Skip to main content
CVE-2023-20179 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Sd Wan Vmanage
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44207 MEDIUM This Month

Stored cross-site scripting (XSS) vulnerability in protection plan name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Cyber Protect
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-41904 MEDIUM This Month

Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Admanager Plus
NVD
CVSS 3.1
5.4
EPSS
2.0%
CVE-2023-41888 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Glpi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40669 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Collapse O Matic
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40605 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Typing Effect
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-40417 MEDIUM This Month

A window management issue was addressed with improved state management. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +2
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-30959 MEDIUM This Month

In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apollo Autopilot
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-27628 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sitekit
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-20251 MEDIUM This Month

A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Cisco Denial Of Service Mobility Express Software
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-4565 MEDIUM This Month

Broadcast permission control vulnerability in the framework module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-44205 MEDIUM This Month

Sensitive information disclosure due to improper authorization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Authentication Bypass Cyber Protect
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-43775 MEDIUM This Month

Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows attacker to potentially force an unexpected restart of the automation platform, impacting the availability of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Smp Sg 4260 Firmware Smp Sg 4250 Firmware Smp 4 Dp Firmware Smp 16 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-41323 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
5.3
EPSS
33.9%
CVE-2023-41312 MEDIUM This Month

Permission control vulnerability in the audio module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41311 MEDIUM This Month

Permission control vulnerability in the audio module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-40049 MEDIUM This Month

In WS_FTP Server version prior to 8.8.2, an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ws Ftp Server
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-36851 MEDIUM KEV THREAT This Month

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper PHP Authentication Bypass Junos
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-43493 MEDIUM This Month

SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Welcart E Commerce
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-2358 MEDIUM This Month

Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pentaho Business Analytics
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-41242 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Snap Pixel
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-41241 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Surecart
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40677 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Vertical Marquee
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40676 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Slimstat Analytics
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-40675 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Landing Page Builder
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40668 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Save As Pdf
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40665 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Save As Image
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40604 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cookies By Jm
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-40047 MEDIUM This Month

In WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ws Ftp Server
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28790 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Staff List
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-27622 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Guruwalk Affiliates
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-27617 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rsvpmaker
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-25483 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Coming Soon
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-20268 MEDIUM This Month

A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.  This. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Software Catalyst 9800 Embedded Wireless Controller Firmware Business 150Ax Firmware +1
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-41979 MEDIUM This Month

A race condition was addressed with improved locking. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Race Condition Information Disclosure Apple macOS
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-41981 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-40026 MEDIUM PATCH This Month

Argo CD is a declarative continuous deployment framework for Kubernetes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Path Traversal Argo Cd
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-42453 MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Synapse Fedora
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-40532 MEDIUM This Month

Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Welcart
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-40388 MEDIUM This Month

A privacy issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-35984 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple Ipados Iphone Os +3
NVD
CVSS 3.1
4.3
EPSS
0.7%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy