Skip to main content
CVE-2023-4568 MEDIUM POC This Month

PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
3.6%
CVE-2023-42468 MEDIUM POC This Month

The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Color Phone
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-20190 MEDIUM POC This Month

A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cisco Apple Ios Xr
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-4039 MEDIUM POC This Month

**DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Gcc
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-3255 MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-20233 MEDIUM This Month

A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Null Pointer Dereference Apple Ios Xr
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-39916 MEDIUM PATCH This Month

NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal vulnerability in the optional, off-by-default. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Routinator
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25608 MEDIUM This Month

An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Fortiap Fortiap C Fortiap U Fortiap W2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4400 MEDIUM This Month

A password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Secure Web Gateway
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-41162 MEDIUM This Month

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40617 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Head Start
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-29306 MEDIUM This Month

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29305 MEDIUM This Month

Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Connect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4155 MEDIUM PATCH This Month

A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. Rated medium severity (CVSS 5.6).

Amd Denial Of Service Linux Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2023-3301 MEDIUM PATCH This Month

A flaw was found in QEMU. Rated medium severity (CVSS 5.6).

Denial Of Service Qemu Enterprise Linux
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2023-3280 MEDIUM This Month

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto Microsoft Cortex Xdr Agent
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40715 MEDIUM This Month

A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Fortitester
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41158 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41155 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41154 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41152 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3588 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamwork Cloud No Magic Release
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38215 MEDIUM This Month

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager Experience Manager Cloud Service
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38214 MEDIUM This Month

Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29183 MEDIUM This Month

An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet RCE XSS Fortiproxy Fortios
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-4917 MEDIUM This Month

The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.7 via the 'leyka_ajax_get_env_and_options' function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure WordPress Leyka
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-4915 MEDIUM This Month

The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wp User Control
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-36551 MEDIUM This Month

A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortisiem
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-27998 MEDIUM This Month

A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortipresence
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-4803 MEDIUM This Month

A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Insider Threat Management
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-4802 MEDIUM This Month

A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Insider Threat Management
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-36638 MEDIUM This Month

An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortianalyzer Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-4828 MEDIUM This Month

An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the server's configuration of any already-registered agent so that. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Insider Threat Management
NVD
CVSS 3.1
4.2
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy