Skip to main content
CVE-2023-22815 MEDIUM This Month

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass My Cloud Os
NVD
CVSS 3.1
6.7
EPSS
1.3%
CVE-2023-32620 MEDIUM PATCH This Month

Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-32608 MEDIUM This Month

Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Pleasanter
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-37299 MEDIUM PATCH This Month

Joplin before 2.11.5 allows XSS via an AREA element of an image map. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Joplin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37298 MEDIUM PATCH This Month

Joplin before 2.11.5 allows XSS via a USE element in an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Joplin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3477 MEDIUM This Month

A vulnerability was found in RocketSoft Rocket LMS 1.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3476 MEDIUM This Month

A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Guestbook Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3475 MEDIUM This Month

A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Event Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3474 MEDIUM This Month

A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Simple Blog
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1206 MEDIUM This Month

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-35946 MEDIUM PATCH This Month

Gradle is a build tool with a focus on build automation and support for multi-language development. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gradle
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29147 MEDIUM This Month

In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Detection And Response Malwarebytes
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-28387 MEDIUM This Month

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Newspicks
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37307 MEDIUM PATCH This Month

In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32607 MEDIUM This Month

Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pleasanter
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33336 MEDIUM This Month

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Sophos Web Appliance
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-3485 LOW PATCH Monitor

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Rated low severity (CVSS 3.6). No vendor patch available.

Authentication Bypass Temporal
NVD GitHub
CVSS 3.1
3.6
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy