Skip to main content
CVE-2023-29406 MEDIUM PATCH This Month

The HTTP/1 client does not fully validate the contents of the Host header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Go
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-20575 MEDIUM This Month

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Epyc 7251 Firmware Epyc 7281 Firmware Epyc 7301 Firmware +85
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-36871 MEDIUM PATCH This Month

Azure Active Directory Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +7
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-36868 MEDIUM PATCH This Month

Azure Service Fabric on Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Azure Service Fabric
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35348 MEDIUM PATCH This Month

Active Directory Federation Service Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Authentication Bypass Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-35331 MEDIUM PATCH This Month

Windows Local Security Authority (LSA) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35329 MEDIUM PATCH This Month

Windows Authentication Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-35321 MEDIUM PATCH This Month

Windows Deployment Services Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35319 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35318 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35316 MEDIUM PATCH This Month

Remote Procedure Call Runtime Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-35314 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35308 MEDIUM PATCH This Month

Windows MSHTML Platform Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-35296 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-33164 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-32037 MEDIUM PATCH This Month

Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-25606 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24881 MEDIUM PATCH This Month

Microsoft Teams Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Teams
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-34029 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Disable Wordpress Update Notifications And Auto Update Email Notifications
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-32104 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mycurator Content Curation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-25706 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Better Robots Txt
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-25443 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator - easily Button Builder plugin <= 2.3.5 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Button Generator
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-24417 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Worthy
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35780 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Galleria
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35778 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Recent Posts Slider
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35047 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF All Bootstrap Blocks
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-34185 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Nextgen Galleryview
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-23671 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Layer Slider
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36687 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Menubar
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-37391 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack - Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Mobile Pack
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35873 MEDIUM This Month

The Runtime Workbench (RWB) of SAP NetWeaver Process Integration - version SAP_XITOOL 7.50, does not perform authentication checks for certain functionalities that require user identity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Process Integration
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35872 MEDIUM This Month

The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Process Integration
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33992 MEDIUM This Month

The SAP BW BICS communication layer in SAP Business Warehouse and SAP BW/4HANA - version SAP_BW 730, SAP_BW 731, SAP_BW 740, SAP_BW 730, SAP_BW 750, DW4CORE 100, DW4CORE 200, DW4CORE 300, may expose. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Business Warehouse Bw 4Hana
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-23756 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Onevote
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37280 MEDIUM PATCH This Month

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Admin Classic Bundle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-34089 MEDIUM PATCH This Month

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Decidim
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-33171 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-32693 MEDIUM PATCH This Month

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Decidim
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-36389 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Mx5000Re Firmware Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Rx1500 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36386 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Mx5000Re Firmware Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Rx1500 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36918 MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Enable Now
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33988 MEDIUM This Month

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Enable Now
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33162 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Information Disclosure Buffer Overflow 365 Apps Office +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2020-20118 MEDIUM PATCH This Month

Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Antivirus
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36872 MEDIUM PATCH This Month

VP9 Video Extensions Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Vp9 Video Extensions
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-35341 MEDIUM PATCH This Month

Microsoft DirectMusic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-35326 MEDIUM PATCH This Month

Windows CDP User Components Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-35324 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-35306 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-33174 MEDIUM PATCH This Month

Windows Cryptographic Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.7%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy