Skip to main content
CVE-2023-34725 MEDIUM POC This Month

An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure La5570 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-34724 MEDIUM POC This Month

An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass La5570 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-4560 MEDIUM POC PATCH This Month

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Omeka S
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-39709 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39062 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Html2pdf
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-39708 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40755 MEDIUM POC This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Callback Widget
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-40752 MEDIUM POC This Month

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Make An Offer Widget
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-40751 MEDIUM POC This Month

PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Fundraising Script
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-40750 MEDIUM POC This Month

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Yacht Listing Script
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-39562 MEDIUM POC This Month

GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38969 MEDIUM POC This Month

Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Badaso
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-40753 MEDIUM POC This Month

There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Ticket Support Script
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-39578 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4561 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.4. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Omeka S
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-40781 MEDIUM PATCH This Month

Buffer Overflow vulnerability in Libming Libming v.0.4.8 allows a remote attacker to cause a denial of service via a crafted .swf file to the makeswf function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Denial Of Service Libming
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-40170 MEDIUM PATCH This Month

jupyter-server is the backend for Jupyter web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Jupyter Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39968 MEDIUM PATCH This Month

jupyter-server is the backend for Jupyter web applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Jupyter Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-4569 MEDIUM PATCH This Month

A memory leak flaw was found in nft_set_catchall_flush in net/netfilter/nf_tables_api.c in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Enterprise Linux Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-39348 MEDIUM PATCH This Month

Spinnaker is an open source, multi-cloud continuous delivery platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Spinnaker
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-26272 MEDIUM PATCH This Month

IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Guardium Cloud Key Manager
NVD
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy