Skip to main content
CVE-2023-47522 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Photo Feed
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47520 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Responsive Column Widgets
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47549 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eazydocs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47547 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Products Order Customers Export For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47544 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atarim
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47125 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Html Sanitizer Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-36030 MEDIUM PATCH This Month

Microsoft Dynamics 365 Sales Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-48094 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Cesiumjs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-47673 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Post Pay Counter
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47665 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plainview Protect Passwords
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-44322 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-46445 MEDIUM PATCH This Month

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation.". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Asyncssh
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-20521 MEDIUM This Month

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Epyc 7001 Firmware Epyc 7251 Firmware Epyc 7261 Firmware Epyc 7281 Firmware +89
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-39202 MEDIUM This Month

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms Virtual Desktop Infrastructure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36558 MEDIUM PATCH This Month

ASP.NET Core Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Net Asp Net Core Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2023-47384 MEDIUM This Month

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40719 MEDIUM This Month

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer Fortimanager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33872 MEDIUM This Month

Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Intel Authentication Bypass Support
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32283 MEDIUM This Month

Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel On Demand
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28723 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28404 MEDIUM This Month

Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Microsoft Iris Xe Graphics +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27306 MEDIUM This Month

Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Optane Memory H20 With Solid State Storage Firmware Optane Ssd 900P Firmware Optane Ssd Dc P4800X Firmware +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26589 MEDIUM This Month

Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25952 MEDIUM This Month

Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Intel Iris Xe Graphics +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25949 MEDIUM This Month

Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25080 MEDIUM PATCH This Month

Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Openvino
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25071 MEDIUM This Month

NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Microsoft Iris Xe Graphics Arc A Graphics
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22305 MEDIUM This Month

Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-44248 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36428 MEDIUM PATCH This Month

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-36406 MEDIUM PATCH This Month

Windows Hyper-V Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 11 21H2 Windows 11 22h2 Windows 11 23h2 +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-36404 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Authentication Bypass Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-36042 MEDIUM PATCH This Month

Visual Studio Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Heap Overflow Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-33304 MEDIUM This Month

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Microsoft Authentication Bypass Forticlient
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-47545 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Forms For Mailchimp By Optin Cat
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47127 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26222 MEDIUM This Month

The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ebx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-47656 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Anac Xml Bandi Di Gara
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47654 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bzscore
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36633 MEDIUM This Month

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortimail
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-36410 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-36031 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-47659 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Lava Directory Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47680 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qi Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6109 MEDIUM PATCH This Month

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Information Disclosure WordPress Yop Poll
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-47126 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42480 MEDIUM This Month

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-41366 MEDIUM This Month

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-47262 MEDIUM This Month

The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Id Now Firmware
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2023-44321 MEDIUM This Month

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware 6Gk5205 3Bd00 2Ab2 Firmware +67
NVD
CVSS 4.0
5.1
EPSS
1.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy