Skip to main content
CVE-2023-40293 MEDIUM POC This Month

Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Harman Infotainment
NVD
CVSS 3.1
6.8
EPSS
1.7%
CVE-2023-40291 MEDIUM POC This Month

Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Harman Infotainment
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-28482 MEDIUM POC This Month

An issue was discovered in Tigergraph Enterprise 3.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tigergraph
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-28480 MEDIUM POC This Month

An issue was discovered in Tigergraph Enterprise 3.7.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Tigergraph
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-40294 MEDIUM POC This Month

libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_parseBlockI at i_parse_blk.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Boron
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-40024 MEDIUM POC PATCH This Month

ScanCode.io is a server to script and automate software composition analysis pipelines. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scancode Io
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2803 MEDIUM POC This Month

The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Addons For Contact Form 7
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4321 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Cockpit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-40360 MEDIUM POC PATCH This Month

QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-40305 MEDIUM POC This Month

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Indent
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-40013 MEDIUM POC PATCH This Month

SVG Loader is a javascript library that fetches SVGs using XMLHttpRequests and injects the SVG code in the tag's place. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Svg Loader
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-38687 MEDIUM POC PATCH This Month

Svelecte is a flexible autocomplete/select component written in Svelte. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Svelecte
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3721 MEDIUM POC This Month

The WP-EMail WordPress plugin before 2.69.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Email
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3645 MEDIUM POC This Month

The Contact Form Builder by Bit Form WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3328 MEDIUM POC This Month

The Custom Field For WP Job Manager WordPress plugin before 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Custom Field For Wp Job Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2802 MEDIUM POC This Month

The Ultimate Addons for Contact Form 7 WordPress plugin before 3.1.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Addons For Contact Form 7
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2606 MEDIUM POC This Month

The WP Brutal AI WordPress plugin before 2.06 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Brutal Ai
NVD WPScan
CVSS 3.1
4.8
EPSS
2.0%
CVE-2023-37070 MEDIUM POC This Month

Code Projects Hospital Information System 1.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hospital Information System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3601 MEDIUM POC This Month

The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting information about that user, leading to arbitrary user information disclosure to users with a role as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Simple Author Box
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-40292 MEDIUM POC This Month

Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Harman Infotainment
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-21140 MEDIUM PATCH This Month

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-21134 MEDIUM PATCH This Month

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-21133 MEDIUM PATCH This Month

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-21132 MEDIUM PATCH This Month

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2023-21264 MEDIUM PATCH This Month

In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-3262 MEDIUM This Month

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

PostgreSQL Authentication Bypass Iboot Pdu4A C10 Firmware Iboot Pdu4A C20 Firmware Iboot Pdu4A N15 Firmware +19
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-40354 MEDIUM This Month

An issue was discovered in MariaDB MaxScale before 23.02.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Maxscale
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28768 MEDIUM PATCH This Month

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zyxel Xgs2220 30 Firmware Xgs2220 30F Firmware Xgs2220 30Hp Firmware +8
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-30754 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adfoxly
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30489 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Email Subscription Popup
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28535 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Paytm Payment Donation
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30483 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Watu Quiz
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30475 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Affiliate
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28199 MEDIUM This Month

An out-of-bounds read issue existed that led to the disclosure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27948 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27947 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27939 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21292 MEDIUM PATCH This Month

In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21290 MEDIUM PATCH This Month

In update of MmsProvider.java, there is a possible way to bypass file permission checks due to a race condition. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Race Condition Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21289 MEDIUM PATCH This Month

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21288 MEDIUM PATCH This Month

In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21285 MEDIUM PATCH This Month

In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21284 MEDIUM PATCH This Month

In multiple functions of DevicePolicyManager.java, there is a possible way to prevent enabling the Find my Device feature due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21283 MEDIUM PATCH This Month

In multiple functions of StatusHints.java, there is a possible way to reveal images across users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21280 MEDIUM PATCH This Month

In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21279 MEDIUM PATCH This Month

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21277 MEDIUM PATCH This Month

In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21276 MEDIUM PATCH This Month

In writeToParcel of CursorWindow.cpp, there is a possible information disclosure due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21274 MEDIUM PATCH This Month

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21271 MEDIUM PATCH This Month

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy