Skip to main content
CVE-2023-48024 MEDIUM POC This Month

Liblisp through commit 4c65969 was discovered to contain a use-after-free vulnerability in void hash_destroy(hash_table_t *h) at hash.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Liblisp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-44352 MEDIUM POC THREAT This Month

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe XSS Coldfusion
NVD
CVSS 3.1
6.1
EPSS
84.8%
CVE-2023-48294 MEDIUM POC PATCH This Month

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure PHP Librenms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-22268 MEDIUM This Month

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe Information Disclosure SQLi Robohelp Server
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-38314 MEDIUM PATCH This Month

An issue was discovered in OpenNDS Captive Portal before version 10.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Captive Portal
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-42428 MEDIUM PATCH This Month

Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to delete directories and files in the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cubecart
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-47797 MEDIUM PATCH This Month

Reflected cross-site scripting (XSS) vulnerability on a content page’s edit page in Liferay Portal 7.4.3.94 through 7.4.3.95 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Liferay Portal
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-47071 MEDIUM PATCH This Month

Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe After Effects
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-44326 MEDIUM PATCH This Month

Adobe Dimension versions 3.4.9 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-44325 MEDIUM This Month

Adobe Animate versions 23.0.2 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Animate
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48295 MEDIUM PATCH This Month

LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-5445 MEDIUM This Month

An open redirect vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2, allows a remote low privileged user to modify the URL parameter for the purpose of redirecting URL request(s) to a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Epolicy Orchestrator
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48649 MEDIUM PATCH This Month

Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows stored XSS on the Admin page via an uploaded file name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26364 MEDIUM PATCH This Month

@adobe/css-tools version 4.3.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a minor denial of service while attempting to parse CSS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Denial Of Service Css Tools
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-38324 MEDIUM PATCH This Month

An issue was discovered in OpenNDS before 10.1.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Captive Portal
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-47283 MEDIUM PATCH This Month

Directory traversal vulnerability in CubeCart prior to 6.5.3 allows a remote authenticated attacker with an administrative privilege to obtain files in the system. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cubecart
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-47757 MEDIUM This Month

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber - Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Aweber
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-44355 MEDIUM This Month

Adobe ColdFusion versions 2023.5 (and earlier) and 2021.11 (and earlier) are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Coldfusion
NVD
CVSS 3.1
4.3
EPSS
47.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy