Skip to main content
CVE-2023-3990 MEDIUM POC PATCH This Month

A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mcms
NVD VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-3989 MEDIUM POC This Month

A vulnerability was found in SourceCodester Jewelry Store System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Jewelry Store System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-31935 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Rail Pass Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-31934 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Rail Pass Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3986 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Online Men S Salon Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-3977 MEDIUM POC PATCH This Month

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Backup Migration Clone Duplicate Post +7
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-38988 MEDIUM POC This Month

An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jeesite
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-38498 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-38599 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-32654 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2685 MEDIUM This Month

A vulnerability was found in AO-OPC server versions mentioned above. Rated medium severity (CVSS 6.3). No vendor patch available.

Information Disclosure Microsoft Ao Opc
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-32445 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-32427 MEDIUM This Month

This issue was addressed by using HTTPS when sending information over the network. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Apple Google Music
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-3488 MEDIUM This Month

Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28203 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Music
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37467 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Google XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38331 MEDIUM This Month

Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Supportcenter Plus
NVD
CVSS 3.1
5.4
EPSS
1.9%
CVE-2023-3774 MEDIUM This Month

An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-0958 MEDIUM PATCH This Month

Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Backup Migration Clone Duplicate Post +8
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-38685 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-37906 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy