Skip to main content
CVE-2023-42627 MEDIUM POC PATCH This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in the Commerce module in Liferay Portal 7.3.5 through 7.4.3.91, and Liferay DXP 7.3 update 33 and earlier, and 7.4 before update 92 allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
2.3%
CVE-2023-42628 MEDIUM POC PATCH This Month

Stored cross-site scripting (XSS) vulnerability in the Wiki widget in Liferay Portal 7.1.0 through 7.4.3.87, and Liferay DXP 7.0 fix pack 83 through 102, 7.1 fix pack 28 and earlier, 7.2 fix pack 20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
2.2%
CVE-2023-42629 MEDIUM POC PATCH This Month

Stored cross-site scripting (XSS) vulnerability in the manage vocabulary page in Liferay Portal 7.4.2 through 7.4.3.87, and Liferay DXP 7.4 before update 88 allows remote attackers to inject. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
2.2%
CVE-2023-43794 MEDIUM POC PATCH This Month

Nocodb is an open source Airtable alternative. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Nocodb
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-43776 MEDIUM This Month

Eaton easyE4 PLC offers a device password protection functionality to facilitate a secure connection and prevent unauthorized access. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easy Box E4 Ac1 Firmware Easy Box E4 Dc1 Firmware Easy Box E4 Uc1 Firmware Easy E4 Ac 12Rc1P Firmware +18
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-41712 MEDIUM This Month

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN plainprefs.exp URL endpoint leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-41711 MEDIUM This Month

SonicOS post-authentication Stack-Based Buffer Overflow Vulnerability in the sonicwall.exp, prefs.exp URL endpoints lead to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicwall Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39280 MEDIUM This Month

SonicOS p ost-authentication Stack-Based Buffer Overflow vulnerability in the ssoStats-s.xml, ssoStats-s.wri URL endpoints leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39279 MEDIUM This Month

SonicOS post-authentication Stack-Based Buffer Overflow vulnerability in the getPacketReplayData.json URL endpoint leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39278 MEDIUM This Month

SonicOS post-authentication user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39277 MEDIUM This Month

SonicOS post-authentication stack-based buffer overflow vulnerability in the sonicflow.csv and appflowsessions.csv URL endpoints leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39276 MEDIUM This Month

SonicOS post-authentication stack-based buffer overflow vulnerability in the getBookmarkList.json URL endpoint leads to a firewall crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Sonicos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22118 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Flexcube Universal Banking
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22106 MEDIUM PATCH This Month

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: API). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Enterprise Command Center Framework
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22095 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-22093 MEDIUM PATCH This Month

Vulnerability in the Oracle iRecruitment product of Oracle E-Business Suite (component: Requisition and Vacancy). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass E Business Suite
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-22090 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Events & Notifications). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cost Center Common Application Objects
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22079 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-22059 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service MySQL Oncommand Insight
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-4896 MEDIUM This Month

A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Airwave
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-43777 MEDIUM This Month

Eaton easySoft software is used to program easy controllers and displays for configuring, programming and defining parameters for all the intelligent relays. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Easysoft
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-45357 MEDIUM This Month

Archer Platform 6.x before 6.13 P2 HF2 (6.13.0.2.2) contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Archer
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-34208 MEDIUM This Month

Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Mailhunter Ultimate
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22127 MEDIUM PATCH This Month

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Outside In Technology
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-3042 MEDIUM This Month

In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Dotcms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22107 MEDIUM PATCH This Month

Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: UI Components). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Enterprise Command Center Framework
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22080 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22076 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass E Business Suite
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-22029 MEDIUM PATCH This Month

Vulnerability in the Oracle Commerce Guided Search product of Oracle Commerce (component: Workbench). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Commerce Guided Search
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45007 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fotomoto
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45006 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wooodt Lite
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45004 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Woo Custom Emails
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45003 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Social Feed
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45005 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Seriously Simple Stats
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-44311 MEDIUM PATCH This Month

Multiple reflected cross-site scripting (XSS) vulnerabilities in the Plugin for OAuth 2.0 module's OAuth2ProviderApplicationRedirect class in Liferay Portal 7.4.3.41 through 7.4.3.89, and Liferay DXP. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-42497 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) vulnerability on the Export for Translation page in Liferay Portal 7.4.3.4 through 7.4.3.85, and Liferay DXP 7.4 before update 86 allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22130 MEDIUM PATCH This Month

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service Sun Zfs Storage Appliance Kit
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-22122 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Oracle Denial Of Service Authentication Bypass Banking Trade Finance
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-22119 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Oracle Denial Of Service Authentication Bypass Flexcube Universal Banking
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-22071 MEDIUM PATCH This Month

Vulnerability in the PL/SQL component of Oracle Database Server. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Database Server
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-22129 MEDIUM PATCH This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Oracle Denial Of Service Solaris
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5339 MEDIUM This Month

Mattermost Desktop fails to set an appropriate log level during initial run after fresh installation resulting in logging all keystrokes including password entry being logged. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Desktop
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-22125 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Trade Finance
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22124 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Trade Finance
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22123 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Banking Trade Finance
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22121 MEDIUM PATCH This Month

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Banking Trade Finance
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22117 MEDIUM PATCH This Month

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Flexcube Universal Banking
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22105 MEDIUM PATCH This Month

Vulnerability in the BI Publisher product of Oracle Analytics (component: Web Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22082 MEDIUM PATCH This Month

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Business Intelligence
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44310 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) vulnerability in Page Tree menu Liferay Portal 7.3.6 through 7.4.3.78, and Liferay DXP 7.3 fix pack 1 through update 23, and 7.4 before update 79 allows remote. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy