Skip to main content
CVE-2023-3760 MEDIUM POC This Month

A vulnerability has been found in Intergard SGS 8.7.0 and classified as problematic. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Smartgard Silver With Matrix Keyboard
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-37733 MEDIUM POC This Month

An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE File Upload Tduck Platform
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3782 MEDIUM POC This Month

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Okhttp Brotli
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-37748 MEDIUM POC This Month

ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ngiflib
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-32262 MEDIUM PATCH This Month

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dimensions Cm
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-32261 MEDIUM PATCH This Month

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Dimensions Cm
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35898 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3466 MEDIUM This Month

Reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Netscaler Application Delivery Controller Netscaler Gateway
NVD
CVSS 3.1
6.1
EPSS
3.0%
CVE-2023-3757 MEDIUM This Month

A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Car Rental Php Script
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3756 MEDIUM This Month

A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlas
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3755 MEDIUM This Month

A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atlas
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3754 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ekushey Project Manager
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3753 MEDIUM This Month

A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mastery Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3752 MEDIUM This Month

A vulnerability was found in Creativeitem Academy LMS 5.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Academy Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-35134 MEDIUM This Month

Weintek Weincloud v0.13.6 could allow an attacker to reset a password with the corresponding account’s JWT token only. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Weincloud
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-32263 MEDIUM PATCH This Month

A potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Dimensions Cm
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-32635 MEDIUM This Month

XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Xbrl Data Create
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29260 MEDIUM PATCH This Month

IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Sterling Connect
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-30433 MEDIUM This Month

IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Open Redirect Security Verify Access
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3446 MEDIUM PATCH This Month

Issue summary: Checking excessively long DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
5.5%
CVE-2023-29259 MEDIUM PATCH This Month

IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Connect
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-35900 MEDIUM PATCH This Month

IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-33832 MEDIUM PATCH This Month

IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. Rated medium severity (CVSS 4.7).

Denial Of Service IBM Spectrum Protect Client Spectrum Protect For Space Management Spectrum Protect For Virtual Environments
NVD
CVSS 3.1
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy