Skip to main content
CVE-2023-37781 MEDIUM POC This Month

An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Emqx
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-37769 MEDIUM POC This Month

stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pixman
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-31853 MEDIUM POC This Month

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lt400 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31851 MEDIUM POC This Month

Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lt400 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3182 MEDIUM POC This Month

The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Restrict Content
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3041 MEDIUM POC This Month

The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Automatic Conversation
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31852 MEDIUM POC This Month

Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lt400 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2701 MEDIUM POC This Month

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gravity Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1893 MEDIUM POC This Month

The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Login Configurator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-37770 MEDIUM POC This Month

faust commit ee39a19 was discovered to contain a stack overflow via the component boxppShared::print() at /boxes/ppbox.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Faust
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-36656 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Jaeger Ui
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-2579 MEDIUM POC This Month

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Inventorypress
NVD GitHub WPScan
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-3694 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi House Rental And Property Listing
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2023-3245 MEDIUM POC This Month

The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Chaty
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3700 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Easyappointments
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-35818 MEDIUM This Month

An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Esp32 D0Wd V3 Firmware Esp32 D0Wdr2 V3 Firmware Esp32 U4Wdh Firmware Esp32 Pico V3 Firmware +18
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-35012 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM RCE Microsoft Stack Overflow +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-35096 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mycred
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-34140 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware +22
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3593 MEDIUM This Month

Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2960 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS).2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-38409 MEDIUM PATCH This Month

An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28864 MEDIUM This Month

Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Chef Infra Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3586 MEDIUM This Month

Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-2143 MEDIUM This Month

The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Enable Svg Webp Ico Upload
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0439 MEDIUM This Month

The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Nex Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34036 MEDIUM PATCH This Month

Reactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Hateoas
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-35901 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-33857 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-3585 MEDIUM This Month

Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3582 MEDIUM This Month

Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-3577 MEDIUM This Month

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost SSRF Mattermost Server
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy