Skip to main content
CVE-2023-37143 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-37142 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-37141 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-37140 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-37139 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-0160 MEDIUM POC PATCH This Month

A deadlock flaw was found in the Linux kernel’s BPF subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31441 MEDIUM POC This Month

In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Advisor Network
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-34035 MEDIUM POC PATCH This Month

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Spring Security
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-3527 MEDIUM PATCH This Month

A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Microsoft Call Management System
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2022-46857 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sitealert
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-22040 MEDIUM PATCH This Month

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Weblogic Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22037 MEDIUM PATCH This Month

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Web Applications Desktop Integrator
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22022 MEDIUM PATCH This Month

Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Health Sciences Applications
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-21994 MEDIUM PATCH This Month

Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Oracle Google Authentication Bypass Fusion Middleware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-2913 MEDIUM This Month

An executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Rockwell Thinmanager
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-28023 MEDIUM This Month

A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bigfix Webui
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-2433 MEDIUM PATCH This Month

The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Yet Another Related Posts Plugin
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-3708 MEDIUM PATCH This Month

Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Amela Arendelle Everse +2
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-22055 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22042 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Applications Framework
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22035 MEDIUM PATCH This Month

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Oracle XSS E Business Suite
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28020 MEDIUM This Month

URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Bigfix Webui
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-33312 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Captcha
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33231 MEDIUM PATCH This Month

XSS attack was possible in DPA 2023.2 due to insufficient input validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Database Performance Analyzer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36384 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32965 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Jazz Popups
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-21961 MEDIUM PATCH This Month

Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Oracle Authentication Bypass Hyperion Essbase Administration Services
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-22053 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
5.9
EPSS
1.2%
CVE-2023-22043 MEDIUM PATCH This Month

Vulnerability in Oracle Java SE (component: JavaFX). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Jdk Jre
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-21983 MEDIUM PATCH This Month

Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service Application Express
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2023-22017 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Oracle Denial Of Service Microsoft Vm Virtualbox
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-35763 MEDIUM This Month

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Scrutisweb
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3403 MEDIUM PATCH This Month

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-22061 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22050 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22039 MEDIUM PATCH This Month

Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Agile Plm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22020 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22011 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37259 MEDIUM PATCH This Month

matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Matrix React Sdk
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36383 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3709 MEDIUM PATCH This Month

The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Royal Elementor Addons Elementor
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-22041 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Rated medium severity (CVSS 5.1), this vulnerability is no authentication required.

Java Oracle Authentication Bypass Graalvm Graalvm For Jdk +8
NVD
CVSS 3.1
5.1
EPSS
0.5%
CVE-2023-22057 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-22056 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2023-22054 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-22046 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2023-22034 MEDIUM PATCH This Month

Vulnerability in the Unified Audit component of Oracle Database Server. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Database Server
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-22008 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Fedora Active Iq Unified Manager +3
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2023-22007 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service MySQL
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-21950 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service MySQL
NVD
CVSS 3.1
4.9
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy