Skip to main content
CVE-2023-3116 HIGH This Week

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information or rewrite sensitive file through incorrect default permissions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openharmony
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-6178 MEDIUM This Month

An arbitrary file write vulnerability exists where an authenticated attacker with privileges on the managing application could alter Nessus Rules variables to overwrite arbitrary files on the remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Nessus
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-6062 MEDIUM This Month

An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to overwrite arbitrary. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Nessus
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-36013 MEDIUM PATCH This Month

PowerShell Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Information Disclosure Authentication Bypass Powershell
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-47417 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in the component /shells/embedder.html of DZSlides after v2011.07.25 allows attackers to execute arbitrary code via a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Dzslides
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38883 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38882 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38881 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to execute arbitrary JavaScript in the web browser of a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Opensis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-47175 MEDIUM This Month

Cross-site scripting vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Luxcal Web Calendar
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-47217 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker cause DOS through buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46705 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker causes system information leak through type confusion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46100 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker get sensitive buffer information through use of uninitialized resource. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42774 MEDIUM This Month

in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information through incorrect default permissions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-6197 MEDIUM This Month

The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Audio Merchant
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47772 MEDIUM This Month

Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution <= 6.6.14. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Slider Revolution
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48309 MEDIUM PATCH This Month

NextAuth.js provides authentication for Next.js. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Next Auth
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-48218 MEDIUM PATCH This Month

The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Protected Populate
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-3379 MEDIUM This Month

Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Compact Controller 100 Firmware Edge Controller Firmware Pfc100 Firmware Pfc200 Firmware +3
NVD
CVSS 3.1
5.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy