Skip to main content
CVE-2023-20567 MEDIUM This Month

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Microsoft Radeon Rx Vega M Firmware Radeon Software +4
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28002 MEDIUM This Month

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortios
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-6006 MEDIUM This Month

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-45627 MEDIUM This Month

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39205 MEDIUM This Month

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meetings Video Software Development Kit Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-39199 MEDIUM This Month

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46023 MEDIUM This Month

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Simple Task List
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-38131 MEDIUM This Month

Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Intel Unison Software
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28376 MEDIUM This Month

Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Intel Ethernet Network Adapter E810 2Cqda2 Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-22290 MEDIUM This Month

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Intel Unison Software
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-20592 MEDIUM This Month

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Epyc 7001 Firmware Epyc 7251 Firmware Epyc 7261 Firmware +66
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-41676 MEDIUM This Month

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Fortisiem
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-36641 MEDIUM This Month

A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-36413 MEDIUM PATCH This Month

Microsoft Office Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.5
EPSS
30.0%
CVE-2023-36398 MEDIUM PATCH This Month

Windows NTFS Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-36043 MEDIUM PATCH This Month

Open Management Infrastructure Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure System Center Operations Manager
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-46096 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Simatic Pcs Neo
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-43505 MEDIUM This Month

A vulnerability has been identified in COMOS (All versions). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Comos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-47518 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Restrict Categories
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47532 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Crowdfunding
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47524 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Patron Button And Widgets For Patreon
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47522 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Photo Feed
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47520 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Responsive Column Widgets
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47549 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eazydocs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47547 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Products Order Customers Export For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47544 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Atarim
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47125 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Html Sanitizer Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-36030 MEDIUM PATCH This Month

Microsoft Dynamics 365 Sales Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-48094 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in CesiumJS v1.111 allows attackers to execute arbitrary code in the context of the victim's browser via sending a crafted payload to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Cesiumjs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-47673 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Post Pay Counter
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47665 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plainview Protect Passwords
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-44322 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-46445 MEDIUM PATCH This Month

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation.". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Asyncssh
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-20521 MEDIUM This Month

TOCTOU in the ASP Bootloader may allow an attacker with physical access to tamper with SPI ROM records after memory content verification, potentially leading to loss of confidentiality or a denial of. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Epyc 7001 Firmware Epyc 7251 Firmware Epyc 7261 Firmware Epyc 7281 Firmware +89
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-39202 MEDIUM This Month

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms Virtual Desktop Infrastructure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36558 MEDIUM PATCH This Month

ASP.NET Core Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Net Asp Net Core Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2023-47384 MEDIUM This Month

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gf_isom_add_chapter at /isomedia/isom_write.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40719 MEDIUM This Month

A use of hard-coded credentials vulnerability in Fortinet FortiAnalyzer and FortiManager 7.0.0 - 7.0.8, 7.2.0 - 7.2.3 and 7.4.0 allows an attacker to access Fortinet private testing data via the use. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer Fortimanager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33872 MEDIUM This Month

Improper access control in the Intel Support android application all verions may allow an authenticated user to potentially enable information disclosure via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Intel Authentication Bypass Support
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32283 MEDIUM This Month

Insertion of sensitive information into log file in some Intel(R) On Demand software before versions 1.16.2, 2.1.1, 3.1.0 may allow an authenticated user to potentially enable information disclosure. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel On Demand
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28723 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28404 MEDIUM This Month

Out-of-bounds read in the Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows drivers before version 31.0.101.4255 may allow an authenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Intel Microsoft Iris Xe Graphics +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27306 MEDIUM This Month

Improper Initialization in firmware for some Intel(R) Optane(TM) SSD products may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Optane Memory H20 With Solid State Storage Firmware Optane Ssd 900P Firmware Optane Ssd Dc P4800X Firmware +2
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26589 MEDIUM This Month

Use after free in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allowed an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25952 MEDIUM This Month

Out-of-bounds write in some Intel(R) Arc(TM) Control software before version 1.73.5335.2 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Intel Iris Xe Graphics +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25949 MEDIUM This Month

Uncontrolled resource consumption in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25080 MEDIUM PATCH This Month

Protection mechanism failure in some Intel(R) Distribution of OpenVINO toolkit software before version 2023.0.0 may allow an authenticated user to potentially enable information disclosure via local. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Intel Openvino
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25071 MEDIUM This Month

NULL pointer dereference in some Intel(R) Arc(TM) & Iris(R) Xe Graphics - WHQL - Windows Drviers before version 31.0.101.4255 may allow authenticated user to potentially enable denial of service via. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Microsoft Iris Xe Graphics Arc A Graphics
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22305 MEDIUM This Month

Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-44248 MEDIUM This Month

An improper access control vulnerability [CWE-284] in FortiEDRCollectorWindows version 5.2.0.4549 and below, 5.0.3.1007 and below, 4.0 all may allow a local attacker to prevent the collector service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Fortiedr
NVD
CVSS 3.1
5.5
EPSS
0.2%
Prev Page 5 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy