Skip to main content
CVE-2023-37739 MEDIUM POC This Month

i-doit Pro v25 and below was discovered to be vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal I Doit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-42178 MEDIUM POC This Month

Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lenosp
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4841 MEDIUM POC PATCH This Month

The Feeds for YouTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Feeds For Youtube
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-40869 MEDIUM POC This Month

Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Moosocial
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-41588 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time To Sla
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40779 MEDIUM POC This Month

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Open Redirect Deep Castle G2
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-25588 MEDIUM POC PATCH This Month

A flaw was found in Binutils. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binutils
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-25586 MEDIUM POC PATCH This Month

A flaw was found in Binutils. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binutils
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25585 MEDIUM POC PATCH This Month

A flaw was found in Binutils. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binutils
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-41010 MEDIUM POC This Month

Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tewa 700G Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41592 MEDIUM POC PATCH This Month

Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Froala Editor
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-41160 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-26141 MEDIUM POC PATCH This Month

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Sidekiq
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-4965 MEDIUM POC This Month

A vulnerability was found in phpipam 1.5.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Phpipam
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-4944 MEDIUM This Month

The Awesome Weather Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Awesome Weather Widget
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4945 MEDIUM PATCH This Month

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Booster For Woocommerce
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4676 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Medaspro
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-32611 MEDIUM This Month

A flaw was found in GLib. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Glib
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-32665 MEDIUM This Month

A flaw was found in GLib. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-38558 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Simatic Pcs Neo
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42503 MEDIUM PATCH This Month

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.22 before 1.24.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Atlassian Java Apache +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-42362 MEDIUM This Month

An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Teller
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-41159 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41156 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38206 MEDIUM This Month

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Coldfusion
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-4951 MEDIUM This Month

A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Greenradius
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-4948 MEDIUM This Month

The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Woocommerce Cvr Payment Gateway
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-39286 MEDIUM This Month

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Connect Mobility Router
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-39285 MEDIUM This Month

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mivoice Connect
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy