Skip to main content
CVE-2023-38698 MEDIUM POC PATCH MAL This Month

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ethereum Name Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38695 MEDIUM POC PATCH This Month

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cypress Image Snapshot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39112 MEDIUM POC This Month

ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ecshop
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36158 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Toll Tax Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38964 MEDIUM POC This Month

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Academy Lms
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-4158 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Omeka S
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38991 MEDIUM POC This Month

An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jeesite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4157 MEDIUM POC PATCH This Month

0.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Omeka S
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4140 MEDIUM PATCH This Month

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

WordPress Privilege Escalation Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-38699 MEDIUM PATCH This Month

MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Mindsdb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-38332 MEDIUM This Month

Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
6.5
EPSS
3.0%
CVE-2023-38691 MEDIUM PATCH This Month

matrix-appservice-bridge provides an API for setting up bridges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Authentication Bypass Matrix Appservice Bridge
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4135 MEDIUM PATCH This Month

A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Qemu Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4002 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-36159 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Lost And Found Information System
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-36138 MEDIUM This Month

PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Cleaning Business Software
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36137 MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Class Scheduling System
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38697 MEDIUM PATCH This Month

protocol-http1 provides a low-level implementation of the HTTP/1 protocol. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Protocol Http1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-38686 MEDIUM PATCH This Month

Sydent is an identity server for the Matrix communications protocol. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required.

Information Disclosure Sydent
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-34038 MEDIUM This Month

VMware Horizon Server contains an information disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Horizon Client
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-34037 MEDIUM This Month

VMware Horizon Server contains a HTTP request smuggling vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure VMware Request Smuggling Horizon Client
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-36141 MEDIUM This Month

User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cleaning Business Software
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-0264 MEDIUM PATCH This Month

A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Keycloak Single Sign On Openshift Container Platform Openshift Container Platform For Ibm Linuxone +1
NVD
CVSS 3.1
5.0
EPSS
1.3%
CVE-2023-39343 MEDIUM PATCH This Month

Sulu is an open-source PHP content management system based on the Symfony framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PHP Sulu
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy