Skip to main content
CVE-2023-40028 MEDIUM POC PATCH THREAT This Month

Ghost is an open source content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Ghost
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
57.6%
CVE-2023-38858 MEDIUM POC This Month

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Faad2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-38856 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38855 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38854 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38853 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38852 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-38851 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38857 MEDIUM POC This Month

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Faad2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-38850 MEDIUM POC This Month

Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Codedoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4347 MEDIUM POC PATCH THREAT This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
66.9%
CVE-2023-38898 MEDIUM POC This Month

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2023-39841 MEDIUM POC This Month

Missing encryption in the RFID tag of Etekcity 3-in-1 Smart Door Lock v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure 3 In 1 Smart Door Lock Firmware
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2023-20564 MEDIUM This Month

Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Ryzen Master Ryzen Master Monitoring Sdk
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-4367 MEDIUM This Month

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4350 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-4345 MEDIUM This Month

Broadcom RAID Controller web interface is vulnerable client-side control bypass leads to unauthorized data access for low privileged user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Broadcom Authentication Bypass Raid Controller Web Interface
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4371 MEDIUM This Month

A vulnerability was found in phpRecDB 1.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Phprecdb
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30747 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Easy Duplicate Product
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30498 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Vimeotheque
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4333 MEDIUM This Month

Broadcom RAID Controller web interface doesn’t enforce SSL cipher ordering by server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-4328 MEDIUM This Month

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Broadcom Microsoft Raid Controller Web Interface
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-4327 MEDIUM This Month

Broadcom RAID Controller web interface is vulnerable to exposure of sensitive data and the keys used for encryption are accessible to any local user on Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-38840 MEDIUM PATCH This Month

Bitwarden Desktop 2023.7.0 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Bitwarden
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-24478 MEDIUM PATCH This Month

Use of insufficiently random values for some Intel Agilex(R) software included as part of Intel(R) Quartus(R) Prime Pro Edition for linux before version 22.4 may allow an authenticated user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Quartus Prime
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30778 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Powerpress
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-4308 MEDIUM PATCH This Month

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘user-submitted-content’ parameter in versions up to, and including, 20230809 due to insufficient. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS User Submitted Posts
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4361 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-4359 MEDIUM This Month

Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Google Chrome Debian Linux +1
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-40027 MEDIUM PATCH This Month

Keystone is an open source headless CMS for Node.js - built with GraphQL and React. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Node.js Authentication Bypass Keystone
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32003 MEDIUM This Month

`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js Fedora
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-20560 MEDIUM This Month

Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Amd Denial Of Service Microsoft Ryzen Master Ryzen Master Monitoring Sdk
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-4365 MEDIUM This Month

Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4364 MEDIUM This Month

Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4363 MEDIUM This Month

Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4360 MEDIUM This Month

Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux Fedora
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy