Skip to main content
CVE-2023-35942 MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38501 MEDIUM POC PATCH This Month

copyparty is file server software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Copyparty
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
6.2%
CVE-2023-3890 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3888 MEDIUM POC This Month

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3887 MEDIUM POC This Month

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3886 MEDIUM POC This Month

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3885 MEDIUM POC This Month

A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3884 MEDIUM POC This Month

A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3883 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-39128 MEDIUM POC This Month

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gdb
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37257 MEDIUM POC This Month

DataEase is an open source data visualization analysis tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dataease
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36806 MEDIUM POC PATCH This Month

Contao is an open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Contao
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37902 MEDIUM POC PATCH This Month

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-35944 MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-3897 MEDIUM POC This Month

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.31 and below. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Suremdm
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
1.8%
CVE-2023-38503 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-38502 MEDIUM This Month

TDengine is an open source, time-series database optimized for Internet of Things devices. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Tdengine
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36826 MEDIUM PATCH This Month

Sentry is an error tracking and performance monitoring platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Sentry
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3637 MEDIUM This Month

An uncontrolled resource consumption flaw was found in openstack-neutron. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Openstack Platform
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-34189 MEDIUM PATCH This Month

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-21405 MEDIUM This Month

Knud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network Intercoms when communicating over OSDP, highlighting that the OSDP message parser crashes the pacsiod. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service A1001 Firmware A1210 B Firmware A1601 Firmware A1610 B Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-38745 MEDIUM PATCH This Month

Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required.

RCE Pandoc Debian Linux
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-3945 MEDIUM This Month

A vulnerability was found in phpscriptpoint Lawyer 1.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Lawyer
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38500 MEDIUM PATCH This Month

TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Html Sanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3944 MEDIUM This Month

A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Lawyer
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38435 MEDIUM PATCH This Month

An improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Felix Health Check Webconsole Plugin
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2023-39175 MEDIUM This Month

In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-36502 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Balkon
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36501 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teachpress
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34017 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Five Star Restaurant Menu
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35043 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Recent Posts Slider
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33925 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Product Categories Selection Widget
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39130 MEDIUM This Month

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Gdb
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39129 MEDIUM This Month

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Gdb
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32639 MEDIUM This Month

Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Applicant Programme
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37919 MEDIUM This Month

Cal.com is open-source scheduling software. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cal Com
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-35929 MEDIUM PATCH This Month

Tuleap is a free and open source suite to improve management of software development and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36503 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Maxbuttons
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23833 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Drop Shadow Boxes
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23568 MEDIUM This Month

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-25074 MEDIUM This Month

Improper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2),. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38499 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-33777 MEDIUM This Month

An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Amazon
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34369 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Login Configurator
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2850 MEDIUM PATCH This Month

NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nodebb
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-3773 MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Linux Enterprise Linux Fedora +2
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-3772 MEDIUM This Month

A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Enterprise Linux Enterprise Linux For Real Time +4
NVD
CVSS 3.1
4.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy