Skip to main content
CVE-2023-4138 MEDIUM POC PATCH This Month

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3932 MEDIUM POC This Month

An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-4124 MEDIUM POC PATCH This Month

Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Answer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4136 MEDIUM POC PATCH This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.0.0 through. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple XSS Microsoft Craftercms
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-4119 MEDIUM POC This Month

A vulnerability has been found in Academy LMS 6.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Academy Lms
NVD VulDB Exploit-DB
CVSS 3.1
6.1
EPSS
2.0%
CVE-2023-4117 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Rental Property Booking Calendar
NVD VulDB Exploit-DB
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-4116 MEDIUM POC This Month

A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Taxi Booking Script
NVD VulDB Exploit-DB
CVSS 3.1
6.1
EPSS
5.2%
CVE-2023-4115 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cleaning Business Software
NVD VulDB Exploit-DB
CVSS 3.1
6.1
EPSS
5.2%
CVE-2023-4114 MEDIUM POC This Month

A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Night Club Booking Software
NVD VulDB Exploit-DB
CVSS 3.1
6.1
EPSS
5.1%
CVE-2023-4113 MEDIUM POC This Month

A vulnerability was found in PHP Jabbers Service Booking Script 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Service Booking Script
NVD VulDB Exploit-DB
CVSS 3.1
6.1
EPSS
5.2%
CVE-2023-4112 MEDIUM POC This Month

A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Shuttle Booking Software
NVD VulDB Exploit-DB
CVSS 3.1
6.1
EPSS
5.2%
CVE-2023-4111 MEDIUM POC This Month

A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bus Reservation System
NVD VulDB
CVSS 3.1
6.1
EPSS
2.5%
CVE-2023-4110 MEDIUM POC This Month

A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Availability Booking Calendar
NVD VulDB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2023-4127 MEDIUM POC PATCH This Month

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Answer
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-4145 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Customer Management Framework
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-39075 MEDIUM POC This Month

Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zoe Ev 2021 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2023-2754 MEDIUM This Month

The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Microsoft Warp
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2023-30951 MEDIUM This Month

The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Magritte Rest Source Bundle
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3180 MEDIUM PATCH This Month

A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Qemu Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-28468 MEDIUM This Month

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Kernel
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-37559 MEDIUM This Month

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37558 MEDIUM This Month

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37557 MEDIUM This Month

After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl +13
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37556 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37555 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37554 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37553 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37552 MEDIUM This Month

In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37551 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl +13
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-37550 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37549 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37548 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37547 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37546 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37545 MEDIUM This Month

In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control For Beaglebone Sl Control For Empc A Imx6 Sl Control For Iot2000 Sl Control For Linux Sl +12
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33368 MEDIUM This Month

Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Control Id Idsecure
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37501 MEDIUM This Month

A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37500 MEDIUM This Month

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-37499 MEDIUM This Month

A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Unica
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30958 MEDIUM This Month

A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Frontend
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-20218 MEDIUM This Month

A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Spa500Ds Firmware Spa500S Firmware Spa501G Firmware +9
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20181 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Spa500Ds Firmware Spa500S Firmware Spa501G Firmware +9
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4118 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cute Http File Server
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30950 MEDIUM This Month

The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Authentication Bypass Foundry Campaigns
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-3766 MEDIUM PATCH This Month

A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Odoh Rs
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-3348 MEDIUM PATCH This Month

The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Wrangler
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-3749 MEDIUM This Month

A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Videoedge
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-4133 MEDIUM This Month

A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4132 MEDIUM This Month

A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-20204 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Broadworks Application Delivery Platform Broadworks Application Server Broadworks Xtended Services Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy