Skip to main content
CVE-2023-33202 MEDIUM POC PATCH This Month

Bouncy Castle for Java before 1.73 contains a potential Denial of Service (DoS) issue within the Bouncy Castle org.bouncycastle.openssl.PEMParser class. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java OpenSSL Denial Of Service Bouncy Castle For Java Fips Java Api
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2023-41786 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pandora Fms
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4595 MEDIUM This Month

An information exposure vulnerability has been found, the exploitation of which could allow a remote user to retrieve sensitive information stored on the server such as credential files,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Slmail
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4593 MEDIUM This Month

Path traversal vulnerability whose exploitation could allow an authenticated remote user to bypass SecurityManager's intended restrictions and list a parent directory via any filename, such as a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Slmail
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-28811 MEDIUM PATCH This Month

There is a buffer overflow in the password recovery feature of Hikvision NVR/DVR models. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Hikvision Nvr 216Mh C D Firmware Nvr 216Mh C 16P D Firmware Nvr 208Mh C 8P D Firmware +37
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-40002 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pluggabl LLC Booster for WooCommerce plugin <= 7.1.1 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Booster For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23978 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SwitchWP WP Client Reports plugin <= 1.0.16 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wp Client Reports
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4406 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KC Group E-Commerce Software allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kc Group E Commerce Software
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-49215 MEDIUM This Month

Usedesk before 1.7.57 allows filter reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Usedesk
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41811 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41810 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41792 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-41789 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47790 MEDIUM This Month

Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) vulnerability in Poporon Pz-LinkCard plugin <= 2.4.8 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Pz Linkcard
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-47529 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ThemeIsle Cloud Templates & Patterns collection.2.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloud Templates Patterns Collection
NVD
CVSS 3.1
5.3
EPSS
3.4%
CVE-2023-43123 MEDIUM PATCH This Month

On unix-like systems, the temporary directory is shared between all user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Oracle Apple Atlassian Java Apache +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49216 MEDIUM This Month

Usedesk before 1.7.57 allows profile stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Usedesk
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41791 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4594 MEDIUM This Month

Stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Slmail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47839 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in impleCode eCommerce Product Catalog Plugin for WordPress plugin <= 3.3.26 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ecommerce Product Catalog
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47835 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ARI Soft ARI Stream Quiz - WordPress Quizzes Builder plugin <= 1.2.32 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Ari Stream Quiz
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47834 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master plugin <= 8.1.13 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Quiz And Survey Master
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47244 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Omnisend Email Marketing for WooCommerce by Omnisend.13.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Email Marketing For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-47833 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jeroen Schmit Theater for WordPress plugin <= 0.18.3 versions. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Theater For Wordpress
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy