Skip to main content
CVE-2023-21400 MEDIUM POC This Month

In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Buffer Overflow Android Debian Linux
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-37837 MEDIUM POC This Month

libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Libjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37836 MEDIUM POC This Month

libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libjpeg
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37849 MEDIUM POC This Month

A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Panda Security Vpn
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-33768 MEDIUM POC This Month

Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jwt Attack Wemo Smart Plug Wsp080 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-37787 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Geeklog
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37786 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Geeklog
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37785 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Impresscms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37598 MEDIUM POC This Month

A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service CSRF Pbx
NVD GitHub
CVSS 3.1
4.5
EPSS
0.6%
CVE-2023-30564 MEDIUM This Month

Alaris Systems Manager does not perform input validation during the Device Import Function. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

XSS Alaris Systems Manager
NVD
CVSS 3.1
6.9
EPSS
0.3%
CVE-2023-30560 MEDIUM This Month

The configuration from the PCU can be modified without authentication using physical connection to the PCU. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alaris 8015 Pcu Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-30562 MEDIUM This Month

A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Alaris Guardrails Editor
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-35693 MEDIUM PATCH This Month

In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-35833 MEDIUM This Month

An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Safeq Server
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3444 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37563 MEDIUM This Month

ELECOM wireless LAN routers are vulnerable to sensitive information exposure, which allows a network-adjacent unauthorized attacker to obtain sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wrc 1167Ghbk S Firmware Wrc 1167Gebk S Firmware Wrc 1167Febk S Firmware Wrc 1167Ghbk3 A Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-34135 MEDIUM This Month

Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service.3.2-SP1 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Sonicwall Analytics Global Management System
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-34134 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonicwall Analytics Global Management System
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-2190 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34125 MEDIUM This Month

Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges.3.2-SP1 and earlier versions; Analytics:. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Analytics Global Management System
NVD
CVSS 3.1
6.5
EPSS
25.2%
CVE-2023-36473 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30561 MEDIUM This Month

The data flowing between the PCU and its modules is insecure. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alaris 8015 Pcu Firmware
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-37746 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Maid Hiring Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37745 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Maid Hiring Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37744 MEDIUM This Month

Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Maid Hiring Management System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37743 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teacher Subject Allocation System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3660 MEDIUM This Month

A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Retro Cellphone Online Store
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3659 MEDIUM This Month

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ac Repair And Services System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-29457 MEDIUM PATCH This Month

Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frontend
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-29455 MEDIUM PATCH This Month

Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Frontend
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37561 MEDIUM This Month

Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Wrh 300Wh H Firmware Wtc 300Hwh Firmware Wtc C1167Gc B Firmware Wtc C1167Gc W Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37560 MEDIUM This Month

Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wrh 300Wh H Firmware Wtc 300Hwh Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30559 MEDIUM This Month

The firmware update package for the wireless card is not properly signed and can be modified. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Alaris 8015 Pcu Firmware
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-37468 MEDIUM PATCH This Month

Feedbacksystem is a personalized feedback system for students using artificial intelligence. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Feedbacksystem
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21260 MEDIUM This Month

In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21249 MEDIUM PATCH This Month

In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21243 MEDIUM PATCH This Month

In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21240 MEDIUM PATCH This Month

In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21239 MEDIUM PATCH This Month

In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Session Fixation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21238 MEDIUM PATCH This Month

In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Session Fixation Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20942 MEDIUM PATCH This Month

In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-3319 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-37272 MEDIUM PATCH This Month

JS7 is an Open Source Job Scheduler. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jobscheduler
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-31705 MEDIUM This Month

A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Task Reminder System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29456 MEDIUM PATCH This Month

URL validation scheme receives input from a user and then parses it to identify its various components. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Frontend
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29454 MEDIUM This Month

Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Frontend
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29452 MEDIUM This Month

Currently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
5.4
EPSS
62.0%
CVE-2023-2200 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Gitlab
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34458 MEDIUM PATCH This Month

mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Mx Chain Go
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-3362 MEDIUM This Month

An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy