Skip to main content
CVE-2023-4220 MEDIUM POC PATCH THREAT This Month

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP XSS Chamilo Lms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
76.1%
CVE-2023-6225 MEDIUM POC PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Shortcodes Ultimate
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-49078 MEDIUM POC PATCH This Month

raptor-web is a CMS for game server communities that can be used to host information and keep track of players. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Raptor Web
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-45286 MEDIUM POC PATCH This Month

A race condition in go-resty can result in HTTP request body disclosure across requests. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Information Disclosure Resty
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-6226 MEDIUM POC PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Shortcodes Ultimate
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-24023 MEDIUM This Month

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Code Injection Bluetooth Core Specification Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2023-42504 MEDIUM PATCH This Month

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-34055 MEDIUM PATCH This Month

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Boot
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-48042 MEDIUM This Month

Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Amazzing Filter
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6359 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Alumne Lms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35139 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Zld
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5981 MEDIUM This Month

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Debian Linux Gnutls Linux Fedora
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-49092 MEDIUM This Month

RustCrypto/RSA is a portable RSA implementation in pure Rust. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rsa
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-32065 MEDIUM PATCH This Month

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orocommerce
NVD GitHub
CVSS 3.1
5.8
EPSS
0.5%
CVE-2023-29060 MEDIUM This Month

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Facschorus
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-5960 MEDIUM This Month

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5797 MEDIUM This Month

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld Nwa110Ax Firmware Nwa1123Acv3 Firmware +17
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5650 MEDIUM This Month

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37926 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-37925 MEDIUM This Month

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Zld Nwa110Ax Firmware Nwa1123Acv3 Firmware +17
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35136 MEDIUM This Month

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zyxel Zld
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42502 MEDIUM PATCH This Month

An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Open Redirect Superset
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-47437 MEDIUM This Month

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java XSS Pachno
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-30588 MEDIUM This Month

When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Node Js
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-48121 MEDIUM This Month

An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs C6N A0 1C2Wfr Firmware Cs Cv310 A0 1C2Wfr Firmware Cs C6Cn A0 3H2Wfr Firmware Cs C3N A0 3H2Wfrl Firmware
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-48713 MEDIUM PATCH This Month

Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Serving
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-29061 MEDIUM This Month

There is no BIOS password on the FACSChorus workstation. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Facschorus
NVD
CVSS 3.1
5.2
EPSS
0.4%
CVE-2023-32063 MEDIUM PATCH This Month

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Client Relationship Management
NVD GitHub
CVSS 3.1
5.0
EPSS
0.5%
CVE-2023-4667 MEDIUM This Month

The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass Sgima Lite Lite Firmware Sigma Wide Firmware Sigma Extreme Firmware +3
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4397 MEDIUM This Month

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Zld
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-29065 MEDIUM This Month

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Facschorus
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-29064 MEDIUM This Month

The FACSChorus software contains sensitive information stored in plaintext. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Facschorus
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-42505 MEDIUM PATCH This Month

An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-32064 MEDIUM PATCH This Month

OroCommerce package with customer portal and non authenticated visitor website base features. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Orocommerce
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy