Skip to main content
CVE-2023-20702 HIGH This Week

In 5G NRLC, there is a possible invalid memory access due to lack of error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nr15 Nr16 Nr17
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-5964 HIGH This Week

The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Platform
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-45163 HIGH This Week

The 1E-Exchange-CommandLinePing instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the input parameter, which allows for a specially crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Platform
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-45161 HIGH This Week

The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL parameter, which allows for a specially crafted. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Platform
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-47185 HIGH This Week

Unauth. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wpdiscuz
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-46822 HIGH This Week

A vulnerability in Josh Kohlbach Store Exporter woocommerce-exporter.7.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-47182 HIGH This Week

Cross-Site Request Forgery (CSRF) leading to a Stored Cross-Site Scripting (XSS) vulnerability in Nazmul Hossain Nihal Login Screen Manager plugin <= 3.5.2 versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Login Screen Manager
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-32832 HIGH This Week

In video, there is a possible memory corruption due to a race condition. Rated high severity (CVSS 7.0). No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.0
EPSS
0.1%
CVE-2022-47430 MEDIUM This Month

A vulnerability in Weblizar - WordPress Themes &amp; Plugin The School Management - Education & Learning Management school-management-system.1. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2022-47432 MEDIUM This Month

A vulnerability in Kemal YAZICI Shortcode IMDB shortcode-imdb.0.8. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2022-47428 MEDIUM This Month

A vulnerability in wpdevart Booking calendar, Appointment Booking System booking-calendar.2.7. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32839 MEDIUM This Month

In dpe, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32838 MEDIUM This Month

In dpe, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32836 MEDIUM This Month

In display, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32835 MEDIUM This Month

In keyinstall, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32834 MEDIUM This Month

In secmem, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32818 MEDIUM This Month

In vdec, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-40660 MEDIUM This Month

A flaw was found in OpenSC packages that allow a potential PIN bypass. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opensc Enterprise Linux
NVD GitHub
CVSS 3.1
6.6
EPSS
0.9%
CVE-2023-47177 MEDIUM This Month

A vulnerability in Elementor Linker linker.2.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46783 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Pre Orders For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46782 MEDIUM This Month

A vulnerability in Chris Yee MomentoPress for Momento360 cmyee-momentopress.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-4700 MEDIUM This Month

An authorization issue affecting GitLab EE affecting all versions from 14.7 prior to 16.3.6, 16.4 prior to 16.4.2, and 16.5 prior to 16.5.1, allowed a user to run jobs in protected environments,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-3909 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.3 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5825 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28794 MEDIUM This Month

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse.3.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Client Connector
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-42669 MEDIUM This Month

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Samba Storage Enterprise Linux +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-32840 MEDIUM This Month

In modem CCCI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Lr12a Nr15 +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-47420 MEDIUM This Month

A vulnerability in Ability, Inc Accessibility Suite online-accessibility.12. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-40661 MEDIUM This Month

Several memory vulnerabilities were identified within the OpenSC packages, particularly in the card enrollment process using pkcs15-init when a user or administrator enrolls cards. Rated medium severity (CVSS 6.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Opensc Enterprise Linux
NVD GitHub
CVSS 3.1
6.4
EPSS
1.2%
CVE-2023-5771 MEDIUM This Month

Proofpoint Enterprise Protection contains a stored XSS vulnerability in the AdminUI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Enterprise Protection
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46251 MEDIUM PATCH This Month

MyBB is a free and open source forum software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5950 MEDIUM This Month

Rapid7 Velociraptor versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Velociraptor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47272 MEDIUM PATCH This Month

Roundcube 1.5.x before 1.5.6 and 1.6.x before 1.6.5 allows XSS via a Content-Type or Content-Disposition header (used for attachment preview or download). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Webmail Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-47184 MEDIUM This Month

A vulnerability in Collins Agbonghama Admin Bar & Dashboard Access Control admin-bar-dashboard-control.2.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-46824 MEDIUM This Month

A vulnerability in Ankit Singla Slick Popup slick-popup.7.14. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-23702 MEDIUM This Month

A vulnerability in pixelgrade Comments Ratings comments-ratings.1.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-45046 MEDIUM This Month

A vulnerability in Pressference Pressference Exporter pressference-exporter.0.3. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27605 MEDIUM This Month

A vulnerability in Sajjad Hossain WP Reroute Email wp-reroute-email.4.6. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4910 MEDIUM This Month

A flaw was found In 3Scale Admin Portal. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure 3Scale Api Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5090 MEDIUM PATCH This Month

A flaw was found in KVM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Kernel Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32825 MEDIUM This Month

In bluethooth service, there is a possible out of bounds reads due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-46802 MEDIUM This Month

e-Tax software Version3.0.10 and earlier improperly restricts XML external entity references (XXE) due to the configuration of the embedded XML parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE E Tax
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5678 MEDIUM PATCH This Month

Issue summary: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service OpenSSL
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-46779 MEDIUM This Month

A vulnerability in Jayce53 EasyRecipe easyrecipe.5.3251. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-46777 MEDIUM This Month

A vulnerability in PluginOps Feather Login Page feather-login-page.1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-36769 MEDIUM PATCH This Month

Microsoft OneNote Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Onenote
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5969 MEDIUM PATCH This Month

Mattermost fails to properly sanitize the request to /api/v4/redirect_location allowing an attacker, sending a specially crafted request to /api/v4/redirect_location, to fill up the memory due to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5831 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, and all versions starting from 16.5.0 before. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-4625 MEDIUM This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F/iQ-R Series CPU modules Web server function allows a remote unauthenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx5U 32Mt Es Firmware Fx5U 64Mt Es Firmware Fx5U 80Mt Es Firmware Fx5U 32Mr Es Firmware +59
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-47271 MEDIUM PATCH This Month

PKP-WAL (aka PKP Web Application Library or pkp-lib) before 3.3.0-16, as used in Open Journal Systems (OJS) and other products, does not verify that the file named in an XML document (used for the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy