Skip to main content
CVE-2023-40931 MEDIUM POC THREAT This Month

A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%.

PHP SQLi Nagios Xi
NVD VulDB
CVSS 3.1
6.5
EPSS
13.5%
CVE-2023-5060 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-41599 MEDIUM POC THREAT This Month

An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Jfinalcms
NVD
CVSS 3.1
5.3
EPSS
11.2%
CVE-2023-40788 MEDIUM POC This Month

SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Springblade
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-4376 MEDIUM POC This Month

The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Serial Codes Generator And Validator With Woocommerce Support
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2995 MEDIUM POC This Month

The Leyka WordPress plugin before 3.30.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Leyka
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-42399 MEDIUM This Month

Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Joditeditor
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4093 MEDIUM This Month

Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arconte Aurea
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41834 MEDIUM This Month

Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Flink Stateful Functions
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-38353 MEDIUM This Month

MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Power Data Recovery
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-5054 MEDIUM This Month

The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP WordPress Authentication Bypass Super Store Finder
NVD VulDB
CVSS 3.1
5.8
EPSS
0.2%
CVE-2023-40932 MEDIUM This Month

A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD VulDB
CVSS 3.1
5.4
EPSS
2.0%
CVE-2023-43566 MEDIUM This Month

In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-42452 MEDIUM PATCH This Month

Mastodon is a free, open-source social network server based on ActivityPub. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mastodon
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23957 MEDIUM This Month

An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Identity Portal
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-4095 MEDIUM This Month

User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arconte Aurea
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy