Skip to main content
CVE-2023-36163 MEDIUM POC This Month

Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Buildagate
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
4.1%
CVE-2023-37767 MEDIUM POC This Month

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37766 MEDIUM POC This Month

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37765 MEDIUM POC This Month

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37174 MEDIUM POC This Month

GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3620 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tarteaucitron
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37658 MEDIUM POC This Month

fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Fast Poster
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37657 MEDIUM POC This Month

TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Twonav
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1672 MEDIUM POC PATCH This Month

A race condition exists in the Tang server functionality for key generation and key rotation. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. Public exploit code available.

Race Condition Information Disclosure Tang Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-37190 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pbx
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37189 MEDIUM POC This Month

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pbx
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-37191 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pbx
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-33153 MEDIUM PATCH This Month

Microsoft Outlook Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE Microsoft 365 Apps +2
NVD VulDB
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-35332 MEDIUM PATCH This Month

Windows Remote Desktop Protocol Security Feature Bypass. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-32043 MEDIUM PATCH This Month

Windows Remote Desktop Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-29347 MEDIUM PATCH This Month

Windows Admin Center Spoofing Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Windows Admin Center
NVD
CVSS 3.1
6.8
EPSS
1.9%
CVE-2023-36748 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ruggedcom Rox Mx5000 Firmware Ruggedcom Rox Mx5000Re Firmware Ruggedcom Rox Rx1400 Firmware Ruggedcom Rox Rx1500 Firmware +7
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-29156 MEDIUM This Month

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Code Injection Dronescout Ds230 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-32055 MEDIUM PATCH This Month

Active Template Library Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-33151 MEDIUM PATCH This Month

Microsoft Outlook Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35351 MEDIUM PATCH This Month

Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2023-35346 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2023-35345 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2023-35344 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2023-35310 MEDIUM PATCH This Month

Windows DNS Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

RCE Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.6
EPSS
0.7%
CVE-2023-29406 MEDIUM PATCH This Month

The HTTP/1 client does not fully validate the contents of the Host header. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Go
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-20575 MEDIUM This Month

A potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Epyc 7251 Firmware Epyc 7281 Firmware Epyc 7301 Firmware +85
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-36871 MEDIUM PATCH This Month

Azure Active Directory Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +7
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-36868 MEDIUM PATCH This Month

Azure Service Fabric on Windows Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Azure Service Fabric
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35348 MEDIUM PATCH This Month

Active Directory Federation Service Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Authentication Bypass Windows Server 2016 Windows Server 2019 Windows Server 2022
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-35331 MEDIUM PATCH This Month

Windows Local Security Authority (LSA) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Microsoft Windows Server 2012 Windows Server 2016 Windows Server 2019 +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35329 MEDIUM PATCH This Month

Windows Authentication Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-35321 MEDIUM PATCH This Month

Windows Deployment Services Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35319 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35318 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35316 MEDIUM PATCH This Month

Remote Procedure Call Runtime Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-35314 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35308 MEDIUM PATCH This Month

Windows MSHTML Platform Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-35296 MEDIUM PATCH This Month

Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-33164 MEDIUM PATCH This Month

Remote Procedure Call Runtime Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-32037 MEDIUM PATCH This Month

Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +4
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-25606 MEDIUM This Month

An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortianalyzer Fortimanager
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24881 MEDIUM PATCH This Month

Microsoft Teams Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Teams
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-34029 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Disable Wordpress Update Notifications And Auto Update Email Notifications
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-32104 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mycurator Content Curation
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-25706 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Better Robots Txt
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-25443 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator - easily Button Builder plugin <= 2.3.5 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Button Generator
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-24417 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Worthy
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35780 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Galleria
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-35778 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Recent Posts Slider
NVD
CVSS 3.1
6.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy