Skip to main content
CVE-2023-2906 MEDIUM POC This Month

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-40802 MEDIUM POC This Month

The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac23 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-39600 MEDIUM POC This Month

IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icewarp
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-4534 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fusion Platform
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39700 MEDIUM POC This Month

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-40166 MEDIUM POC This Month

Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Notepad
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-40164 MEDIUM POC This Month

Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Notepad
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-40036 MEDIUM POC This Month

Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Notepad
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-24620 MEDIUM POC This Month

An issue was discovered in Esoteric YamlBeans through 1.15. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Yamlbeans
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-39742 MEDIUM POC This Month

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Giflib
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-39707 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-38974 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Badaso
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38712 MEDIUM This Month

An issue was discovered in Libreswan 3.x and 4.x before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Libreswan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38711 MEDIUM This Month

An issue was discovered in Libreswan before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libreswan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38710 MEDIUM This Month

An issue was discovered in Libreswan before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libreswan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-32678 MEDIUM This Month

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zulip Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-40580 MEDIUM PATCH This Month

Freighter is a Stellar chrome extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Freighter
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-40579 MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Openfga
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38201 MEDIUM PATCH This Month

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Keylime Enterprise Linux Enterprise Linux Eus Enterprise Linux For Ibm Z Systems +5
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3406 MEDIUM This Month

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Classic Web
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41080 MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Open Redirect Debian Linux
NVD
CVSS 3.1
6.1
EPSS
6.0%
CVE-2023-41250 MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41249 MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during copying Build Step. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
53.1%
CVE-2023-32797 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Video Carousel Slider With Lightbox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32603 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smart Donations
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32598 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Featured Image Pro Post Grid
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32518 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Chinese Conversion
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4520 MEDIUM PATCH This Month

The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_fv_player_user_video’ parameter saved via the 'save' function hooked via init, and the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Fv Flowplayer Video Player
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-39288 MEDIUM This Month

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges and internal network access to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Mivoice Connect
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-39287 MEDIUM This Month

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges and internal network access to. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Mivoice Connect
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-41248 MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 stored XSS was possible during Cloud Profiles configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-25981 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Form
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32576 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Locatoraid Store Locator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40577 MEDIUM PATCH This Month

Alertmanager handles alerts sent by client applications such as the Prometheus server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Alertmanager Debian Linux
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-38973 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the Add Tag function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Badaso
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40587 MEDIUM PATCH This Month

Pyramid is an open source Python web framework. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Python Pyramid Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-25848 MEDIUM This Month

ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arcgis Server
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-3425 MEDIUM This Month

Out-of-bounds read issue in M-Files Server versions below 23.8.12892.6 and LTS Service Release Versions before 23.2 LTS SR3 allows unauthenticated user to read restricted amount of bytes from memory. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Classic Web
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32755 MEDIUM This Month

e-Excellence U-Office Force generates an error message in webiste service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft U Office Force
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-40570 MEDIUM PATCH This Month

Datasette is an open source multi-tool for exploring and publishing data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Datasette
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-40217 MEDIUM This Month

An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-40182 MEDIUM This Month

Silverware Games is a premium social network where people can play games online. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Silverwaregames
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-40179 MEDIUM This Month

Silverware Games is a premium social network where people can play games online. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Silverwaregames
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39291 MEDIUM This Month

A vulnerability in the Connect Mobility Router component of MiVoice Connect through 9.6.2304.102 could allow an authenticated attacker with elevated privileges to conduct an information disclosure. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-39290 MEDIUM This Month

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through R19.3 SP3 (22.24.5800.0) could allow an authenticated attacker with elevated privileges to conduct an information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-41167 MEDIUM PATCH This Month

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webiny
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-32596 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Weebotlite
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32595 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sunny Search
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32575 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24394 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Iframe
NVD
CVSS 3.1
4.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy