Skip to main content
CVE-2023-42439 MEDIUM POC PATCH This Month

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Geonode
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-40019 MEDIUM POC This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38706 MEDIUM POC This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4984 MEDIUM POC This Month

A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Knowsearch
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-40983 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4973 MEDIUM POC This Month

A vulnerability was found in Academy LMS 6.2 on Windows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Academy Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2023-4978 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-36472 MEDIUM POC PATCH This Month

Strapi is an open-source headless content management system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-40982 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40986 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40985 MEDIUM POC This Month

An issue was discovered in Webmin 2.100. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Webmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40984 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4982 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-4981 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-4980 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-4979 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-4977 MEDIUM POC PATCH This Month

Code Injection in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42442 MEDIUM POC PATCH THREAT This Month

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
5.3
EPSS
55.9%
CVE-2023-41889 MEDIUM POC This Month

SHIRASAGI is a Content Management System. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Shirasagi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-41900 MEDIUM POC PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Authentication Bypass Jetty Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-4680 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-32461 MEDIUM This Month

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Dell Heap Overflow Poweredge R660 Firmware Poweredge R760 Firmware +50
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-41043 MEDIUM This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-41042 MEDIUM This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-40588 MEDIUM This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4959 MEDIUM This Month

A flaw was found in Quay. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Quay
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-4963 MEDIUM This Month

The WS Facebook Like Box Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ws Facebook Like Box Widget
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4663 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connect
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-36727 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-4983 MEDIUM This Month

A vulnerability was found in app1pro Shopicial up to 20230830. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shopicial
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41880 MEDIUM PATCH This Month

Wasmtime is a standalone runtime for WebAssembly. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Wasmtime
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-40167 MEDIUM PATCH This Month

Jetty is a Java based web server and servlet engine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Jetty Debian Linux
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-37459 MEDIUM PATCH This Month

Contiki-NG is an operating system for internet-of-things devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37281 MEDIUM PATCH This Month

Contiki-NG is an operating system for internet-of-things devices. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41626 MEDIUM This Month

Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Gradio
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy