Skip to main content
CVE-2023-34317 MEDIUM POC This Month

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-32271 MEDIUM POC This Month

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-39365 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cacti Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-39360 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-39598 MEDIUM POC This Month

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Webclient
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-4778 MEDIUM POC PATCH This Month

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-36307 MEDIUM POC This Month

ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zplgfa
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36308 MEDIUM POC This Month

disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imaging
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-39364 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Cacti Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-34637 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Isarflow
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-39514 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-39513 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-41107 MEDIUM POC This Month

TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tef Portal
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4636 MEDIUM POC PATCH This Month

The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS Wordpress File Sharing Plugin
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
3.3%
CVE-2023-39516 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39515 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39512 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39510 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-39366 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2023-30534 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Cacti Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
2.6%
CVE-2023-35124 MEDIUM POC This Month

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-34994 MEDIUM POC This Month

An improper resource allocation vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Oas Platform
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4764 MEDIUM This Month

Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-21667 MEDIUM PATCH This Month

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Qca6390 Firmware Qca6391 Firmware Qca6426 Firmware Qca6436 Firmware +39
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36492 MEDIUM PATCH This Month

Reflected cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shirasagi
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39938 MEDIUM This Month

Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Video Insight
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-38574 MEDIUM This Month

Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Video Insight
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41317 MEDIUM PATCH This Month

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Apollo Router
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-22870 MEDIUM PATCH This Month

IBM Aspera Faspex 5.0.5 transmits sensitive information in cleartext which could be obtained by an attacker using man in the middle techniques. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-4480 MEDIUM This Month

Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Phpfusion
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-29261 MEDIUM This Month

IBM Sterling Secure Proxy 6.0.3 and 6.1.0 could allow a local user with specific information about the system to obtain privileged information due to inadequate memory clearing during operations. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling External Authentication Server
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32338 MEDIUM This Month

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Sterling External Authentication Server Sterling Secure Proxy
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38569 MEDIUM PATCH This Month

Stored cross-site scripting vulnerability in SHIRASAGI prior to v1.18.0 allows a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Shirasagi
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40705 MEDIUM This Month

Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Video Insight
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40535 MEDIUM This Month

Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Video Insight
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-20897 MEDIUM PATCH This Month

Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Salt
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-41908 MEDIUM PATCH This Month

Cerebrate before 1.15 lacks the Secure attribute for the session cookie. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Cerebrate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy