Skip to main content
CVE-2023-3338 MEDIUM POC This Month

A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Active Iq Unified Manager +1
NVD
CVSS 3.1
6.5
EPSS
8.1%
CVE-2023-37365 MEDIUM POC PATCH This Month

Hnswlib 0.7.0 has a double free in init_index when the M argument is a large integer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hnswlib
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36810 MEDIUM POC PATCH This Month

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Pypdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36807 MEDIUM POC PATCH This Month

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Pypdf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-34840 MEDIUM POC This Month

angular-ui-notification v0.1.0, v0.2.0, and v0.3.6 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Angular Ui Notification
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-37360 MEDIUM POC PATCH This Month

pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Pacparser
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37302 MEDIUM POC This Month

An issue was discovered in SiteLinksView.php in Wikibase in MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-33276 MEDIUM POC This Month

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 responds with a "404 - Not Found" status code if a path is accessed that does not exist. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Knx Ip Router Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3479 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Control Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-2908 MEDIUM POC PATCH This Month

A null pointer dereference issue was found in Libtiff's tif_dir.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-36146 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Re170 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-36477 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Ckeditor Integration Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-37304 MEDIUM POC This Month

An issue was discovered in the DoubleWiki extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37305 MEDIUM POC This Month

An issue was discovered in the ProofreadPage (aka Proofread Page) extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-37301 MEDIUM POC This Month

An issue was discovered in SubmitEntityAction in Wikibase in MediaWiki through 1.39.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-37300 MEDIUM POC This Month

An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-3469 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.0-beta.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-22815 MEDIUM This Month

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Authentication Bypass My Cloud Os
NVD
CVSS 3.1
6.7
EPSS
1.3%
CVE-2023-32620 MEDIUM PATCH This Month

Improper authentication vulnerability in WL-WN531AX2 firmware versions prior to 2023526 allows a network-adjacent attacker to obtain a password for the wireless network. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Wl Wn531Ax2 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-32608 MEDIUM This Month

Directory traversal vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to alter an arbitrary file on the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Pleasanter
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-37299 MEDIUM PATCH This Month

Joplin before 2.11.5 allows XSS via an AREA element of an image map. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Joplin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37298 MEDIUM PATCH This Month

Joplin before 2.11.5 allows XSS via a USE element in an SVG document. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Joplin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3477 MEDIUM This Month

A vulnerability was found in RocketSoft Rocket LMS 1.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rocket Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3476 MEDIUM This Month

A vulnerability was found in SimplePHPscripts GuestBook Script 2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Guestbook Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3475 MEDIUM This Month

A vulnerability was found in SimplePHPscripts Event Script 2.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Event Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3474 MEDIUM This Month

A vulnerability has been found in SimplePHPscripts Simple Blog 3.2 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Simple Blog
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1206 MEDIUM This Month

A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-35946 MEDIUM PATCH This Month

Gradle is a build tool with a focus on build automation and support for multi-language development. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gradle
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29147 MEDIUM This Month

In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Endpoint Detection And Response Malwarebytes
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-28387 MEDIUM This Month

"NewsPicks" App for Android versions 10.4.5 and earlier and "NewsPicks" App for iOS versions 10.4.2 and earlier use hard-coded credentials, which may allow a local attacker to analyze data in the app. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Newspicks
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37307 MEDIUM PATCH This Month

In MISP before 2.4.172, title_for_layout is not properly sanitized in Correlations, CorrelationExclusions, and Layouts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32607 MEDIUM This Month

Stored cross-site scripting vulnerability in Pleasanter (Community Edition and Enterprise Edition) 1.3.39.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pleasanter
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33336 MEDIUM This Month

Reflected cross site scripting (XSS) vulnerability was discovered in Sophos Web Appliance v4.3.9.1 that allows for arbitrary code to be inputted via the double quotes. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Sophos Web Appliance
NVD
CVSS 3.1
4.8
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy