Skip to main content
CVE-2023-5556 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS On Premises Installation
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-5555 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Learning
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22325 MEDIUM POC PATCH This Month

A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Vpn
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-45511 MEDIUM POC This Month

A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41261 MEDIUM POC This Month

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Scrutinizer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-31192 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Vpn
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-32275 MEDIUM POC This Month

An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vpn
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-36839 MEDIUM This Month

An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22392 MEDIUM This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5470 MEDIUM PATCH This Month

The Etsy Shop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'etsy-shop' shortcode in versions up to, and including, 3.0.4 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Etsy Shop
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5562 MEDIUM This Month

An unsafe default configuration in KNIME Analytics Platform before 5.2.0 allows for a cross-site scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knime Analytics Platform
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-27315 MEDIUM This Month

SnapGathers versions prior to 4.9 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext domain user credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Snapgathers
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43789 MEDIUM This Month

A vulnerability was found in libXpm where a vulnerability exists due to a boundary condition, a local user can trigger an out-of-bounds read error and read contents of memory on the system. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Libxpm Enterprise Linux Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42298 MEDIUM PATCH This Month

An issue in GPAC GPAC v.2.2.1 and before allows a local attacker to cause a denial of service via the Q_DecCoordOnUnitSphere function of file src/bifs/unquantize.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-45048 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Repuso Social proof testimonials and reviews by Repuso plugin <= 5.00 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Repuso
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-32721 MEDIUM This Month

A stored XSS has been found in the Zabbix web application in the Maps element if a URL field is set with spaces before URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zabbix XSS
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-5531 MEDIUM PATCH This Month

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Thumbnail Slider With Lightbox
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-27312 MEDIUM This Month

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Snapcenter Plug In
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy