Skip to main content
CVE-2023-5371 MEDIUM POC This Month

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-42808 MEDIUM POC This Month

Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla XSS Common Voice
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-27121 MEDIUM POC THREAT This Month

A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pleasant Password Server
NVD
CVSS 3.1
6.1
EPSS
21.3%
CVE-2023-5375 MEDIUM POC PATCH THREAT This Month

Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Mosparo
NVD GitHub
CVSS 3.1
6.1
EPSS
33.6%
CVE-2023-44075 MEDIUM POC This Month

Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Small Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43877 MEDIUM POC This Month

Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ritecms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-40376 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass IBM Urbancode Deploy
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5368 MEDIUM PATCH This Month

On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5291 MEDIUM PATCH This Month

The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Blog Filter
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5357 MEDIUM PATCH This Month

The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Instagram For Wordpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4380 MEDIUM This Month

A logic flaw exists in Ansible Automation platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ansible Automation Platform Ansible Developer Ansible Inside
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-5113 MEDIUM This Month

Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XSS HP Futuresmart 5
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-4497 MEDIUM This Month

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Chat Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4496 MEDIUM This Month

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Chat Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4495 MEDIUM This Month

Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Chat Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4492 MEDIUM This Month

Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easy Address Book Web Server
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4090 MEDIUM This Month

Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Widestand
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38537 MEDIUM This Month

A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected. Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Whatsapp
NVD
CVSS 3.1
5.6
EPSS
0.2%
CVE-2023-3576 MEDIUM This Month

A memory leak flaw was found in Libtiff's tiffcrop utility. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-44210 MEDIUM PATCH This Month

Sensitive information disclosure and manipulation due to missing authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3428 MEDIUM This Month

A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Imagemagick Extra Packages For Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4037 MEDIUM This Month

Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure SQLi Conacwin
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-5370 MEDIUM This Month

On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30737 MEDIUM This Month

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30734 MEDIUM This Month

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-3971 MEDIUM This Month

An HTML injection flaw was found in Controller in the user interface settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ansible Automation Controller Ansible Automation Platform Ansible Developer Ansible Inside
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-40684 MEDIUM This Month

IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4493 MEDIUM This Month

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Address Book Web Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44272 MEDIUM PATCH This Month

A cross-site scripting vulnerability exists in Citadel versions prior to 994. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Citadel
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30736 MEDIUM This Month

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Assistant
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-35905 MEDIUM PATCH This Month

IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Filenet Content Manager
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-3213 MEDIUM This Month

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wp Mail Smtp
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-3153 MEDIUM PATCH This Month

A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Open Virtual Network Openshift Container Platform Fast Datapath
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-38538 MEDIUM This Month

A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Information Disclosure Whatsapp
NVD
CVSS 3.1
5.0
EPSS
0.2%
CVE-2023-44389 MEDIUM PATCH This Month

Zope is an open-source web application server. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zope
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30731 MEDIUM This Month

Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
4.6
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy