Skip to main content
CVE-2023-36819 MEDIUM POC This Month

Knowage is the professional open source suite for modern business analytics over traditional sources and big data systems. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Knowage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-36816 MEDIUM POC This Month

2FA is a Web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Docker 2fauth
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36223 MEDIUM POC This Month

Cross Site Scripting vulnerability in mlogclub bbs-go v. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Bbs Go
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-36222 MEDIUM POC This Month

Cross Site Scripting vulnerability in mlogclub bbs-go v. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Bbs Go
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-34450 MEDIUM POC PATCH This Month

CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nginx Cometbft
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-3395 MEDIUM This Month

​All versions of the TWinSoft Configuration Tool store encrypted passwords as plaintext in memory. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36611 MEDIUM This Month

The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2728 MEDIUM PATCH This Month

Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2023-2727 MEDIUM PATCH This Month

Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-36608 MEDIUM This Month

The affected TBox RTUs store hashed passwords using MD5 encryption, which is an insecure encryption algorithm. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-36291 MEDIUM This Month

Cross Site Scripting vulnerability in Maxsite CMS v.108.7 allows a remote attacker to execute arbitrary code via the f_content parameter in the admin/page_new file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Maxsite Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36610 MEDIUM This Month

​The affected TBox RTUs generate software security tokens using insufficient entropy. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-37378 MEDIUM PATCH This Month

Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nullsoft Scriptable Install System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-3497 MEDIUM This Month

Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Google Chrome
NVD
CVSS 3.1
4.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy