Skip to main content
CVE-2023-6073 MEDIUM POC This Month

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Id 3 Firmware
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-4949 MEDIUM PATCH This Month

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Grub Xen
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-46733 MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Session Fixation Symfony
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36027 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2023-46735 MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Symfony
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-46734 MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Symfony Twig
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-6075 MEDIUM This Month

A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Restaurant Table Booking System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47119 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-47164 MEDIUM This Month

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hoteldruid
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-46729 MEDIUM PATCH This Month

sentry-javascript provides Sentry SDKs for JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Sentry Software Development Kit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-45167 MEDIUM This Month

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30478 MEDIUM This Month

A vulnerability in Tribulant Software Newsletters newsletters-lite.8.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-46130 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-45806 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-29428 MEDIUM This Month

A vulnerability in Suplugins Superb Social Media Share Buttons and Follow Buttons superb-social-share-and-follow-buttons.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-47122 MEDIUM PATCH This Month

Gitsign is software for keyless Git signing using Sigstore. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jwt Attack Gitsign
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31078 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in MacSteini WP BrowserUpdate wp-browser-update allows Cross Site Request Forgery.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-31077 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Export Wp Page To Static Html Css
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-29440 MEDIUM This Month

A vulnerability in PressTigers Simple Job Board simple-job-board.10.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-29426 MEDIUM This Month

A vulnerability in Spreadshop Team Spreadshop Plugin spreadshop.6.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy