Skip to main content
CVE-2023-20556 MEDIUM PATCH This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Microsoft Amd Uprof
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3653 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Ant
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-39518 MEDIUM PATCH This Month

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Social Media Skeleton
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38766 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30482 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpbulky
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28773 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secondary Title
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23880 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exactmetrics
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23877 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pinterest Rss Widget
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29099 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Divi
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39437 MEDIUM This Month

SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business One
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-37487 MEDIUM This Month

SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP Information Disclosure Business One
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37484 MEDIUM This Month

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-36926 MEDIUM This Month

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39218 MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-3569 MEDIUM This Month

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Client 1101T Tx Firmware Tc Cloud Client 1002 4G Att Firmware Tc Cloud Client 1002 4G Firmware Tc Cloud Client 1002 4G Vzw Firmware +3
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-32292 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Chat Button
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-31221 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pdq Csv
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-28934 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Full Stripe Free
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-28931 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Connector
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-25984 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dovetail
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-27415 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Letterpress
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25459 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Snippets
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25063 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quick Page Post Redirect Plugin
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23829 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Owl Carousel
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-36692 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Cirrus
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-27422 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ns Coupon To Become Customer
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27416 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Decon Wp Sms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-38532 MEDIUM PATCH This Month

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Parasolid Teamcenter Visualization
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2023-35394 MEDIUM PATCH This Month

Azure HDInsight Jupyter Notebook Spoofing Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.6
EPSS
0.9%
CVE-2023-38188 MEDIUM PATCH This Month

Azure Apache Hadoop Spoofing Vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.5
EPSS
1.0%
CVE-2023-36881 MEDIUM PATCH This Month

Azure Apache Ambari Spoofing Vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.5
EPSS
1.0%
CVE-2023-36877 MEDIUM PATCH This Month

Azure Apache Oozie Spoofing Vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.5
EPSS
1.0%
CVE-2023-35393 MEDIUM PATCH This Month

Azure Apache Hive Spoofing Vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.5
EPSS
1.3%
CVE-2023-39440 MEDIUM This Month

In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker. Rated medium severity (CVSS 4.4). No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-36482 MEDIUM This Month

An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung S3Nrn4V Firmware S3Nsn4V Firmware S3Nsen4 Firmware +2
NVD
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy