Skip to main content
CVE-2023-40348 MEDIUM This Month

The webhook endpoint in Jenkins Gogs Plugin 1.0.15 and earlier provides unauthenticated attackers information about the existence of jobs in its output. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Gogs
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-30786 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Captcha Them All
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4374 MEDIUM This Month

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wp Remote Users Sync
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-20237 MEDIUM PATCH This Month

A vulnerability in Cisco Intersight Virtual Appliance could allow an unauthenticated, adjacent attacker to access internal HTTP services that are otherwise inaccessible. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity.

Cisco Authentication Bypass Intersight Virtual Appliance
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-40351 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Favorite View Plugin 5.v77a_37f62782d and earlier allows attackers to add or remove views from another user's favorite views tab bar. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Favorite View
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-40344 MEDIUM PATCH This Month

A missing permission check in Jenkins Delphix Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Delphix
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-40338 MEDIUM PATCH This Month

Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier displays an error message that includes an absolute path of a log file when attempting to access the Scan Organization Folder Log if no logs are. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Folders
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-40337 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy a view inside a folder. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Folders
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-32488 MEDIUM This Month

Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-4381 MEDIUM PATCH This Month

Unverified Password Change in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Instantcms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy