Skip to main content
CVE-2023-42788 MEDIUM POC This Month

An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fortianalyzer Fortimanager
NVD GitHub
CVSS 3.1
6.7
EPSS
1.3%
CVE-2023-42787 MEDIUM POC This Month

A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Fortinet RCE Fortianalyzer Fortimanager
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-30804 MEDIUM POC THREAT This Month

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Next Gen Application Firewall
NVD
CVSS 3.1
6.5
EPSS
12.8%
CVE-2023-5496 MEDIUM POC This Month

A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla XSS Translator Poqdev Add On
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-44763 MEDIUM POC This Month

Concrete CMS v9.2.1 is affected by an Arbitrary File Upload vulnerability via a Thumbnail file upload, which allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-44826 MEDIUM POC This Month

Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zentao
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45648 MEDIUM POC PATCH This Month

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Debian Linux
NVD
CVSS 3.1
5.3
EPSS
5.8%
CVE-2023-41763 MEDIUM POC KEV PATCH THREAT This Month

Skype for Business Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Skype For Business Server
NVD
CVSS 3.1
5.3
EPSS
90.4%
CVE-2023-30802 MEDIUM POC This Month

The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Next Gen Application Firewall
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5498 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Chiefonboarding
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-37194 MEDIUM This Month

A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Authentication Bypass Simatic Cp 1604 Firmware Simatic Cp 1616 Firmware Simatic Cp 1623 Firmware +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-36717 MEDIUM PATCH This Month

Windows Virtual Trusted Platform Module Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +7
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36706 MEDIUM PATCH This Month

Windows Deployment Services Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Windows Server 2008 Windows Server 2012 Windows Server 2016 +2
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-36566 MEDIUM PATCH This Month

Microsoft Common Data Model SDK Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Microsoft Common Data Model Sdk
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-36564 MEDIUM PATCH This Month

Windows Search Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-36433 MEDIUM PATCH This Month

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-36429 MEDIUM PATCH This Month

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Microsoft Dynamics 365
NVD
CVSS 3.1
6.5
EPSS
2.0%
CVE-2023-44249 MEDIUM This Month

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer Fortimanager
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-41964 MEDIUM This Month

The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Analytics +16
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-42477 MEDIUM This Month

SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java SSRF Netweaver Application Server Java
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-5467 MEDIUM This Month

The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Geo My Wordpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5468 MEDIUM This Month

The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Slick Contact Forms
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-36126 MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Appointment Scheduler
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36416 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-42794 MEDIUM PATCH This Month

Incomplete Cleanup vulnerability in Apache Tomcat. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tomcat Apache Denial Of Service Microsoft
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2023-36728 MEDIUM PATCH This Month

Microsoft SQL Server Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Odbc Driver For Sql Server +2
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2023-36724 MEDIUM PATCH This Month

Windows Power Management Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Microsoft Information Disclosure Authentication Bypass Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-36713 MEDIUM PATCH This Month

Windows Common Log File System Driver Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
8.2%
CVE-2023-36576 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1809 +7
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-36563 MEDIUM KEV PATCH THREAT This Month

Microsoft WordPad Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
20.7%
CVE-2023-25604 MEDIUM This Month

An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiguest
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43788 MEDIUM This Month

A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libxpm Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-43786 MEDIUM This Month

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Libx11 Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-43785 MEDIUM This Month

A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Libx11 Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-43485 MEDIUM This Month

When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Iq Centralized Management Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Application Security Manager +15
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41253 MEDIUM This Month

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Big Ip Domain Name System Big Ip Local Traffic Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26220 MEDIUM This Month

The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Spotfire Analyst Spotfire Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-36584 MEDIUM KEV PATCH THREAT This Month

Windows Mark of the Web Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1507 Windows 10 1809 Windows 10 21H1 +8
NVD
CVSS 3.1
5.4
EPSS
3.1%
CVE-2023-36637 MEDIUM This Month

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Fortimail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36555 MEDIUM This Month

An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet XSS Fortios
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44315 MEDIUM PATCH This Month

A vulnerability has been identified in SINEC NMS (All versions < V2.0). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sinec Nms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-42474 MEDIUM This Month

SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Businessobjects Web Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-42473 MEDIUM This Month

S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass S 4Hana
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-42795 MEDIUM PATCH This Month

Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-44399 MEDIUM PATCH This Month

ZITADEL provides identity infrastructure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-42782 MEDIUM This Month

A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fortianalyzer
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-41675 MEDIUM This Month

A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Fortinet Denial Of Service Memory Corruption Fortiproxy +1
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-43623 MEDIUM This Month

A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Forgot Password
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-45129 MEDIUM PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Synapse Fedora
NVD GitHub
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-36722 MEDIUM PATCH This Month

Active Directory Domain Services Information Disclosure Vulnerability. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

Information Disclosure Authentication Bypass Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
4.4
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy