Skip to main content
CVE-2023-48301 MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-48124 MEDIUM POC This Month

Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Sup Online Shopping
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46935 MEDIUM POC This Month

eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6142 MEDIUM POC This Month

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dev Blog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47643 MEDIUM POC PATCH This Month

SuiteCRM is a Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
5.3
EPSS
3.0%
CVE-2023-6144 MEDIUM POC This Month

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Dev Blog
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-48305 MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-48304 MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-5553 MEDIUM This Month

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Axis Os Axis Os 2022
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-6238 MEDIUM This Month

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel Fedora
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-48700 MEDIUM PATCH This Month

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nautobot Plugin Device Onboarding
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-6211 MEDIUM This Month

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-6210 MEDIUM This Month

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6209 MEDIUM This Month

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-6205 MEDIUM This Month

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +3
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-6204 MEDIUM This Month

On some systems-depending on the graphics settings and drivers-it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-21416 MEDIUM This Month

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axis Os Axis Os 2022
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-48701 MEDIUM PATCH This Month

Statamic CMS is a Laravel and Git powered content management system (CMS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Statamic
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-49104 MEDIUM This Month

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oauth2
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-49061 MEDIUM This Month

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Open Redirect Firefox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-48302 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-20265 MEDIUM This Month

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Ip Dect 110 Firmware Ip Dect 210 Firmware Unified Ip Phone 6901 Firmware +1
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6206 MEDIUM This Month

The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28802 MEDIUM This Month

An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client Connector
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-5599 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Dswymer 3Dexperience 2022 3Dswymer 3Dexperience 2023
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5598 MEDIUM This Month

Stored Cross-site Scripting (XSS) vulnerabilities affecting 3DSwym in 3DSwymer from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2023x allow an attacker to execute arbitrary script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 3Dswymer 3Dexperience 2022 3Dswymer 3Dexperience 2023
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48299 MEDIUM PATCH This Month

TorchServe is a tool for serving and scaling PyTorch models in production. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Torchserve
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-20208 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct an XSS attack against a user of the web-based management interface of an. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5776 MEDIUM PATCH This Month

The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Post Meta Data Manager
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy