Skip to main content
CVE-2023-37206 MEDIUM POC This Month

Uploading files which contain symlinks may have allowed an attacker to trick a user into submitting sensitive data to a malicious website. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34654 MEDIUM POC This Month

taocms <=3.0.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Taocms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30207 MEDIUM POC PATCH This Month

A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Kodi
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25399 MEDIUM POC PATCH This Month

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in Py_FindObjects() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Scipy
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-36828 MEDIUM POC PATCH This Month

Statamic is a flat-first, Laravel and Git powered content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Statamic
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-36809 MEDIUM POC PATCH This Month

Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Mozilla XSS Nginx File Upload Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-35863 MEDIUM POC This Month

In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Microsoft Http Debugger
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-35936 MEDIUM POC This Month

Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Rated medium severity (CVSS 5.0). Public exploit code available and no vendor patch available.

RCE Pandoc Debian Linux
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2023-3515 MEDIUM POC PATCH This Month

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

Gitea Open Redirect
NVD GitHub
CVSS 3.1
4.4
EPSS
0.5%
CVE-2023-27198 MEDIUM This Month

PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Pax A930 Firmware
NVD GitHub
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-27199 MEDIUM This Month

PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Pax A930 Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-27197 MEDIUM This Month

PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow an attacker to gain root access by running a crafted binary leveraging an exported function from a shared library. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Pax A930 Firmware
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-34107 MEDIUM This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-34472 MEDIUM This Month

AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-34106 MEDIUM This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35977 MEDIUM This Month

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-35976 MEDIUM This Month

Vulnerabilities exist which allow an authenticated attacker to access sensitive information on the ArubaOS command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3482 MEDIUM This Month

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37210 MEDIUM This Month

A website could prevent a user from exiting full-screen mode via alert and prompt calls. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-37205 MEDIUM This Month

The use of RTL Arabic characters in the address bar may have allowed for URL spoofing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37204 MEDIUM This Month

A website could have obscured the fullscreen notification by using an option element by introducing lag via an expensive computational function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37207 MEDIUM This Month

A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34244 MEDIUM This Month

GLPI is a free asset and IT management software package. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Glpi
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33335 MEDIUM This Month

Cross Site Scripting (XSS) in Sophos Sophos iView (The EOL was December 31st 2020) in grpname parameter that allows arbitrary script to be executed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sophos Iview
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-35978 MEDIUM This Month

A vulnerability in ArubaOS could allow an unauthenticated remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35971 MEDIUM This Month

A vulnerability in the ArubaOS web-based management interface could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arubaos
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3336 MEDIUM This Month

TN-5900 Series version 3.3 and prior versions is vulnearble to user enumeration vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tn 5900 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34150 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** Use of TikaEncodingDetector in Apache Any23 can cause excessive memory usage. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Any23
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2023-33201 MEDIUM PATCH This Month

Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Code Injection Bc Java
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-35786 MEDIUM This Month

Zoho ManageEngine ADManager Plus before 7183 allows admin users to exploit an XXE issue to view files. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
4.9
EPSS
3.0%
CVE-2023-2538 MEDIUM This Month

A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Path Traversal Information Disclosure S5552 S5552Wgm4Nr Ex Firmware S5552 S5552Wgm4Nr Firmware S5552 S5552Gm4Nr Firmware +1
NVD
CVSS 3.1
4.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy