Skip to main content
CVE-2023-41635 MEDIUM POC This Month

A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE Realgimm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-41642 MEDIUM POC This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Realgimm
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-4655 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Instantcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4683 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4682 MEDIUM POC PATCH This Month

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4681 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4678 MEDIUM POC PATCH This Month

Divide By Zero in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41717 MEDIUM POC This Month

Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Zscaler Proxy
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-4652 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Instantcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4651 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Instantcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-4649 MEDIUM POC PATCH This Month

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Session Fixation Instantcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41045 MEDIUM POC PATCH This Month

Graylog is a free and open log management platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection Graylog
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-4653 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Instantcms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4650 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Instantcms
NVD GitHub
CVSS 3.1
4.7
EPSS
0.5%
CVE-2023-2173 MEDIUM PATCH This Month

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Badgeos
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-41747 MEDIUM This Month

Sensitive information disclosure due to unauthenticated path traversal. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Microsoft Cloud Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-31174 MEDIUM This Month

A Cross-Site Request Forgery (CSRF) vulnerability in the Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator could allow an attacker to embed instructions that could be executed by an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sel 5037 Sel Grid Configurator
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-31171 MEDIUM This Month

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-31170 MEDIUM This Month

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-31168 MEDIUM This Month

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-41739 MEDIUM PATCH This Month

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Synology Router Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-31925 MEDIUM This Month

Brocade SANnav before v2.3.0 and v2.2.2a stores SNMPv3 Authentication passwords in plaintext. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4000 MEDIUM PATCH This Month

The Waiting: One-click countdowns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Waiting
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-3999 MEDIUM PATCH This Month

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Waiting
NVD VulDB
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-4315 MEDIUM PATCH This Month

The Woo Custom Emails for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wcemails_edit' parameter in versions up to, and including, 2.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Woo Custom Emails
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-4471 MEDIUM PATCH This Month

The Order Tracking Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the start_date and end_date parameters in versions up to, and including, 3.3.6 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Order Tracking
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-31169 MEDIUM This Month

An Improper Handling of Unicode Encoding vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sel 5030 Acselerator Quickset
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-4688 MEDIUM This Month

Sensitive information leak through log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41751 MEDIUM This Month

Sensitive information disclosure due to improper token expiration validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-41750 MEDIUM This Month

Sensitive information disclosure due to missing authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41745 MEDIUM This Month

Sensitive information disclosure due to excessive collection of system information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Agent Cyber Protect
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-34391 MEDIUM This Month

Insecure Inherited Permissions vulnerability in Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC Software on Windows allows Leveraging/Manipulating Configuration File Search Paths. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sel 5033 Acselerator Real Time Automation Controller
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-31423 MEDIUM This Month

Possible information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Brocade SANnav before v2.3.0 and 2.2.2a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Brocade Sannav
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2171 MEDIUM PATCH This Month

The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Badgeos
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2279 MEDIUM PATCH This Month

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Directory Kit
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-33834 MEDIUM PATCH This Month

IBM Security Verify Information Queue 10.0.4 and 10.0.5 could allow a remote attacker to obtain sensitive information that could aid in further attacks against the system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Security Verify Information Queue
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-41740 MEDIUM PATCH This Month

Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology Router Manager (SRM) before 1.3.1-9346-6 allows remote attackers to read. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Synology Router Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-3404 MEDIUM PATCH This Month

The ProfileGrid plugin for WordPress is vulnerable to unauthorized decryption of private information in versions up to, and including, 5.5.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Profilegrid
NVD VulDB
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-2354 MEDIUM PATCH This Month

The CHP Ads Block Detector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings reachable though an AJAX action in versions up to, and including, 3.9.4 due to. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Chp Ads Block Detector
NVD VulDB
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-39912 MEDIUM This Month

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
4.9
EPSS
4.0%
CVE-2023-4500 MEDIUM PATCH This Month

The Order Tracking Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the order status parameter in versions up to, and including, 3.3.6 due to insufficient input sanitization. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Order Tracking
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-4160 MEDIUM PATCH This Month

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 1.2.90 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-4163 MEDIUM This Month

In Brocade Fabric OS before v9.2.0a, a local authenticated privileged user can trigger a buffer overflow condition, leading to a kernel panic with large input to buffers in the portcfgfportbuffers. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Fabric Operating System
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-4162 MEDIUM This Month

A segmentation fault can occur in Brocade Fabric OS after Brocade Fabric OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg command. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Fabric Operating System
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-0689 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure via the 'mf_first_name' shortcode in versions up to, and including, 3.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Information Disclosure WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-4245 MEDIUM PATCH This Month

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the GetInvoiceDetail function in versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-4161 MEDIUM PATCH This Month

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2172 MEDIUM PATCH This Month

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Badgeos
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2352 MEDIUM PATCH This Month

The CHP Ads Block Detector plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Chp Ads Block Detector
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3764 MEDIUM PATCH This Month

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Woocommerce Pdf Invoice Builder
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy