Skip to main content
CVE-2023-34236 MEDIUM POC PATCH This Month

Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Authentication Bypass Hashicorp Gitops Terraform Controller
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-37472 MEDIUM POC This Month

Knowage is an open source suite for business analytics. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Knowage
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2082 MEDIUM POC PATCH This Month

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Buy Me A Coffee
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-3672 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Webmention Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-38253 MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service W3M Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-38252 MEDIUM POC This Month

An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service W3M Extra Packages For Enterprise Linux +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-36850 MEDIUM This Month

An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36849 MEDIUM This Month

An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36848 MEDIUM This Month

An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36834 MEDIUM This Month

An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-32760 MEDIUM This Month

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-32759 MEDIUM This Month

An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-36833 MEDIUM This Month

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Juniper Denial Of Service Memory Corruption Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36888 MEDIUM PATCH This Month

Microsoft Edge for Android (Chromium-based) Tampering Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-37224 MEDIUM This Month

An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36840 MEDIUM This Month

A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36838 MEDIUM This Month

An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3433 MEDIUM PATCH This Month

The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Jami
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3649 MEDIUM This Month

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3648 MEDIUM This Month

Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37223 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-24896 MEDIUM PATCH This Month

Dynamics 365 Finance Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-3434 MEDIUM PATCH This Month

Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Jami
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2975 MEDIUM PATCH This Month

Issue summary: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Management Services For Element Software And Netapp Hci Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-36836 MEDIUM This Month

A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to. Rated medium severity (CVSS 4.7). No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-36466 MEDIUM This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-36883 MEDIUM PATCH This Month

Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Apple Authentication Bypass Edge
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy