Skip to main content
CVE-2023-42811 MEDIUM POC PATCH This Month

aes-gcm is a pure Rust implementation of the AES-GCM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Aes Gcm Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-43782 MEDIUM POC This Month

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cadence
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-43090 MEDIUM POC PATCH This Month

A vulnerability was found in GNOME Shell. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Gnome Shell Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42812 MEDIUM POC This Month

Galaxy is an open-source platform for FAIR data analysis. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Galaxy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-43640 MEDIUM PATCH This Month

TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Information Disclosure SQLi Taxonworks
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23766 MEDIUM This Month

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4774 MEDIUM PATCH This Month

The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Connect Matomo
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-4716 MEDIUM PATCH This Month

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Media Library Assistant
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-43770 MEDIUM KEV PATCH THREAT This Month

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Webmail Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
58.5%
CVE-2023-43763 MEDIUM This Month

Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft F Secure Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-43771 MEDIUM PATCH This Month

In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Not Quite Ptp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy