Skip to main content
CVE-2023-31492 MEDIUM POC This Month

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Admanager Plus
NVD GitHub
CVSS 3.1
6.5
EPSS
5.3%
CVE-2023-39741 MEDIUM POC This Month

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38905 MEDIUM POC This Month

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Jeecg Boot
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4395 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Cockpit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-36844 MEDIUM POC KEV THREAT This Month

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper PHP Information Disclosure Junos
NVD
CVSS 3.1
5.3
EPSS
89.6%
CVE-2023-39743 MEDIUM POC This Month

lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lzma Software Development Kit
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-4392 MEDIUM POC This Month

A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Control Id Gerencia Web
NVD VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-31942 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Travel Agency System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-4029 MEDIUM This Month

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo K14 Type 21Cu Firmware K14 Type 21Cv Firmware +24
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-4028 MEDIUM This Month

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo 13W Yoga Firmware 13W Yoga Gen 2 Firmware +27
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-34419 MEDIUM This Month

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Legion 5 Pro 16Iah7H Firmware Legion 5 Pro 16Iah7 Firmware +28
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-29182 MEDIUM This Month

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet RCE Fortios
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-40168 MEDIUM PATCH This Month

TurboWarp is a desktop application that compiles scratch projects to JavaScript. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Turbowarp Desktop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-39971 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS.7.0-8.6.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Acymailing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-31072 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Advanced Category Template
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28693 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Advanced Youtube Channel Pagination
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31074 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extensions For Leaflet Map
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26530 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Updraft
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31076 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Recipe Maker For Your Food Blog From Zip Recipes
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31071 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Modal Dialog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30877 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Xml For Google Merchant Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4394 MEDIUM PATCH This Month

A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-30874 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Curtis GPS Plotter gps-plotter allows DOM-Based XSS.4.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-40251 MEDIUM This Month

Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.0: from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Genian Nac Genian Ztna
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-31079 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tippy
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28783 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Tip Donation
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28622 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Slider Revolution
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39974 MEDIUM This Month

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Acymailing
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-36847 MEDIUM KEV THREAT This Month

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper PHP Authentication Bypass Junos
NVD
CVSS 3.1
5.3
EPSS
84.7%
CVE-2023-36846 MEDIUM KEV THREAT This Month

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper PHP Authentication Bypass Junos
NVD
CVSS 3.1
5.3
EPSS
94.2%
CVE-2023-3244 MEDIUM This Month

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Comments Like Dislike
NVD VulDB
CVSS 3.1
4.3
EPSS
3.4%
CVE-2023-28690 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Browserupdate
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34412 MEDIUM This Month

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rex 250 Firmware Rex 200 Firmware Mbnet Rokey Rkh 210 Firmware Mbnet Rokey Rkh 216 Firmware +13
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-31091 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dynamically Register Sidebars
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30876 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Dave S Wordpress Live Search
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28533 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cab Grid
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-40281 MEDIUM PATCH This Month

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ec Cube
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-39973 MEDIUM This Month

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Acymailing
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-39972 MEDIUM This Month

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Acymailing
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy