Skip to main content
CVE-2023-34367 MEDIUM POC This Month

Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Windows 7
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-3240 MEDIUM POC This Month

A vulnerability has been found in OTCMS up to 6.62 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-3231 MEDIUM POC This Month

A vulnerability has been found in UJCMS up to 6.0.2 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ujcms
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-3229 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fossbilling
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33145 MEDIUM POC PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Google Microsoft Edge Chromium
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
8.6%
CVE-2023-33140 MEDIUM POC PATCH This Month

Microsoft OneNote Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Onenote
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-34452 MEDIUM POC This Month

Grav is a flat-file content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Grav
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3189 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Online School Fees System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online School Fees System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3228 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fossbilling
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-3227 MEDIUM POC PATCH This Month

Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Fossbilling
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-26965 MEDIUM POC This Month

loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34824 MEDIUM POC This Month

fdkaac before 1.0.5 was discovered to contain a heap buffer overflow in caf_info function in caf_reader.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Fdkaac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-34823 MEDIUM POC This Month

fdkaac before 1.0.5 was discovered to contain a stack overflow in read_callback function in src/main.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Fdkaac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-34565 MEDIUM POC This Month

Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34449 MEDIUM POC PATCH This Month

ink!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Ink
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-2820 MEDIUM This Month

An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Threat Response Auto Pull
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-33144 MEDIUM PATCH This Month

Visual Studio Code Spoofing Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity.

Information Disclosure Visual Studio Code
NVD
CVSS 3.1
6.6
EPSS
1.3%
CVE-2023-35149 MEDIUM This Month

A missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL, capturing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Digital Ai App Management Publisher
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35148 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers to connect to an attacker-specified URL, capturing credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Digital Ai App Management Publisher
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35147 MEDIUM This Month

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not restrict the AWS SQS queue name path parameter in an HTTP endpoint, allowing attackers with Item/Read permission to obtain the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Jenkins Aws Codecommit Trigger
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-34149 MEDIUM PATCH This Month

Allocation of Resources Without Limits or Throttling vulnerability in Apache Software Foundation Apache Struts.5.30, through 6.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Struts
NVD
CVSS 3.1
6.5
EPSS
5.4%
CVE-2023-24937 MEDIUM PATCH This Month

Windows CryptoAPI Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2023-33142 MEDIUM PATCH This Month

Microsoft SharePoint Server Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-33129 MEDIUM PATCH This Month

Microsoft SharePoint Server Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Microsoft Denial Of Service Heap Overflow Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-32032 MEDIUM PATCH This Month

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5).

Information Disclosure Net Visual Studio 2022
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-29369 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-29352 MEDIUM This Month

Windows Remote Desktop Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Remote Desktop Client Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-24938 MEDIUM PATCH This Month

Windows CryptoAPI Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-33132 MEDIUM PATCH This Month

Microsoft SharePoint Server Spoofing Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Server
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-32020 MEDIUM PATCH This Month

Windows DNS Spoofing Vulnerability. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
5.6
EPSS
0.7%
CVE-2023-0837 MEDIUM This Month

An improper authorization check of local device settings in TeamViewer Remote between version 15.41 and 15.42.7 for Windows and macOS allows an unprivileged user to change basic local device settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Authentication Bypass Remote
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33139 MEDIUM PATCH This Month

Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Visual Studio Visual Studio 2017 Visual Studio 2019 +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-32016 MEDIUM PATCH This Month

Windows Installer Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-29353 MEDIUM PATCH This Month

Sysinternals Process Monitor for Windows Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Sysinternals Sysinternals Process Monitor
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-21569 MEDIUM PATCH This Month

Azure DevOps Server Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Azure Devops Server
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-33515 MEDIUM This Month

SoftExpert Excellence Suite 2.1.9 is vulnerable to Cross Site Scripting (XSS) via query screens. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Excellence Suite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0010 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software can allow a JavaScript payload to be executed in the context of an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Paloalto XSS Pan Os
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35146 MEDIUM This Month

Jenkins Template Workflows Plugin 41.v32d86a_313b_4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Template Workflows
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-35145 MEDIUM This Month

Jenkins Sonargraph Integration Plugin 5.0.1 and earlier does not escape the file path and the project name for the Log file field form validation, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Sonargraph Integration
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-35144 MEDIUM This Month

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape project and build display names on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Maven Repository Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-35143 MEDIUM This Month

Jenkins Maven Repository Server Plugin 1.10 and earlier does not escape the versions of build artifacts on the Build Artifacts As Maven Repository page, resulting in a stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Maven Repository Server
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-32013 MEDIUM PATCH This Month

Windows Hyper-V Denial of Service Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2023-29355 MEDIUM PATCH This Month

DHCP Server Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-35116 MEDIUM This Month

jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Jackson Databind
NVD GitHub
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-32019 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 4.7). This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
4.7
EPSS
1.4%
CVE-2023-3203 MEDIUM PATCH This Month

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Mstore Api
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3198 MEDIUM PATCH This Month

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Mstore Api
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3201 MEDIUM PATCH This Month

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Mstore Api
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3200 MEDIUM PATCH This Month

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Mstore Api
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2819 MEDIUM This Month

A stored cross-site scripting vulnerability in the Sources UI in Proofpoint Threat Response/ Threat Response Auto Pull (PTR/TRAP) could allow an authenticated administrator on an adjacent network to. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

RCE XSS Threat Response Auto Pull
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy