Skip to main content
CVE-2023-45857 MEDIUM POC PATCH MAL This Month

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Axios
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46363 MEDIUM POC This Month

jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jbig2Enc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46362 MEDIUM POC This Month

jbig2enc v0.28 was discovered to contain a heap-use-after-free via jbig2enc_auto_threshold_using_hash in src/jbig2enc.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Jbig2Enc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46483 MEDIUM POC This Month

Cross Site Scripting vulnerability in timetec AWDMS v.2.0 allows an attacker to obtain sensitive information via a crafted payload to the remark parameter of the New Zone function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Auto Web Based Database Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41270 MEDIUM POC This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Denial Of Service Ue40D7000 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-45079 MEDIUM This Month

A memory leakage vulnerability was reported in the NvmramSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-45078 MEDIUM This Month

A memory leakage vulnerability was reported in the DustFilterAlertSmm SMM driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-45077 MEDIUM This Month

A memory leakage vulnerability was reported in the 534D0740 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-45076 MEDIUM This Month

A memory leakage vulnerability was reported in the 534D0140 DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-45075 MEDIUM This Month

A memory leakage vulnerability was reported in the SWSMI_Shadow DXE driver that may allow a local attacker with elevated privileges to write to NVRAM variables. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +58
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43581 MEDIUM This Month

A buffer overflow was reported in the Update_WMI module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43580 MEDIUM This Month

A buffer overflow was reported in the SmuV11DxeVMR module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43579 MEDIUM This Month

A buffer overflow was reported in the SmuV11Dxe driver in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43578 MEDIUM This Month

A buffer overflow was reported in the SmiFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43577 MEDIUM This Month

A buffer overflow was reported in the ReFlash module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43576 MEDIUM This Month

A buffer overflow was reported in the WMISwSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43575 MEDIUM This Month

A buffer overflow was reported in the UltraFunctionTable module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43573 MEDIUM This Month

A buffer overflow was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43571 MEDIUM This Month

A buffer overflow was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-5078 MEDIUM This Month

A vulnerability was reported in some ThinkPad BIOS that could allow a physical or local attacker with elevated privileges to tamper with BIOS firmware. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Thinkpad X13 Gen 3 Firmware Thinkpad S2 Yoga Gen 7 Firmware Thinkpad S2 Yoga Gen 6 Firmware Thinkpad S2 Gen 8 Firmware +16
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-5075 MEDIUM This Month

A buffer overflow was reported in the FmpSipoCapsuleDriver driver in the IdeaPad Duet 3-10IGL5 that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Ideapad Duet 3 10Igl5 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43570 MEDIUM This Month

A potential vulnerability was reported in the SMI callback function of the OemSmi driver that may allow a local attacker with elevated permissions to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware Ideacentre 5 14Iab7 Firmware +107
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43569 MEDIUM This Month

A buffer overflow was reported in the OemSmi module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-43567 MEDIUM This Month

A buffer overflow was reported in the LemSecureBootForceKey module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware +109
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-0392 MEDIUM This Month

The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Ldap Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-3282 MEDIUM This Month

A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine software running on a Linux operating system enables a local attacker to execute programs with elevated. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Paloalto Cortex Xsoar
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-46613 MEDIUM This Month

A vulnerability in Add to Calendar Add to Calendar Button add-to-calendar-button.5.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-47231 MEDIUM This Month

A vulnerability in Bainternet ShortCodes UI shortcodes-ui.9.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47229 MEDIUM This Month

A vulnerability in Vyas Dipen Download Top 25 Social Icons top-25-social-icons.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47190 MEDIUM This Month

Auth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Apollo13 Framework Extensions
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-46640 MEDIUM This Month

Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in D. Relton Medialist plugin <= 1.3.9 versions.

XSS
NVD VulDB
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4061 MEDIUM PATCH This Month

A flaw was found in wildfly-core. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jboss Enterprise Application Platform Wildfly Core
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-47114 MEDIUM PATCH This Month

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in your runtime environment, and the enforcement of privacy regulations in your code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Fides
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6002 MEDIUM This Month

YugabyteDB is vulnerable to cross site scripting (XSS) via log injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yugabytedb
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47228 MEDIUM This Month

A vulnerability in PluginOps Layer Slider slider-slideshow.1.9.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-47227 MEDIUM This Month

A vulnerability in PluginOps Social Feed | All social media in one place add-facebook.5.4.6. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-47226 MEDIUM This Month

A vulnerability in Nks Post Sliders & Post Grids post-slider-carousel.0.20. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-47223 MEDIUM This Month

A vulnerability in WP Map Plugins Basic Interactive World Map basic-interactive-world-map.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-47181 MEDIUM This Month

A vulnerability in Northern Beaches Websites IdeaPush ideapush.52. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-46642 MEDIUM This Month

A vulnerability in sahumedia SAHU TikTok Pixel for E-Commerce sahu-tiktok-pixel.2.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.2%
CVE-2023-4891 MEDIUM PATCH This Month

A potential use-after-free vulnerability was reported in the Lenovo View driver that could result in denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Lenovo Denial Of Service Memory Corruption View Driver
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5136 MEDIUM This Month

An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XXE Topografix Data Plugin Diadem Veristand +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-47379 MEDIUM PATCH This Month

Microweber CMS version 2.0.1 is vulnerable to stored Cross Site Scripting (XSS) via the profile picture file upload functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

File Upload XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-46756 MEDIUM This Month

Permission control vulnerability in the window management module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Harmonyos Emui
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-46764 MEDIUM This Month

Unauthorized startup vulnerability of background apps. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-46763 MEDIUM This Month

Vulnerability of background app permission management in the framework module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-46755 MEDIUM This Month

Vulnerability of input parameters being not strictly verified in the input. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-45140 MEDIUM PATCH This Month

The Bastion provides authentication, authorization, traceability and auditability for SSH accesses. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass The Bastion
NVD GitHub
CVSS 3.1
4.6
EPSS
0.4%
CVE-2023-43574 MEDIUM This Month

A buffer over-read was reported in the LEMALLDriversConnectedEventHook module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +108
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-43572 MEDIUM This Month

A buffer over-read was reported in the BiosExtensionLoader module in some Lenovo Desktop products that may allow a local attacker with elevated privileges to disclose sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Lenovo Ideacentre C5 14Imb05 Firmware Ideacentre 3 07Ada05 Firmware Ideacentre 3 07Imb05 Firmware +108
NVD
CVSS 3.1
4.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy