Skip to main content
CVE-2023-37613 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trialworks
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2309 MEDIUM POC This Month

The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpforo Forum
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-20593 MEDIUM POC PATCH This Month

An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Xen Debian Linux Ryzen 3 3100 Firmware Ryzen 3 3300X Firmware +67
NVD
CVSS 3.1
5.5
EPSS
5.8%
CVE-2023-3745 MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Denial Of Service Imagemagick
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-3344 MEDIUM POC This Month

The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Auto Location For Wp Job Manager Via Google
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3248 MEDIUM POC This Month

The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Sticky Elements
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3019 MEDIUM PATCH CISA This Month

A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Qemu Enterprise Linux
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2023-33952 MEDIUM PATCH This Month

A double-free vulnerability was found in handling vmw_buffer_object objects in the vmwgfx driver in the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel Enterprise Linux Enterprise Linux For Real Time +1
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2023-22428 MEDIUM This Month

Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3861 MEDIUM This Month

A vulnerability was found in phpscriptpoint Insurance 1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Insurance
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3860 MEDIUM This Month

A vulnerability was found in phpscriptpoint Insurance 1.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Insurance
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3858 MEDIUM This Month

A vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Car Listing
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3857 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ecommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3856 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in phpscriptpoint Ecommerce 1.15. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Ecommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3855 MEDIUM This Month

A vulnerability classified as problematic was found in phpscriptpoint JobSeeker 1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Jobseeker
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3323 MEDIUM This Month

A vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Abb Zenon
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3384 MEDIUM This Month

A flaw was found in the Quay registry. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quay
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38057 MEDIUM This Month

An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3750 MEDIUM This Month

A flaw was found in libvirt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Libvirt Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-33951 MEDIUM PATCH This Month

A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. Rated medium severity (CVSS 5.3).

Information Disclosure Linux Linux Kernel Enterprise Linux Enterprise Linux For Real Time +1
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-3862 MEDIUM This Month

A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

XSS Travelable Trek Management Solution
NVD VulDB
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-2860 MEDIUM PATCH This Month

An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-38058 MEDIUM This Month

An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.0.X before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Otrs
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-3863 MEDIUM PATCH This Month

A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. Rated medium severity (CVSS 4.1). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel +1
NVD GitHub
CVSS 3.1
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy