Skip to main content
CVE-2023-5189 MEDIUM POC This Month

A path traversal vulnerability exists in Ansible when extracting tarballs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ansible Automation Platform Satellite
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-47641 MEDIUM POC PATCH This Month

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Request Smuggling Open Redirect Aiohttp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-46132 MEDIUM POC PATCH This Month

Hyperledger Fabric is an open source permissioned distributed ledger framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Fabric
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-43900 MEDIUM POC This Month

Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized access to application content and view sensitive data of other users via manipulation of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Emsigner
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-45881 MEDIUM POC This Month

GibbonEdu Gibbon through version 25.0.0 allows /modules/Planner/resources_addQuick_ajaxProcess.php file upload with resultant XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS Gibbon
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47684 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Essential Grid
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-43901 MEDIUM POC This Month

Incorrect access control in the AdHoc User creation form of EMSigner v2.8.7 allows unauthenticated attackers to arbitrarily modify usernames and privileges by using the email address of a registered. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Emsigner
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-46581 MEDIUM POC This Month

SQL injection vulnerability in Inventory Management v.1.0 allows a local attacker to execute arbitrary code via the name, uname and email parameters in the registration.php component. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Inventory Management
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46580 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in Inventory Management V1.0 allows attackers to execute arbitrary code via the pname parameter of the editProduct.php component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Inventory Management
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6128 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-6127 MEDIUM POC PATCH This Month

Unrestricted Upload of File with Dangerous Type in GitHub repository salesagility/suitecrm prior to 7.14.2, 7.12.14, 8.4.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45879 MEDIUM POC This Month

GibbonEdu Gibbon version 25.0.0 allows HTML Injection via an IFRAME element to the Messager component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gibbon
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-42327 MEDIUM POC THREAT This Month

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted URL to the getserviceproviders.php page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pfsense
NVD
CVSS 3.1
5.4
EPSS
55.4%
CVE-2023-42325 MEDIUM POC THREAT This Month

Cross Site Scripting (XSS) vulnerability in Netgate pfSense v.2.7.0 allows a remote attacker to gain privileges via a crafted url to the status_logs_filter_dynamic.php page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pfsense
NVD
CVSS 3.1
5.4
EPSS
57.9%
CVE-2023-41570 MEDIUM POC This Month

MikroTik RouterOS v7.1 to 7.11 was discovered to contain incorrect access control mechanisms in place for the Rest API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Mikrotik Authentication Bypass Routeros
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-46025 MEDIUM POC This Month

SQL Injection vulnerability in teacher-info.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to obtain sensitive information via the 'editid' parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Teacher Subject Allocation Management System
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-46026 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email'. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Teacher Subject Allocation Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31754 MEDIUM POC This Month

Optimizely CMS UI before v12.16.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Admin panel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Optimizely Cms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-47628 MEDIUM POC This Month

DataHub is an open-source metadata platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Datahub
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-6124 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Suitecrm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-44319 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Siemens 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware +68
NVD
CVSS 4.0
6.9
EPSS
0.4%
CVE-2023-44318 MEDIUM This Month

Affected devices use a hardcoded key to obfuscate the configuration backup that an administrator can export from the device. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure 6Gk5205 3Bb00 2Ab2 Firmware 6Gk5205 3Bb00 2Tb2 Firmware 6Gk5205 3Bd00 2Tb2 Firmware 6Gk5205 3Bd00 2Ab2 Firmware +67
NVD
CVSS 4.0
6.9
EPSS
0.7%
CVE-2023-27383 MEDIUM PATCH This Month

Protection mechanism failure in some Intel(R) oneAPI HPC Toolkit 2023.1 and Intel(R)MPI Library software before version 2021.9 may allow a privileged user to potentially enable escalation of. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Privilege Escalation Intel Advisor Inspector Mpi Library +2
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-38177 MEDIUM PATCH This Month

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sharepoint Enterprise Server Sharepoint Server
NVD
CVSS 3.1
6.8
EPSS
3.4%
CVE-2023-46446 MEDIUM PATCH This Month

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Asyncssh
NVD GitHub
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-34431 MEDIUM PATCH This Month

Improper input validation in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Intel Server Board M70Klp2Sb Firmware Server System M70Klp4S2Uhh Firmware Server Board M20Ntp2Sb Firmware +30
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-32662 MEDIUM This Month

Improper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Authentication Bypass Battery Life Diagnostic Tool
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-29177 MEDIUM This Month

Multiple buffer copy without checking size of input ('classic buffer overflow') vulnerabilities [CWE-120] in FortiADC version 7.2.0 and before 7.1.2 & FortiDDoS-F version 6.5.0 and before 6.4.1. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Fortiadc Fortiddos F
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20568 MEDIUM This Month

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch RadeonInstaller.exe without validating the file signature. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Microsoft Radeon Rx Vega M Firmware Radeon Software +4
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20567 MEDIUM This Month

Improper signature verification of RadeonTM RX Vega M Graphics driver for Windows may allow an attacker with admin privileges to launch AMDSoftwareInstaller.exe without validating the file signature. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

RCE Jwt Attack Microsoft Radeon Rx Vega M Firmware Radeon Software +4
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-28002 MEDIUM This Month

An improper validation of integrity check value vulnerability [CWE-354] in FortiOS 7.2.0 through 7.2.3, 7.0.0 through 7.0.12, 6.4 all versions, 6.2 all versions, 6.0 all versions and VMs may allow a. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortios
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-6006 MEDIUM This Month

This vulnerability potentially allows local attackers to escalate privileges on affected installations of PaperCut NG. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Papercut Mf Papercut Ng
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-45627 MEDIUM This Month

An authenticated Denial-of-Service (DoS) vulnerability exists in the CLI service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Arubaos Instantos
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39205 MEDIUM This Month

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meetings Video Software Development Kit Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-39199 MEDIUM This Month

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46023 MEDIUM This Month

SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Simple Task List
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-38131 MEDIUM This Month

Improper input validationation for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Intel Unison Software
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28376 MEDIUM This Month

Out-of-bounds read in the firmware for some Intel(R) E810 Ethernet Controllers and Adapters before version 1.7.1 may allow an unauthenticated user to potentially enable denial of service via adjacent. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Intel Ethernet Network Adapter E810 2Cqda2 Firmware +6
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-22290 MEDIUM This Month

Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Intel Unison Software
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-20592 MEDIUM This Month

Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Amd Information Disclosure Epyc 7001 Firmware Epyc 7251 Firmware Epyc 7261 Firmware +66
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-41676 MEDIUM This Month

An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM version 7.0.0 and before 6.7.5 may allow an attacker with access to windows agent logs to obtain the windows agent. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Fortisiem
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-36641 MEDIUM This Month

A numeric truncation error in Fortinet FortiProxy version 7.2.0 through 7.2.4, FortiProxy version 7.0.0 through 7.0.10, FortiProxy 2.0 all versions, FortiProxy 1.2 all versions, FortiProxy 1.1, all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Denial Of Service Fortiproxy Fortios
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-36413 MEDIUM PATCH This Month

Microsoft Office Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.5
EPSS
30.0%
CVE-2023-36398 MEDIUM PATCH This Month

Windows NTFS Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-36043 MEDIUM PATCH This Month

Open Management Infrastructure Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure System Center Operations Manager
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-46096 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC PCS neo (All versions < V4.1). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Simatic Pcs Neo
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-43505 MEDIUM This Month

A vulnerability has been identified in COMOS (All versions). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Comos
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-47518 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Restrict Categories
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47532 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Crowdfunding
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47524 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Patron Button And Widgets For Patreon
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy