Skip to main content
CVE-2023-45393 MEDIUM POC This Month

An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Utime Master
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5573 MEDIUM POC PATCH This Month

Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Vrite
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4829 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Froxlor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4517 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Hestiacp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38000 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gutenberg
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-45391 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Utime Master
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5564 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Froxlor
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-39999 MEDIUM POC This Month

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Fedora
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-5409 MEDIUM PATCH This Month

HP is aware of a potential security vulnerability in HP t430 and t638 Thin Client PCs. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure HP T430 Thin Client Firmware T638 Thin Client Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-26366 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Adobe Commerce Magento
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-38250 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Adobe SQLi Commerce Magento
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2023-38249 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Adobe SQLi Commerce Magento
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2023-38221 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Neutralization of Special Elements used in an. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

RCE Adobe SQLi Commerce Magento
NVD
CVSS 3.1
6.6
EPSS
0.8%
CVE-2023-44204 MEDIUM This Month

An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-44203 MEDIUM This Month

An Improper Check or Handling of Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on QFX5000 Series, EX2300, EX3400, EX4100, EX4400 and EX4600. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-44196 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS Evolved on PTX10003 Series allows an unauthenticated adjacent attacker to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-44184 MEDIUM This Month

An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4995 MEDIUM This Month

The Embed Calendly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'calendly' shortcode in versions up to, and including, 3.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Embed Calendly
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-41836 MEDIUM PATCH This Month

An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox 4.2.1 through 4.2.4, FortiSandbox 4.0 all versions,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Fortinet XSS Fortisandbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41681 MEDIUM PATCH This Month

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.1, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Fortinet XSS Fortisandbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41680 MEDIUM PATCH This Month

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.1, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Fortinet XSS Fortisandbox
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-42752 MEDIUM PATCH This Month

An integer overflow flaw was found in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-44201 MEDIUM This Month

An Incorrect Permission Assignment for Critical Resource vulnerability in a specific file of Juniper Networks Junos OS and Junos OS Evolved allows a local authenticated attacker to read configuration. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-44193 MEDIUM This Month

An Improper Release of Memory Before Removing Last Reference vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a local, low privileged attacker to cause an FPC. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-44178 MEDIUM This Month

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Juniper Denial Of Service Junos +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-44177 MEDIUM This Month

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos and Junos EVO allows a low privileged attacker to execute a specific CLI commands leading to Denial of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Juniper Denial Of Service Junos +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-44176 MEDIUM This Month

A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands leading to Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Juniper Denial Of Service Junos +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-34977 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect Video Station. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Video Station
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45269 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO plugin <= 2.0.25 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Seo
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-41843 MEDIUM PATCH This Month

A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.1, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Fortinet XSS Fortisandbox
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-38251 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a Uncontrolled Resource Consumption vulnerability that. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Denial Of Service Commerce Magento
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-44195 MEDIUM This Month

An Improper Restriction of Communication Channel to Intended Endpoints vulnerability in the NetworkStack agent daemon (nsagentd) of Juniper Networks Junos OS Evolved allows an unauthenticated network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos Os Evolved
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-44183 MEDIUM This Month

An Improper Input Validation vulnerability in the VxLAN packet forwarding engine (PFE) of Juniper Networks Junos OS on QFX5000 Series, EX4600 Series devices allows an unauthenticated, adjacent. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-32970 MEDIUM This Month

A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Qnap Qts Quts Hero +1
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-26367 MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Input Validation vulnerability that could lead. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Information Disclosure Commerce Magento
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-40682 MEDIUM This Month

IBM App Connect Enterprise 12.0.1.0 through 12.0.8.0 contains an unspecified vulnerability that could allow a local privileged user to obtain sensitive information from API logs. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM App Connect Enterprise
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-36559 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy