Skip to main content
CVE-2023-37941 MEDIUM POC PATCH THREAT This Month

If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Apache Python Deserialization Superset
NVD GitHub
CVSS 3.1
6.6
EPSS
29.2%
CVE-2023-39265 MEDIUM POC PATCH THREAT This Month

Apache Superset would allow for SQLite database connections to be incorrectly registered when an attacker uses alternative driver names like sqlite+pysqlite or by using database imports. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Superset
NVD GitHub
CVSS 3.1
6.5
EPSS
83.7%
CVE-2023-41601 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Csz Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39511 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-35719 MEDIUM This Month

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
6.8
EPSS
26.4%
CVE-2023-30709 MEDIUM This Month

Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-41329 MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Python Authentication Bypass Docker Python Wiremock Studio +2
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2023-39956 MEDIUM PATCH This Month

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Google Electron
NVD GitHub
CVSS 3.1
6.6
EPSS
0.6%
CVE-2023-41943 MEDIUM This Month

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to clear the SQS queue. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Aws Codecommit Trigger
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-41938 MEDIUM This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Ivy Plugin 2.5 and earlier allows attackers to delete disabled modules. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Ivy
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-41932 MEDIUM PATCH This Month

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Job Configuration History
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32362 MEDIUM This Month

Error handling was changed to not reveal sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28188 MEDIUM This Month

A denial-of-service issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28187 MEDIUM This Month

This issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4779 MEDIUM This Month

The User Submitted Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [usp_gallery] shortcode in versions up to, and including, 20230811 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress User Submitted Posts
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-4773 MEDIUM This Month

The WordPress Social Login plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wordpress_social_login_meta' shortcode in versions up to, and including, 3.0.4 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wordpress Social Login
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-38486 MEDIUM This Month

A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned. Rated medium severity (CVSS 6.4). No vendor patch available.

Aruba Authentication Bypass Arubaos
NVD
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-38485 MEDIUM This Month

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. Rated medium severity (CVSS 6.4). No vendor patch available.

Memory Corruption Buffer Overflow RCE Aruba Arubaos
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-38484 MEDIUM This Month

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. Rated medium severity (CVSS 6.4). No vendor patch available.

RCE Code Injection Aruba Arubaos
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-20263 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Open Redirect Hyperflex Hx Data Platform
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-41944 MEDIUM This Month

Jenkins AWS CodeCommit Trigger Plugin 3.0.12 and earlier does not escape the queue name parameter passed to a form validation URL, when rendering an error message, resulting in an HTML injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Aws Codecommit Trigger
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40601 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Estatik Mortgage Calculator
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-40554 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Blog2Social
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40553 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plausible Analytics
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30497 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Line Notify
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-29441 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Weblibrarian
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30730 MEDIUM This Month

Implicit intent hijacking vulnerability in Camera prior to versions 11.0.16.43 in Android 11, 12.1.00.30, 12.0.07.53, 12.1.03.10 in Android 12, and 13.0.01.43, 13.1.00.83 in Android 13 allows local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Camera
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30728 MEDIUM This Month

Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Packageinstallerchn
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30726 MEDIUM This Month

PendingIntent hijacking vulnerability in GameLauncher prior to version 4.2.59.5 allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Gamelauncher
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30725 MEDIUM This Month

Improper authentication in LocalProvier of Gallery prior to version 14.5.01.2 allows attacker to access the data in content provider. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Gallery
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30720 MEDIUM This Month

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30716 MEDIUM This Month

Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30713 MEDIUM This Month

Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-32438 MEDIUM This Month

This issue was addressed with improved checks to prevent unauthorized actions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32432 MEDIUM This Month

A privacy issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27950 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41327 MEDIUM PATCH This Month

WireMock is a tool for mocking HTTP services. Rated medium severity (CVSS 5.4), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Docker Studio Wiremock
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-41940 MEDIUM This Month

Jenkins TAP Plugin 2.3 and earlier does not escape TAP file contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control TAP file contents. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Tap
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-41931 MEDIUM PATCH This Month

Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Job Configuration History
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41150 MEDIUM This Month

F-RevoCRM 7.3 series prior to version7.3.8 contains a cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS F Revocrm
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-36388 MEDIUM PATCH This Month

Improper REST API permission in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma users to test network connections, possible SSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Superset
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-36387 MEDIUM PATCH This Month

An improper default REST API permission for Gamma users in Apache Superset up to and including 2.1.0 allows for an authenticated Gamma user to test database connections. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Apache Authentication Bypass Superset
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-4498 MEDIUM This Month

Tenda N300 Wireless N VDSL2 Modem Router allows unauthenticated access to pages that in turn should be accessible to authenticated users only. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tenda N300 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41934 MEDIUM PATCH This Month

Jenkins Pipeline Maven Integration Plugin 1330.v18e473854496 and earlier does not properly mask (i.e., replace with asterisks) usernames of credentials specified in custom Maven settings in Pipeline. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Pipeline Maven Integration
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-34352 MEDIUM This Month

A permissions issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-32370 MEDIUM This Month

A logic issue was addressed with improved validation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS Webkitgtk Wpe Webkit
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-4588 MEDIUM This Month

File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002 versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Secret Server
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2023-30706 MEDIUM This Month

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-40560 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Schedule Posts Calendar
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40552 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fitness Calculators Plugin
NVD
CVSS 3.1
4.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy