Skip to main content
CVE-2023-2544 MEDIUM This Month

Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Peix
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42508 MEDIUM This Month

JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Artifactory
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-40212 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Product Attachment For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-40198 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Cookie Law
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-40009 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Pipes
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-39159 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Fraud Prevention For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-32792 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nxlog Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-32791 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Nxlog Manager
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4101 MEDIUM This Month

The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Qsige
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4099 MEDIUM This Month

The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Qsige
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5334 MEDIUM This Month

The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Responsive Header Image Slider
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-40519 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Centralized Accounts Management Auth Agent
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32790 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nxlog Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-0828 MEDIUM This Month

Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-4885 MEDIUM This Month

Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Open5gs
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-43627 MEDIUM This Month

Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Acera 1310 Firmware Acera 1320 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-28571 MEDIUM PATCH This Month

Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Apq8064au Firmware Csrb31024 Firmware Qca6390 Firmware +82
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-3335 MEDIUM This Month

Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensitive information.9.3-00. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ops Center Administrator
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43953 MEDIUM This Month

SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sscms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-43952 MEDIUM This Month

SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sscms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-43951 MEDIUM This Month

SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sscms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32671 MEDIUM This Month

A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Buddyboss
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32670 MEDIUM This Month

Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Buddyboss
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32669 MEDIUM This Month

Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Buddyboss
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-39429 MEDIUM This Month

Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Acera 1210 Firmware Acera 1150I Firmware Acera 1150W Firmware Acera 1110 Firmware +8
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32572 MEDIUM This Month

A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Purity Fa
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-4564 MEDIUM This Month

This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Canopsis
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3196 MEDIUM This Month

This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Canopsis
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4732 MEDIUM This Month

A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Linux Linux Kernel Codeready Linux Builder Codeready Linux Builder For Arm64 +7
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-34970 MEDIUM This Month

A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Use After Free Information Disclosure Memory Corruption Mali Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-33200 MEDIUM This Month

A local non-privileged user can make improper GPU processing operations to exploit a software race condition. Rated medium severity (CVSS 4.7). No vendor patch available.

Use After Free Information Disclosure Memory Corruption Bifrost Gpu Kernel Driver Mali Gpu Kernel Driver +1
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-4886 MEDIUM This Month

A sensitive information exposure vulnerability was found in foreman. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Tomcat Information Disclosure Foreman Satellite
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-37998 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler allows Cross Site Request Forgery.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Disabler
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-28373 LOW Monitor

A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Purity Fa
NVD
CVSS 3.1
2.7
EPSS
0.4%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy