Skip to main content
CVE-2023-4913 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Cecil
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26142 MEDIUM POC This Month

All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Crow
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41423 MEDIUM POC This Month

Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Wp Githuber Md
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-32005 MEDIUM POC This Month

A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Node.js Information Disclosure Node Js
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-39201 MEDIUM This Month

Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cleanzoom
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-36759 MEDIUM PATCH This Month

Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.7).

Information Disclosure Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
6.7
EPSS
0.5%
CVE-2023-39215 MEDIUM This Month

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Meeting Software Development Kit Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-36799 MEDIUM PATCH This Month

.NET Core and Visual Studio Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Visual Studio 2022
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2023-36761 MEDIUM KEV PATCH THREAT This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
6.5
EPSS
19.0%
CVE-2023-40712 MEDIUM PATCH This Month

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-27169 MEDIUM This Month

Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Write Back Manager
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-4890 MEDIUM PATCH This Month

The JQuery Accordion Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Jquery Accordion Menu Widget
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4840 MEDIUM PATCH This Month

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Mappress
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4887 MEDIUM PATCH This Month

The Google Maps Plugin by Intergeo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Google XSS WordPress Google Maps Plugin By Intergeo
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4893 MEDIUM This Month

The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SSRF Crayon Syntax Highlighter
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-40621 MEDIUM This Month

SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP RCE Code Injection Powerdesigner
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-41013 MEDIUM This Month

Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icewarp
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-21522 MEDIUM This Month

A Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Athoc
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-4813 MEDIUM PATCH This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Memory Corruption Glibc Enterprise Linux +14
NVD
CVSS 3.1
5.9
EPSS
1.7%
CVE-2023-36777 MEDIUM POC PATCH THREAT This Month

Microsoft Exchange Server Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Microsoft Information Disclosure Deserialization Exchange Server
NVD
CVSS 3.1
5.7
EPSS
81.2%
CVE-2023-41764 MEDIUM PATCH This Month

Microsoft Office Spoofing Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Jwt Attack Microsoft 365 Apps Office +1
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-38160 MEDIUM PATCH This Month

Windows TCP/IP Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2023-38140 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-36803 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Microsoft Windows 10 1607 Windows 10 1809 +7
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-36766 MEDIUM PATCH This Month

Microsoft Excel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft 365 Apps Excel +3
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2023-21523 MEDIUM This Month

A Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Athoc
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-30962 MEDIUM This Month

The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Gotham Cerberus
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38164 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-36886 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-36800 MEDIUM PATCH This Month

Dynamics Finance and Operations Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-29463 MEDIUM This Month

The JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass Pavilion8
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-0119 MEDIUM This Month

A stored Cross-site scripting vulnerability was found in foreman. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Satellite
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-37875 MEDIUM This Month

Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wing Ftp Server
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-40625 MEDIUM This Month

S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass S4core
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40624 MEDIUM This Month

SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Netweaver Application Server Abap
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-41885 MEDIUM PATCH This Month

Piccolo is an ORM and query builder which supports asyncio. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Piccolo
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-21520 MEDIUM This Month

A PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Athoc
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-38152 MEDIUM PATCH This Month

DHCP Server Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
5.3
EPSS
24.0%
CVE-2023-36801 MEDIUM PATCH This Month

DHCP Server Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2023-41368 MEDIUM This Month

The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass S 4 Hana
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41367 MEDIUM This Month

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Authentication Bypass Netweaver
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37489 MEDIUM This Month

Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Businessobjects Business Intelligence
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-34469 MEDIUM This Month

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aptio V
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-36736 MEDIUM PATCH This Month

Microsoft Identity Linux Broker Remote Code Execution Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Identity Linux Broker
NVD
CVSS 3.1
4.4
EPSS
1.7%
CVE-2023-4909 MEDIUM This Month

Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4908 MEDIUM This Month

Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4907 MEDIUM This Month

Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4906 MEDIUM This Month

Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-4905 MEDIUM This Month

Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-4904 MEDIUM This Month

Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Fedora Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy