Skip to main content
CVE-2023-45867 MEDIUM POC This Month

ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Ilias
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5791 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sticky Notes App
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-43906 MEDIUM POC This Month

Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xolo Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5793 MEDIUM POC PATCH This Month

A vulnerability was found in flusity CMS and classified as problematic.php of the component Dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Flusity
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46450 MEDIUM POC This Month

Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Inventory Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5789 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dragon Path 707Gr1 Firmware
NVD VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-46666 MEDIUM This Month

An issue was discovered when using Document Level Security and the SPO "Limited Access" functionality in Elastic Sharepoint Online Python Connector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Microsoft Python Authentication Bypass Elastic Sharepoint Online Python Connector
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-45228 MEDIUM This Month

The application suffers from improper access control when editing users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Analog Fm Transmitter Exc5000Gx Firmware Analog Fm Transmitter Exc120Gx Firmware Analog Fm Transmitter Exc300Gx Firmware Analog Fm Transmitter Exc1600Gx Firmware +11
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-30969 MEDIUM This Month

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tiles
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-46090 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wdsocialwidgets
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41096 MEDIUM This Month

Missing Encryption of Security Keys vulnerability in Silicon Labs Ember ZNet SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emberznet Sdk
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-46094 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS WordPress Google Analytics Integration For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46081 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lava Directory Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46077 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS The Awesome Feed
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46076 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Pdf Invoice Builder
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46075 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contact Form Builder
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46074 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Freshmail For Wordpress
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46072 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Add Shortcodes Actions And Filters
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46753 MEDIUM PATCH This Month

An issue was discovered in FRRouting FRR through 9.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Frrouting
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2023-46752 MEDIUM PATCH This Month

An issue was discovered in FRRouting FRR through 9.0.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Frrouting
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2023-46238 MEDIUM PATCH This Month

ZITADEL is an identity infrastructure management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zitadel
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30492 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Minimum Purchase For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-31416 MEDIUM This Month

Secret token configuration is never applied when using ECK <2.8 with APM Server >=8.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Elastic Cloud On Kubernetes
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-46754 MEDIUM This Month

The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Admin
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-38328 MEDIUM This Month

An issue was discovered in eGroupWare 17.1.20190111. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Egroupware
NVD
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-46088 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Full Stripe Free
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-32116 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Custom Post Types
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-31417 MEDIUM PATCH This Month

Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Elasticsearch
NVD
CVSS 3.1
4.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy