Skip to main content
CVE-2023-27421 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Everest News
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27412 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mocho Blog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37488 MEDIUM This Month

In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Process Integration
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-36873 MEDIUM PATCH This Month

.NET Framework Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Net Framework
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2023-39436 MEDIUM This Month

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Supplier Relationship Management
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2023-39212 MEDIUM This Month

Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39210 MEDIUM This Month

Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Meeting Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-36914 MEDIUM PATCH This Month

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +2
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-36889 MEDIUM PATCH This Month

Windows Group Policy Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-20588 MEDIUM This Month

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Epyc 7351P Firmware Epyc 7401P Firmware +44
NVD
CVSS 3.1
5.5
EPSS
12.4%
CVE-2023-20561 MEDIUM PATCH This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Microsoft Amd Uprof
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20556 MEDIUM PATCH This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Microsoft Amd Uprof
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3653 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Ant
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-39518 MEDIUM PATCH This Month

social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Social Media Skeleton
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38766 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP RCE XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30482 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wpbulky
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-28773 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Secondary Title
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-23880 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exactmetrics
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23877 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pinterest Rss Widget
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29099 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Divi
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39437 MEDIUM This Month

SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Business One
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-37487 MEDIUM This Month

SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

SAP Information Disclosure Business One
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37484 MEDIUM This Month

SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Powerdesigner
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-36926 MEDIUM This Month

Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Host Agent
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39218 MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-3569 MEDIUM This Month

In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloud Client 1101T Tx Firmware Tc Cloud Client 1002 4G Att Firmware Tc Cloud Client 1002 4G Firmware Tc Cloud Client 1002 4G Vzw Firmware +3
NVD
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-32292 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Chat Button
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-31221 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pdq Csv
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-28934 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Full Stripe Free
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-28931 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Connector
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-25984 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dovetail
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-27415 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Letterpress
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25459 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Snippets
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25063 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quick Page Post Redirect Plugin
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23829 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Owl Carousel
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-36692 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Cirrus
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-27422 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ns Coupon To Become Customer
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27416 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Decon Wp Sms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-38532 MEDIUM PATCH This Month

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Parasolid Teamcenter Visualization
NVD
CVSS 4.0
4.8
EPSS
0.2%
CVE-2023-35394 MEDIUM PATCH This Month

Azure HDInsight Jupyter Notebook Spoofing Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.6
EPSS
0.9%
CVE-2023-38188 MEDIUM PATCH This Month

Azure Apache Hadoop Spoofing Vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.5
EPSS
1.0%
CVE-2023-36881 MEDIUM PATCH This Month

Azure Apache Ambari Spoofing Vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.5
EPSS
1.0%
CVE-2023-36877 MEDIUM PATCH This Month

Azure Apache Oozie Spoofing Vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.5
EPSS
1.0%
CVE-2023-35393 MEDIUM PATCH This Month

Azure Apache Hive Spoofing Vulnerability. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Microsoft Azure Hdinsight
NVD
CVSS 3.1
4.5
EPSS
1.3%
CVE-2023-39440 MEDIUM This Month

In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker. Rated medium severity (CVSS 4.4). No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-36482 MEDIUM This Month

An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung S3Nrn4V Firmware S3Nsn4V Firmware S3Nsen4 Firmware +2
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-39342 LOW PATCH Monitor

Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. Rated low severity (CVSS 3.6), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Dangerzone
NVD GitHub
CVSS 3.1
3.6
EPSS
0.2%
CVE-2023-39978 LOW PATCH Monitor

ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Imagemagick Fedora
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-38524 LOW PATCH Monitor

A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization. Rated low severity (CVSS 2.0), this vulnerability is no authentication required. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Parasolid Teamcenter Visualization
NVD
CVSS 4.0
2.0
EPSS
0.2%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy