Skip to main content
CVE-2023-36428 MEDIUM PATCH This Month

Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +12
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-36406 MEDIUM PATCH This Month

Windows Hyper-V Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 11 21H2 Windows 11 22h2 Windows 11 23h2 +2
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-36404 MEDIUM PATCH This Month

Windows Kernel Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Authentication Bypass Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-36042 MEDIUM PATCH This Month

Visual Studio Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Heap Overflow Visual Studio 2019 Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-33304 MEDIUM This Month

A use of hard-coded credentials vulnerability in Fortinet FortiClient Windows 7.0.0 - 7.0.9 and 7.2.0 - 7.2.1 allows an attacker to bypass system protections via the use of static credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Microsoft Authentication Bypass Forticlient
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-47545 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Forms For Mailchimp By Optin Cat
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47127 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26222 MEDIUM This Month

The Web Application component of TIBCO Software Inc.'s TIBCO EBX and TIBCO Product and Service Catalog powered by TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ebx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-47656 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Anac Xml Bandi Di Gara
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47654 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bzscore
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36633 MEDIUM This Month

An improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to see and modify the title of address book. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortimail
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-36410 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-36031 MEDIUM PATCH This Month

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-47659 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Lava Directory Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47680 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qi Addons For Elementor
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6109 MEDIUM PATCH This Month

The YOP Poll plugin for WordPress is vulnerable to a race condition in all versions up to, and including, 6.5.26. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Race Condition Information Disclosure WordPress Yop Poll
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-47126 MEDIUM PATCH This Month

TYPO3 is an open source PHP based web content management system released under the GNU GPL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure PHP Typo3
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42480 MEDIUM This Month

The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Information Disclosure Netweaver Application Server Java
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-41366 MEDIUM This Month

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Information Disclosure Netweaver Application Server Abap
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-47262 MEDIUM This Month

The startup process and device configurations of the Abbott ID NOW device, before v7.1, can be interrupted and/or modified via physical access to an internal serial port. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Id Now Firmware
NVD
CVSS 3.1
5.2
EPSS
0.3%
CVE-2023-44321 MEDIUM This Month

Affected devices do not properly validate the length of inputs when performing certain configuration changes in the web interface allowing an authenticated attacker to cause a denial of service. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware 6Gk5205 3Bd00 2Ab2 Firmware +67
NVD
CVSS 4.0
5.1
EPSS
1.0%
CVE-2023-47528 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Edit Username
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47546 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Oneclick Chat To Order
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47533 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Countdown And Countup Woocommerce Sales Timer
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47646 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Recently Viewed And Most Viewed Products
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47554 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Actueel Financieel Nieuws
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47658 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Extra Product Options For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47653 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Twb Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47660 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Product Visibility By Country For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-46099 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Simatic Pcs Neo
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47662 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Live Gold Price Silver Price Charts Widgets
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47657 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Woo Quick View And Buy Now
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-22310 MEDIUM This Month

Race condition in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Intel Aptio V Uefi Firmware Integrator Tools
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-27879 MEDIUM This Month

Improper access control in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel Authentication Bypass Optane Memory H20 With Solid State Storage Firmware Optane Ssd 905P Firmware +2
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-24588 MEDIUM This Month

Exposure of sensitive information to an unauthorized actor in firmware for some Intel(R) Optane(TM) SSD products may allow an unauthenticated user to potentially enable information disclosure via. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Intel Optane Memory H20 With Solid State Storage Firmware Optane Ssd 900P Firmware Optane Ssd Dc P4800X Firmware +2
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-20526 MEDIUM This Month

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epyc 7001 Firmware Epyc 7251 Firmware Epyc 7261 Firmware Epyc 7281 Firmware +69
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-40540 MEDIUM PATCH This Month

Non-Transparent Sharing of Microarchitectural Resources in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Information Disclosure Intel Nuc 11 Pro Kit Nuc11Tnkv50Z Firmware Nuc 11 Pro Kit Nuc11Tnhv70L Firmware Nuc 11 Pro Kit Nuc11Tnhv50L Firmware +53
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-40220 MEDIUM This Month

Improper buffer restrictions in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Nuc6Cayh Firmware Nuc6Cays Firmware
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-39411 MEDIUM This Month

Improper input validationation for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Unison Software
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-24587 MEDIUM This Month

Insufficient control flow management in firmware for some Intel(R) Optane(TM) SSD products may allow a privileged user to potentially enable denial of service via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Optane Memory H20 With Solid State Storage Firmware Optane Ssd 900P Firmware Optane Ssd Dc P4800X Firmware +2
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-22327 MEDIUM PATCH This Month

Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Information Disclosure Intel Agilex 7 Fpga F Series 006 Firmware +47
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-44320 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-36007 MEDIUM PATCH This Month

Microsoft Send Customer Voice survey from Dynamics 365 Spoofing Vulnerability. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Send Customer Voice Survey From Dynamics 365
NVD
CVSS 3.1
4.1
EPSS
1.1%
CVE-2023-22329 LOW Monitor

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via adjacent access. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Core I5 9400F Firmware Celeron J4005 Firmware Celeron N4100 Firmware Celeron N4000 Firmware Celeron J4105 Firmware +625
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-36016 LOW PATCH Monitor

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
3.4
EPSS
1.3%
CVE-2023-20519 LOW Monitor

A Use-After-Free vulnerability in the management of an SNP guest context page may allow a malicious hypervisor to masquerade as the guest's migration agent resulting in a potential loss of guest. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Milanpi Firmware Genoapi Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-45585 LOW Monitor

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM version 7.0.0, version 6.7.6 and below, version 6.6.3 and below, version 6.5.1 and below, version 6.4.2 and. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Elastic Information Disclosure Fortisiem
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-22313 LOW PATCH Monitor

Improper buffer restrictions in some Intel(R) QAT Library software before version 22.07.1 may allow a privileged user to potentially enable information disclosure via local access. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity.

Information Disclosure Intel Quickassist Technology Library Quickassist Technology Driver Firmware Qat Driver Firmware
NVD
CVSS 3.1
2.3
EPSS
0.2%
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy