Skip to main content
CVE-2023-35047 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF All Bootstrap Blocks
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-34185 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Nextgen Galleryview
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-23671 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Layer Slider
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36687 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Menubar
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-37391 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack - Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Mobile Pack
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35873 MEDIUM This Month

The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Process Integration
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35872 MEDIUM This Month

The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Process Integration
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33992 MEDIUM This Month

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Business Warehouse Bw 4Hana
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-23756 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Onevote
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37280 MEDIUM PATCH This Month

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Admin Classic Bundle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-34089 MEDIUM PATCH This Month

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Decidim
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-33171 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-32693 MEDIUM PATCH This Month

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Decidim
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-36389 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Mx5000Re Firmware Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Rx1500 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36386 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Mx5000Re Firmware Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Rx1500 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36918 MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Enable Now
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33988 MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Enable Now
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33162 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Information Disclosure Buffer Overflow 365 Apps Office +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-20118 MEDIUM PATCH This Month

Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36872 MEDIUM PATCH This Month

VP9 Video Extensions Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Vp9 Video Extensions
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-35341 MEDIUM PATCH This Month

Microsoft DirectMusic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-35326 MEDIUM PATCH This Month

Windows CDP User Components Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-35324 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-35306 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-33174 MEDIUM PATCH This Month

Windows Cryptographic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-32085 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-32041 MEDIUM PATCH This Month

Windows Update Orchestrator Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-32040 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-32039 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-35336 MEDIUM PATCH This Month

Windows MSHTML Platform Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-32052 MEDIUM PATCH This Month

Microsoft Power Apps (online) Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Power Apps
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-36390 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Mx5000Re Firmware Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Rx1500 Firmware +7
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35373 MEDIUM PATCH This Month

Mono Authenticode Validation Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Information Disclosure Jwt Attack Mono
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-36919 MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Enable Now
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-31405 MEDIUM This Month

SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Netweaver Application Server For Java
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-32083 MEDIUM PATCH This Month

Microsoft Failover Cluster Information Disclosure Vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Microsoft Information Disclosure Heap Overflow Windows Server 2016 +2
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2023-36924 MEDIUM This Month

While using a specific function, SAP ERP Defense Forces and Public Security - versions 600, 603, 604, 605, 616, 617, 618, 802, 803, 804, 805, 806, 807, allows an authenticated attacker with admin. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Information Disclosure Erp Defense Forces And Public Security
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-3108 MEDIUM PATCH This Month

A flaw was found in the subsequent get_user_pages_fast in the Linux kernel’s interface for symmetric key cipher algorithms in the skcipher_recvmsg of crypto/algif_skcipher.c function. Rated medium severity (CVSS 4.7).

Race Condition Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-35091 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in storeapps Stock Manager for WooCommerce woocommerce-stock-manager allows Cross Site Request Forgery.10.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-36517 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.

CSRF Wp Abstracts
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-35044 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Securimage Wp Fixed
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-1936 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy