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29501 MEDIUM This Month

Jiyu Kukan Toku-Toku coupon App for iOS versions 3.5.0 and earlier, and Jiyu Kukan Toku-Toku coupon App for Android versions 3.5.0 and earlier are vulnerable to improper server certificate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Google Jiyu Kukan Toku Toku Coupon
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-31238 MEDIUM PATCH This Month

A vulnerability has been identified in SICAM P850 (7KG8500-0AA00-0AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA00-2AA0) (All versions < V3.11), SICAM P850 (7KG8500-0AA10-0AA0) (All versions <. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Q200 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29175 MEDIUM This Month

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.2 all versions, 6.4 all versions, 7.0.0 through 7.0.10, 7.2.0 and FortiProxy 1.2 all versions, 2.0 all versions, 7.0.0 through. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Fortinet Information Disclosure Fortiproxy Fortios
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-2639 MEDIUM This Month

The underlying feedback mechanism of Rockwell Automation's FactoryTalk System Services that transfers the FactoryTalk Policy Manager rules to relevant devices on the network does not verify that the. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk Policy Manager Factorytalk System Services
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-27465 MEDIUM PATCH This Month

A vulnerability has been identified in SIMOTION C240 (All versions >= V5.4 < V5.5 SP1), SIMOTION C240 PN (All versions >= V5.4 < V5.5 SP1), SIMOTION D410-2 DP (All versions >= V5.4 < V5.5 SP1),. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Simotion D425 2 Dp Firmware Simotion D425 2 Dp Pn Firmware Simotion D435 2 Dp Firmware Simotion D435 2 Dp Pn Firmware +9
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-32546 MEDIUM This Month

Code injection vulnerability exists in Chatwork Desktop Application (Mac) 2.6.43 and earlier. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Chatwork
NVD
CVSS 3.1
4.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy