Skip to main content
CVE-2023-33405 MEDIUM POC THREAT This Month

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Blogengine Net
NVD GitHub
CVSS 3.1
6.1
EPSS
31.3%
CVE-2023-33725 MEDIUM POC PATCH This Month

Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Broadleaf Commerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25435 MEDIUM POC This Month

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-0970 MEDIUM This Month

Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Z Ip Gateway Sdk
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-33591 MEDIUM This Month

User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS User Registration Login And User Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27432 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Manage Upload Limit
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27414 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Popup Box
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27450 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Leyka
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27443 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Vimeo Shortcode
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27429 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jetpack Crm
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27439 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS New Adman
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy