Skip to main content
CVE-2023-39711 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37798 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the new REDCap project creation function of Vanderbilt REDCap 13.1.35 allows attackers to execute arbitrary web scripts or HTML via injecting a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Redcap
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-41316 MEDIUM POC PATCH This Month

Tolgee is an open-source localization platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Tolgee
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41646 MEDIUM POC PATCH This Month

Buttercup v2.20.3 allows attackers to obtain the hash of the master password for the password manager via accessing the file /vaults.json/. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buttercup
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-20193 MEDIUM This Month

A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-40584 MEDIUM PATCH This Month

Argo CD is a declarative continuous deployment for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-4772 MEDIUM PATCH This Month

The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Newsletter
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-3747 MEDIUM This Month

Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Warp
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41161 MEDIUM This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-20194 MEDIUM This Month

A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-4792 MEDIUM PATCH This Month

The Duplicate Post Page Menu & Custom Post Type plugin for WordPress is vulnerable to unauthorized page and post duplication due to a missing capability check on the duplicate_ppmc_post_as_draft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Duplicate Post Page Menu Custom Post Type
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-36635 MEDIUM This Month

An improper access control in Fortinet FortiSwitchManager version 7.2.0 through 7.2.2 7.0.0 through 7.0.1 may allow a remote authenticated read-only user to modify the interface settings via the API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiswitchmanager
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy