Skip to main content
CVE-2023-34833 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Thinkadmin
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34666 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cyber Cafe Management System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-34797 MEDIUM POC This Month

Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cwx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34626 MEDIUM POC This Month

Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Piwigo
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-2683 MEDIUM This Month

A memory leak in the EFR32 Bluetooth LE stack 5.1.0 through 5.1.1 allows an attacker to send an invalid pairing message and cause future legitimate connection attempts to fail. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bluetooth Low Energy Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-29289 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an XML Injection vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-32229 MEDIUM This Month

Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cpp13 Firmware Cpp14 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24031 MEDIUM This Month

An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 8.8.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24030 MEDIUM This Month

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24420 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Admin Side Data Storage For Contact Form 7
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3193 MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.73, and Liferay DXP 7.4 update 70 through 73 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35029 MEDIUM PATCH This Month

Open redirect vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers to redirect users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Dxp Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2747 MEDIUM This Month

The initialization vector (IV) used by the secure engine (SE) for encrypting data stored in the SE flash memory is uninitialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21143 MEDIUM PATCH This Month

In multiple functions of multiple files, there is a possible way to make the device unusable due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21142 MEDIUM PATCH This Month

In multiple files, there is a possible way to access traces in the dev mode due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21141 MEDIUM PATCH This Month

In several functions of several files, there is a possible way to access developer mode traces due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure Google Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21137 MEDIUM PATCH This Month

In several methods of JobStore.java, uncaught exceptions in job map parsing could lead to local persistent denial of service with no additional execution privileges needed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21136 MEDIUM This Month

In multiple functions of JobStore.java, there is a possible way to cause a crash on startup due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21105 MEDIUM PATCH This Month

In multiple functions of ChooserActivity.java, there is a possible cross-user media read due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Google Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-29322 MEDIUM This Month

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29307 MEDIUM This Month

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Open Redirect Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29304 MEDIUM This Month

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29302 MEDIUM This Month

Adobe Experience Manager versions 6.5.16.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34242 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Cilium
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-29290 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-29287 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Information Exposure vulnerability that could lead to a security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Adobe Commerce Magento
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-29292 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Magento
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-29291 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Magento
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-25972 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Ctapt
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-21095 MEDIUM This Month

In canStartSystemGesture of RecentsAnimationDeviceState.java, there is a possible partial lockscreen bypass due to a race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Privilege Escalation Google Android
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-28810 MEDIUM This Month

Some access control/intercom products have unauthorized modification of device network configuration vulnerabilities. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ds K1T804Af Firmware Ds K1T804Amf Firmware Ds K1T341Am Firmware Ds K1T341Amf Firmware +33
NVD
CVSS 3.1
4.3
EPSS
10.4%
CVE-2023-29296 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-29295 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-29294 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Business Logic Errors vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-29288 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy