Skip to main content
CVE-2023-45826 MEDIUM POC PATCH This Month

Leantime is an open source project management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Leantime
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-45820 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43875 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-43341 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Evolution Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-45281 MEDIUM POC This Month

An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yamcs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45815 MEDIUM POC PATCH GHSA This Month

ArchiveBox is an open source self-hosted web archiving system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS CSRF Archivebox
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45280 MEDIUM POC PATCH This Month

Yamcs 5.8.6 allows XSS (issue 2 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yamcs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-45279 MEDIUM POC PATCH This Month

Yamcs 5.8.6 allows XSS (issue 1 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yamcs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43359 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43344 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Quick Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-43342 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Quick Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5254 MEDIUM POC PATCH This Month

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure WordPress Wpbot
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-43340 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Evolution Cms
NVD GitHub
CVSS 3.1
5.2
EPSS
0.5%
CVE-2023-46033 MEDIUM This Month

D-Link (Non-US) DSL-2750U N300 ADSL2+ and (Non-US) DSL-2730U N150 ADSL2+ are vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl 2730U Firmware Dsl 2750U Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-35185 MEDIUM This Month

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability using SYSTEM privileges. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Access Rights Manager
NVD
CVSS 3.1
6.8
EPSS
1.1%
CVE-2023-41088 MEDIUM This Month

The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker with access to the network, where clients have access to the DexGate. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dexgate
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-5654 MEDIUM PATCH This Month

The React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script that is accessible to any webpage that is active in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass React Devtools
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-31046 MEDIUM This Month

A Path Traversal vulnerability exists in PaperCut NG before 22.1.1 and PaperCut MF before 22.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-25753 MEDIUM PATCH This Month

There exists an SSRF (Server-Side Request Forgery) vulnerability located at the /sandbox/proxyGateway endpoint. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SSRF Shenyu
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-37504 MEDIUM This Month

HCL Compass is vulnerable to failure to invalidate sessions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hcl Compass
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36857 MEDIUM This Month

Baker Hughes - Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bentley Nevada 3500 System Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5639 MEDIUM PATCH This Month

The Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tmfshortcode' shortcode in all versions up to, and including, 2.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Team Showcase
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5638 MEDIUM PATCH This Month

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcj_image' shortcode in versions up to, and including, 7.1.2 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Booster For Woocommerce
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-45821 MEDIUM PATCH This Month

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Docker Hub
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-45819 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-45818 MEDIUM PATCH This Month

TinyMCE is an open source rich text editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Tinymce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-40153 MEDIUM This Month

The affected product is vulnerable to a cross-site scripting vulnerability, which could allow an attacker to access the web application to introduce arbitrary Java Script by injecting an XSS payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java XSS Dexgate
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-45825 MEDIUM PATCH This Month

ydb-go-sdk is a pure Go native and database/sql driver for the YDB platform. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Ydb Go Sdk
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4645 MEDIUM PATCH This Month

The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai_ajax function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Information Disclosure WordPress Ad Inserter
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-45822 MEDIUM PATCH This Month

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Hub
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-30633 MEDIUM This Month

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Insydeh2o
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-42666 MEDIUM This Month

The affected product is vulnerable to an exposure of sensitive information to an unauthorized actor vulnerability, which may allow an attacker to create malicious requests for obtaining the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dexgate
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-34050 MEDIUM This Month

In spring AMQP versions 1.0.0 to 2.4.16 and 3.0.0 to 3.0.9 , allowed list patterns for deserializable class names were added to Spring AMQP, allowing users to lock down deserialization of data in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Deserialization Spring Advanced Message Queuing Protocol
NVD
CVSS 3.1
4.3
EPSS
1.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy