Skip to main content
CVE-2023-4508 MEDIUM POC This Month

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Denial Of Service Gerbv
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40877 MEDIUM POC This Month

DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_edit.php via the title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40876 MEDIUM POC This Month

DedeCMS up to and including 5.7.110 was discovered to contain a cross-site scripting (XSS) vulnerability at /dede/freelist_add.php via the title parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40875 MEDIUM POC This Month

DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_edit.php via the votename and votenote parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40874 MEDIUM POC This Month

DedeCMS up to and including 5.7.110 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/vote_add.php via the votename and voteitem1 parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39519 MEDIUM POC This Month

Cloud Explorer Lite is an open source cloud management platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudexplorer Lite
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-39521 MEDIUM POC PATCH This Month

Tuleap is an open source suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Tuleap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-39801 MEDIUM POC This Month

A lack of exception handling in the Renault Easy Link Multimedia System Software Version 283C35519R allows attackers to cause a Denial of Service (DoS) via supplying crafted WMA files when connecting. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Easy Link
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2023-38508 MEDIUM POC PATCH This Month

Tuleap is an open source suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Tuleap
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-34972 MEDIUM This Month

A cleartext transmission of sensitive information vulnerability has been reported to affect QNAP operating systems. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qnap Information Disclosure Qts Quts Hero
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4227 MEDIUM This Month

A vulnerability has been identified in the ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which can be exploited by malicious actors to potentially gain unauthorized access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iologik E4200 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-40030 MEDIUM PATCH This Month

Cargo downloads a Rust project’s dependencies and compiles the project. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Rust
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-32516 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Restaurant Menu Food Ordering System Table Reservation
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32511 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Booking Ultra Pro Appointments Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32510 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Order Your Posts Manually
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40371 MEDIUM This Month

IBM AIX 7.2, 7.3, VIOS 3.1's OpenSSH implementation could allow a non-privileged local user to access files outside of those allowed due to improper access controls. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

SSH Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40708 MEDIUM This Month

The File Transfer Protocol (FTP) port is open by default in the SNAP PAC S1 Firmware version R10.3b. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Snap Pac S1 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-34973 MEDIUM This Month

An insufficient entropy vulnerability has been reported to affect QNAP operating systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Information Disclosure Qts Quts Hero
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-4230 MEDIUM This Month

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, which has the potential to facilitate the collection of information on ioLogik 4000 Series. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Iologik E4200 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-3704 MEDIUM This Month

The vulnerability exists in CP-Plus DVR due to an improper input validation within the web-based management interface of the affected products. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cp Uvr 1601E1 Hc Firmware Cp Uvr 0401L1 4Kh Firmware Cp Uvr 0401L1B 4Kh Firmware Cp Uvr 0801F1 Hc Firmware +5
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-4229 MEDIUM This Month

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, potentially exposing users to security risks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Iologik E4200 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-4228 MEDIUM This Month

A vulnerability has been identified in ioLogik 4000 Series (ioLogik E4200) firmware versions v1.6 and prior, where the session cookies attribute is not set properly in the affected application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iologik E4200 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy