Skip to main content
CVE-2023-39951 MEDIUM POC PATCH This Month

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Information Disclosure Opentelemetry Instrumentation For Java
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36306 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Loganalyzer
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
3.8%
CVE-2023-38758 MEDIUM POC This Month

Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Workout Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4203 MEDIUM POC This Month

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eki 1524 Firmware Eki 1522 Firmware Eki 1521 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-4202 MEDIUM POC This Month

Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eki 1524 Firmware Eki 1522 Firmware Eki 1521 Firmware
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-37686 MEDIUM POC This Month

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Nurse Hiring System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37685 MEDIUM POC This Month

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Nurse Hiring System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37684 MEDIUM POC This Month

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Nurse Hiring System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37683 MEDIUM POC This Month

Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Nurse Hiring System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37689 MEDIUM POC This Month

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Maid Hiring Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37688 MEDIUM POC This Month

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Maid Hiring Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37690 MEDIUM POC This Month

Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Maid Hiring Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-26961 MEDIUM POC This Month

Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Alteryx Server
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-20569 MEDIUM POC This Month

A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Amd Information Disclosure Fedora Debian Linux Ryzen 9 5950X Firmware +152
NVD
CVSS 3.1
4.7
EPSS
6.2%
CVE-2023-20589 MEDIUM This Month

An attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Ryzen 5 Pro 3400G Firmware Ryzen 5 3400G Firmware Ryzen 5 Pro 3400Ge Firmware Ryzen 5 Pro 3350G Firmware +118
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-39209 MEDIUM This Month

Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Zoom
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38254 MEDIUM PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-36909 MEDIUM PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Denial Of Service Microsoft Windows 10 Windows 10 1607 +10
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-36908 MEDIUM PATCH This Month

Windows Hyper-V Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Windows 10 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-36894 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
2.2%
CVE-2023-36893 MEDIUM PATCH This Month

Microsoft Outlook Spoofing Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-36890 MEDIUM PATCH This Month

Microsoft SharePoint Server Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Authentication Bypass Sharepoint Server
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-36535 MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-35389 MEDIUM PATCH This Month

Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

RCE XXE Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35384 MEDIUM PATCH This Month

Windows HTML Platforms Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35377 MEDIUM PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-35376 MEDIUM PATCH This Month

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-38763 MEDIUM This Month

SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36136 MEDIUM This Month

PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Class Scheduling System
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-21647 MEDIUM PATCH This Month

Information disclosure in Bluetooth when an GATT packet is received due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Qca6390 Firmware Qca6391 Firmware Qca6426 Firmware Qca6436 Firmware +39
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-37492 MEDIUM This Month

SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver Application Server Abap
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-36869 MEDIUM PATCH This Month

Azure DevOps Server Spoofing Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Azure Devops Server
NVD
CVSS 3.1
6.3
EPSS
0.7%
CVE-2023-3652 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Ant
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-38761 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS Churchcrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-38384 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easync
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-27627 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Email Report
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24413 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Vertical Image Slider
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24409 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Responsive Tabs Horizontal Vertical And Accordion Tabs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32503 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Gtmetrix
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27421 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Everest News
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27412 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mocho Blog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37488 MEDIUM This Month

In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Netweaver Process Integration
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-36873 MEDIUM PATCH This Month

.NET Framework Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Net Framework
NVD
CVSS 3.1
5.9
EPSS
1.3%
CVE-2023-39436 MEDIUM This Month

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Supplier Relationship Management
NVD
CVSS 3.1
5.8
EPSS
0.4%
CVE-2023-39212 MEDIUM This Month

Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39210 MEDIUM This Month

Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Meeting Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-36914 MEDIUM PATCH This Month

Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 21h2 Windows 10 22h2 Windows 11 21H2 +2
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-36889 MEDIUM PATCH This Month

Windows Group Policy Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-20588 MEDIUM This Month

A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Debian Linux Epyc 7351P Firmware Epyc 7401P Firmware +44
NVD
CVSS 3.1
5.5
EPSS
12.4%
CVE-2023-20561 MEDIUM PATCH This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD μProf may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Denial Of Service Microsoft Amd Uprof
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy