Skip to main content
CVE-2023-4977 MEDIUM POC PATCH This Month

Code Injection in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42442 MEDIUM POC PATCH THREAT This Month

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
5.3
EPSS
55.9%
CVE-2023-41889 MEDIUM POC This Month

SHIRASAGI is a Content Management System. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Shirasagi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-4665 HIGH This Week

Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Connect
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4664 HIGH This Week

Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Connect
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41900 MEDIUM POC PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Authentication Bypass Jetty Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-4991 HIGH This Week

A vulnerability was found in NextBX QWAlerter 4.50. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nextbx Qwalerter
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36658 HIGH This Week

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Media Validation Agent Metadefender Kiosk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0813 HIGH This Week

A flaw was found in the Network Observability plugin for OpenShift console. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Network Observability
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-40018 HIGH This Week

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Freeswitch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36562 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-36479 LOW POC PATCH Monitor

Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Canonical Information Disclosure Jetty Debian Linux
NVD GitHub
CVSS 3.1
3.1
EPSS
1.0%
CVE-2023-4680 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-37263 LOW POC PATCH Monitor

Strapi is the an open-source headless content management system. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
2.7
EPSS
0.5%
CVE-2023-32461 MEDIUM This Month

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Heap Overflow Poweredge R660 Firmware Poweredge R760 Firmware +50
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-41043 MEDIUM This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-41042 MEDIUM This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-40588 MEDIUM This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4986 LOW POC Monitor

A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Rated low severity (CVSS 2.5). Public exploit code available and no vendor patch available.

Information Disclosure Inplant Scada
NVD VulDB
CVSS 3.1
2.5
EPSS
0.2%
CVE-2023-4959 MEDIUM This Month

A flaw was found in Quay. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Quay
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-4963 MEDIUM This Month

The WS Facebook Like Box Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ws Facebook Like Box Widget
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4663 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-36727 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-4983 MEDIUM This Month

A vulnerability was found in app1pro Shopicial up to 20230830. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shopicial
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41880 MEDIUM PATCH This Month

Wasmtime is a standalone runtime for WebAssembly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wasmtime
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-40167 MEDIUM PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jetty Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-37459 MEDIUM PATCH This Month

Contiki-NG is an operating system for internet-of-things devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37281 MEDIUM PATCH This Month

Contiki-NG is an operating system for internet-of-things devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41626 MEDIUM This Month

Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Gradio
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy