Skip to main content
CVE-2023-35164 MEDIUM POC This Month

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-35168 MEDIUM POC This Month

DataEase is an open source data visualization analysis tool to analyze data and gain insight into business trends. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Dataease
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36675 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-28485 MEDIUM POC This Month

A stored cross-site scripting (Stored XSS) vulnerability in file preview in WeKan before 6.75 allows remote authenticated users to inject arbitrary web script or HTML via names of file attachments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wekan
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-33580 MEDIUM POC This Month

Phpgurukul Student Study Center Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in the "Admin Name" field on Admin Profile page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Student Study Center Management System
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
3.7%
CVE-2023-2290 MEDIUM This Month

A potential vulnerability in the LenovoFlashDeviceInterface SMI handler may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Thinkpad E14 Firmware Thinkpad E14 Gen 2 Firmware +83
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32526 MEDIUM PATCH This Month

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Trend Micro Mobile Security
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-32525 MEDIUM PATCH This Month

Trend Micro Mobile Security (Enterprise) 9.8 SP5 contains widget vulnerabilities that could allow a remote attacker to create arbitrary files on affected installations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Trend Micro Mobile Security
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-34422 MEDIUM This Month

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-34421 MEDIUM This Month

A valid, authenticated LXCA user with elevated privileges may be able to replace filesystem data through a specifically crafted web API call due to insufficient input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Xclarity Administrator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33176 MEDIUM PATCH This Month

BigBlueButton is an open source virtual classroom designed to help teachers teach and learners learn. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Bigbluebutton
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2993 MEDIUM This Month

A valid, authenticated user with limited privileges may be able to use specifically crafted web management server API calls to execute a limited number of commands on SMM v1, SMM v2, and FPC that the. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nextscale N1200 Enclosure Firmware Thinkagile Cp Cb 10 Firmware Thinkagile Cp Cb 10E Firmware Thinkagile Hx Enclosure Certified Node Firmware +4
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-32535 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-32534 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-32533 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-32532 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-32531 MEDIUM PATCH This Month

Certain dashboard widgets on Trend Micro Apex Central (on-premise) are vulnerable to cross-site scripting (XSS) attacks that may allow an attacker to achieve remote code execution on affected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE XSS Trend Micro Apex Central
NVD
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-29459 MEDIUM This Month

The laola.redbull application through 5.1.9-R for Android exposes the exported activity at.redbullsalzburg.android.AppMode.Default.Splash.SplashActivity, which accepts a data: URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google SQLi Fc Red Bull Salzburg
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29430 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Theroof
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29427 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Amelia
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28992 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Coupon Affiliates
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32556 MEDIUM PATCH This Month

A link following vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to disclose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30902 MEDIUM PATCH This Month

A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-32605 MEDIUM PATCH This Month

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Apex Central
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32604 MEDIUM PATCH This Month

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Apex Central
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32537 MEDIUM PATCH This Month

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Apex Central
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32536 MEDIUM PATCH This Month

Affected versions Trend Micro Apex Central (on-premise) are vulnerable to potential authenticated reflected cross-site scripting (XSS) attacks due to user input validation and sanitization issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Trend Micro Apex Central
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-29437 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Connections Business Directory
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29435 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cryptocurrency All In One
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29436 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Iframe Shortcode
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36662 MEDIUM This Month

The TechTime User Management components for Atlassian products allow stored XSS on the Bulk User Actions page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian User Management
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32553 MEDIUM PATCH This Month

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32552 MEDIUM PATCH This Month

An Improper access control vulnerability in Trend Micro Apex One and Apex One as a Service could allow an unauthenticated user under certain circumstances to disclose sensitive information on agents. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Trend Micro Apex One
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-35930 MEDIUM PATCH This Month

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Spicedb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-1620 MEDIUM This Month

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a specifically crafted packet to the CODESYS V2 runtime. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 750 331 Firmware 750 8202 Firmware 750 8202 000 011 Firmware 750 8202 000 012 Firmware +72
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-1619 MEDIUM This Month

Multiple WAGO devices in multiple versions may allow an authenticated remote attacker with high privileges to DoS the device by sending a malformed packet. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 750 331 Firmware 750 8202 Firmware 750 8202 000 011 Firmware 750 8202 000 012 Firmware +72
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-27082 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev4 allows remote attackers to run arbitrary code via upload of crafted html file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE XSS Pluck
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-29438 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simplemodal Contact Form
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29434 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Optin Forms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29424 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Shiftcontroller
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29423 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Cancel Order Request Return Order Repeat Order Reorder For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29093 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PI Websolution Conditional cart fee plugin <= 1.0.96 versions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Conditional Cart Fee Extra Charge Rule For Woocommerce Extra Fees
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28991 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Pi Woocommerce Order Date Time And Type
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28988 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Add To Cart Direct Checkout For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22359 MEDIUM This Month

User enumeration in Checkmk <=2.2.0p4 allows an authenticated attacker to enumerate usernames. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy