Skip to main content
CVE-2023-46128 MEDIUM POC PATCH This Month

Nautobot is a Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python PostgreSQL Nautobot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-43281 MEDIUM POC This Month

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Image H
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-37911 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-5744 MEDIUM POC PATCH This Month

The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google XSS WordPress Very Simple Google Maps
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46583 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Nipah Virus Testing Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36085 MEDIUM POC This Month

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Open Redirect Sisqualwfm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31580 MEDIUM POC PATCH This Month

light-oauth2 before version 2.1.27 obtains the public key without any verification. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Light Oauth2
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-45137 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46396 MEDIUM POC This Month

Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Audimex
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44769 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-43360 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-46232 MEDIUM POC PATCH This Month

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Zkvyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-46137 MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Twisted
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-46123 MEDIUM POC This Month

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-29973 MEDIUM POC This Month

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pfsense
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2023-44767 MEDIUM POC This Month

A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Ritecms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-4693 MEDIUM POC This Month

An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Grub2 Enterprise Linux
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-41989 MEDIUM This Month

The issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-41988 MEDIUM This Month

This issue was addressed by restricting options offered on a locked device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-45844 MEDIUM This Month

The vulnerability allows a low privileged user that have access to the device when locked in Kiosk mode to install an arbitrary Android application and leverage it to have access to critical device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-42861 MEDIUM This Month

A logic issue was addressed with improved state management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-42849 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Ipados Iphone Os +2
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-41983 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-40416 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-5732 MEDIUM This Month

An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5727 MEDIUM This Month

The executable file warning was not presented when downloading .msix, .msixbundle, .appx, and .appxbundle files, which can run commands on a user's computer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5568 MEDIUM This Month

A heap-based Buffer Overflow flaw was discovered in Samba. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Samba
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-46655 MEDIUM PATCH This Month

Jenkins CloudBees CD Plugin 1.1.32 and earlier follows symbolic links to locations outside of the directory from which artifacts are published during the 'CloudBees CD - Publish Artifact' post-build. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Cloudbees Cd
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-46653 MEDIUM PATCH This Month

Jenkins lambdatest-automation Plugin 1.20.10 and earlier logs LAMBDATEST Credentials access token at the INFO level, potentially resulting in its exposure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Lambdatest Automation
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-46651 MEDIUM PATCH This Month

Jenkins Warnings Plugin 10.5.0 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Warnings
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46125 MEDIUM PATCH This Month

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Fides
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43508 MEDIUM This Month

Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39231 MEDIUM This Month

PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pingone Mfa Integration Kit
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-27261 MEDIUM This Month

Missing authentication in the DeleteAssignments method in IDAttend’s IDWeb application 3.1.052 and earlier allows deletion of data by unauthenticated attackers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Idweb
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5127 MEDIUM PATCH This Month

The WP Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.7.9 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Font Awesome
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-5740 MEDIUM This Month

The Live Chat with Facebook Messenger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'messenger' shortcode in all versions up to, and including, 1.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Live Chat With Facebook Messenger
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5110 MEDIUM PATCH This Month

The BSK PDF Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'bsk-pdfm-category-dropdown' shortcode in versions up to, and including, 3.4.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Bsk Pdf Manager
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5085 MEDIUM PATCH This Month

The Advanced Menu Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'advMenu' shortcode in versions up to, and including, 0.4.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Advanced Menu Widget
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-43510 MEDIUM This Month

A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Clearpass Policy Manager
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-5758 MEDIUM This Month

When opening a page in reader mode, the redirect URL could have caused attacker-controlled script to execute in a reflected Cross-Site Scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple XSS Firefox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46071 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Proteccion De Datos Rgpd
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46070 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eg Attachments
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45837 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ultimate Taxonomy Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45835 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Libsyn Publisher Hub
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45772 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Proofreading
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45770 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fast Wp Speed
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45769 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Report Post
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-45761 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sendle Shipping
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45759 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Peter S Custom Anti Spam
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45756 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Applyonline Application Form Builder And Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy