Skip to main content
CVE-2023-40930 MEDIUM POC This Month

An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory traversal via mounting the Udisk to /mnt/. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Skyworth Os
NVD GitHub
CVSS 3.1
6.8
EPSS
1.2%
CVE-2023-42334 MEDIUM POC This Month

An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Crew Dispatch
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-39052 MEDIUM POC This Month

An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Earthgarden Waiting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39045 MEDIUM POC This Month

An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kokoroe Members Card
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39041 MEDIUM POC This Month

An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kukurudeli
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39044 MEDIUM POC This Month

An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ajino Shiretoko
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-2508 MEDIUM POC This Month

The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mobility Print Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-38875 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Php Login System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-40618 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Head Start
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5084 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Hestiacp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-43616 MEDIUM POC PATCH This Month

An issue was discovered in Croc through 9.6.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Croc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-36234 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43377 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP SQLi Hoteldruid
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43376 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hoteldruid
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39575 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Arp Guard
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-43618 MEDIUM POC PATCH This Month

An issue was discovered in Croc through 9.6.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Croc
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-43617 MEDIUM POC PATCH This Month

An issue was discovered in Croc through 9.6.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Croc
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-26144 MEDIUM POC PATCH This Month

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Graphql
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-43621 MEDIUM POC PATCH This Month

An issue was discovered in Croc through 9.6.5. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Croc
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-43501 MEDIUM PATCH This Month

A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Build Failure Analyzer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-25526 MEDIUM This Month

NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service Cumulus Linux
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5062 MEDIUM This Month

The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Charts
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5063 MEDIUM PATCH This Month

The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Widget Responsive For Youtube
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-38876 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Php Login System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-42656 MEDIUM This Month

In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Moveit Transfer
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22024 MEDIUM This Month

In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Vm Server Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20597 MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Ryzen 3 3100 Firmware Ryzen 3 3200G Firmware Ryzen 3 3200Ge Firmware +98
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43499 MEDIUM PATCH This Month

Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Build Failure Analyzer
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43495 MEDIUM PATCH This Month

Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-38718 MEDIUM PATCH This Month

IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Robotic Process Automation
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31014 MEDIUM This Month

NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Google RCE Information Disclosure +1
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-40368 MEDIUM PATCH This Month

IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Storage Protect
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-20594 MEDIUM This Month

Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Epyc 7003 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware +122
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-43502 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Build Failure Analyzer
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-43494 MEDIUM PATCH This Month

Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
3.4%
CVE-2023-34047 MEDIUM PATCH This Month

A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring For Graphql
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy