Skip to main content
CVE-2023-5293 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ecshop
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-39308 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Userfeedback
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26147 MEDIUM POC This Month

All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Libhv
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26146 MEDIUM POC This Month

All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Libhv
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5257 MEDIUM POC This Month

A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Microsoft Jndiexploit
NVD GitHub VulDB
CVSS 3.1
5.7
EPSS
0.8%
CVE-2023-5273 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best Courier Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43944 MEDIUM POC This Month

A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Task Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26148 MEDIUM POC This Month

All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Libhv
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-5269 MEDIUM POC This Month

A vulnerability was found in SourceCodester Best Courier Management System 1.0. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.6%
CVE-2023-5259 MEDIUM POC This Month

A vulnerability classified as problematic was found in ForU CMS. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Foru Cms
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
1.0%
CVE-2023-5287 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beecms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3024 MEDIUM This Month

Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Gecko Software Development Kit
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5196 MEDIUM PATCH This Month

Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41691 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Pensopay
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41663 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Bannerize Pro
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41662 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Dtree
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41658 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Web Solution Photo Gallery Slideshow Masonry Tiled Gallery
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-0989 MEDIUM This Month

An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-5286 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Expense Tracker
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41687 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Goods Catalog
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-41666 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Stock Quotes List
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-5195 MEDIUM PATCH This Month

Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44270 MEDIUM PATCH This Month

An issue was discovered in PostCSS before 8.4.31. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Postcss
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-3914 MEDIUM This Month

A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-3775 MEDIUM This Month

A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace,. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-41661 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Smarty
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-41657 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Hollerbox
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-41655 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authldap
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-5194 MEDIUM PATCH This Month

Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-5198 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-4532 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-44469 MEDIUM PATCH This Month

A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Lemonldap
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-3979 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3920 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3115 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-2233 MEDIUM This Month

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy