Skip to main content
CVE-2023-38996 MEDIUM POC This Month

An issue in all versions of Douran DSGate allows a local authenticated privileged attacker to execute arbitrary code via the debug command. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Dsgate
NVD GitHub
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-23563 MEDIUM POC This Month

An issue was discovered in Geomatika IsiGeo Web 6.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Isigeo Web
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-38909 MEDIUM POC This Month

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tapo Tapo L530E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38668 MEDIUM POC This Month

Stack-based buffer over-read in disasm in nasm 2.16 allows attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38667 MEDIUM POC This Month

Stack-based buffer over-read in function disasm in nasm 2.16 allows attackers to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38666 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4encrypt. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38665 MEDIUM POC This Month

Null pointer dereference in ieee_write_file in nasm 2.16rc0 allows attackers to cause a denial of service (crash). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-39599 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Csz Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24516 MEDIUM POC This Month

Cross-site Scripting (XSS) vulnerability in the Pandora FMS Special Days component allows an attacker to use it to steal the session cookie value of admin users easily with little user interaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pandora Fms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23565 MEDIUM POC This Month

An issue was discovered in Geomatika IsiGeo Web 6.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure Isigeo Web
NVD GitHub
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-4212 MEDIUM This Month

​A command injection vulnerability exists in Trane XL824, XL850, XL1050, and Pivot thermostats allowing an attacker to execute arbitrary commands as root using a specially crafted filename. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Xl824 Firmware Xl850 Firmware Xl1050 Firmware Pivot Firmware
NVD
CVSS 3.1
6.8
EPSS
1.2%
CVE-2023-37438 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37437 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37436 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37435 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24515 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Pandora Fms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-38908 MEDIUM This Month

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to obtain sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tapo Tapo L530E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38906 MEDIUM This Month

An issue in TPLink Smart Bulb Tapo series L530 1.1.9, L510E 1.0.8, L630 1.0.3, P100 1.4.9, Smart Camera Tapo series C200 1.1.18, and Tapo Application 2.8.14 allows a remote attacker to obtain. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tapo Tapo L530E Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37439 MEDIUM This Month

Multiple vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct SQL injection attacks against the EdgeConnect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS SQLi Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37425 MEDIUM This Month

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24514 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Visual Console Module of Pandora FMS could be used to hijack admin users session cookie values, carry out phishing attacks, etc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4475 MEDIUM This Month

An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an attacker to exploit the file renaming feature to move files to unintended directories. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Data Master
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3699 MEDIUM This Month

An Improper Privilege Management vulnerability was found in ASUSTOR Data Master (ADM) allows an unprivileged local users to modify the storage devices configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Data Master
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-37423 MEDIUM This Month

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37422 MEDIUM This Month

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37421 MEDIUM This Month

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40370 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37440 MEDIUM This Month

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Edgeconnect Sd Wan Orchestrator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2020-27418 MEDIUM PATCH This Month

A Use After Free vulnerability in Fedora Linux kernel 5.9.0-rc9 allows attackers to obatin sensitive information via vgacon_invert_region() function. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Memory Corruption Linux Use After Free Fedora Linux Kernel
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-38733 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-38732 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy