Skip to main content
CVE-2023-3792 MEDIUM POC This Month

A vulnerability was found in Beijing Netcon NS-ASG 6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-38334 MEDIUM POC This Month

Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Studio
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-37728 MEDIUM POC This Month

IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icewarp
NVD VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-38617 MEDIUM POC This Month

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Office Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37602 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS Opencms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37600 MEDIUM POC This Month

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Office Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37164 MEDIUM POC This Month

Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Diafan Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3789 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Paulprinting
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3790 MEDIUM POC This Month

A vulnerability has been found in Boom CMS 8.0.7 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boom Cms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3788 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Active Super Shop
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3787 MEDIUM POC This Month

A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tiva Events Calendar
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3785 MEDIUM POC This Month

A vulnerability was found in PaulPrinting CMS 2018. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Paulprinting
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3784 MEDIUM POC This Month

A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wifi File Explorer
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3783 MEDIUM POC This Month

A vulnerability was found in Webile 1.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webile Wifi Pc File Transfer
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37645 MEDIUM POC THREAT This Month

eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eyoucms
NVD GitHub
CVSS 3.1
5.3
EPSS
23.8%
CVE-2023-38523 MEDIUM POC This Month

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Fgn1115 Wp Wh Firmware Fgn1122 Sa Firmware Fgn1122 Cd Firmware +30
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-38335 MEDIUM POC This Month

Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Studio
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-3786 MEDIUM This Month

A vulnerability classified as problematic has been found in Aures Komet up to 20230509. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Komet Firmware
NVD VulDB
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-3800 MEDIUM This Month

A vulnerability was found in EasyAdmin8 2.0.2.2. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

File Upload Easyadmin8
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.6%
CVE-2023-32265 MEDIUM This Month

A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cobol Server Enterprise Developer Enterprise Server Enterprise Test Server +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-32481 MEDIUM This Month

Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3794 MEDIUM This Month

A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chaincity
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3347 MEDIUM This Month

A vulnerability was found in Samba's SMB2 packet signing mechanism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Samba Storage Enterprise Linux +1
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-32476 MEDIUM This Month

Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Hybrid Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32455 MEDIUM This Month

Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Thinos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-32447 MEDIUM This Month

Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Thinos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-32446 MEDIUM This Month

Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Thinos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-3779 MEDIUM PATCH This Month

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-34968 MEDIUM This Month

A path disclosure vulnerability was found in Samba. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samba Fedora Storage Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-34967 MEDIUM This Month

A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Samba Fedora Enterprise Linux +1
NVD
CVSS 3.1
5.3
EPSS
62.6%
CVE-2023-3300 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Nomad
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32482 MEDIUM This Month

Wyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wyse Management Suite
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-32483 MEDIUM This Month

Wyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Wyse Management Suite
NVD
CVSS 3.1
4.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy