Skip to main content
CVE-2023-35067 HIGH This Week

Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.20230701. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-38493 HIGH PATCH This Week

Armeria is a microservice framework Spring supports Matrix variables. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Java Authentication Bypass Armeria
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39174 HIGH This Week

In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Teamcity
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-3486 HIGH This Week

An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Authentication Bypass Papercut Mf Papercut Ng
NVD
CVSS 3.1
7.5
EPSS
75.8%
CVE-2023-34434 HIGH PATCH This Week

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-22363 HIGH This Week

A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.80 prior to vEL8.80.1192 (MR2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Denial Of Service Command Centre
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-36385 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPXPO PostX ultimate-post allows DOM-Based XSS.9.9. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-37361 LOW POC Monitor

REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Redcap
NVD
CVSS 3.1
2.7
EPSS
0.5%
CVE-2023-38503 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-38502 MEDIUM This Month

TDengine is an open source, time-series database optimized for Internet of Things devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tdengine
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36826 MEDIUM PATCH This Month

Sentry is an error tracking and performance monitoring platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Sentry
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3637 MEDIUM This Month

An uncontrolled resource consumption flaw was found in openstack-neutron. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openstack Platform
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-34189 MEDIUM PATCH This Month

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-21405 MEDIUM This Month

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service A1001 Firmware A1210 B Firmware A1601 Firmware A1610 B Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-38745 MEDIUM PATCH This Month

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required.

RCE Pandoc Debian Linux
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-3945 MEDIUM This Month

A vulnerability was found in phpscriptpoint Lawyer 1.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Lawyer
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38500 MEDIUM PATCH This Month

TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Html Sanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3944 MEDIUM This Month

A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Lawyer
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38435 MEDIUM PATCH This Month

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Felix Health Check Webconsole Plugin
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2023-39175 MEDIUM This Month

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-36502 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Balkon
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36501 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teachpress
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34017 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Five Star Restaurant Menu
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35043 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Recent Posts Slider
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33925 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Product Categories Selection Widget
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39130 MEDIUM This Month

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Gdb
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39129 MEDIUM This Month

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Gdb
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32639 MEDIUM This Month

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Applicant Programme
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37919 MEDIUM This Month

Cal.com is open-source scheduling software. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cal Com
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-35929 MEDIUM PATCH This Month

Tuleap is a free and open source suite to improve management of software development and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36503 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Maxbuttons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23833 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Drop Shadow Boxes
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23568 MEDIUM This Month

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-25074 MEDIUM This Month

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38499 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-33777 MEDIUM This Month

An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Amazon
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34369 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Login Configurator
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2850 MEDIUM PATCH This Month

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nodebb
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-3773 MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Linux Enterprise Linux Fedora +2
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-3772 MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Enterprise Linux Enterprise Linux For Real Time +4
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2023-38496 LOW PATCH Monitor

Apptainer is an open source container platform. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Apptainer
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy