Skip to main content
CVE-2023-6462 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS User Registration And Login System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-49276 MEDIUM POC PATCH This Month

Uptime Kuma is an open source self-hosted monitoring tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google XSS Uptime Kuma
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6461 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Minipaint
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6463 MEDIUM POC This Month

A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS User Registration And Login System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-6449 MEDIUM PATCH This Month

The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Contact Form 7
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
8.7%
CVE-2023-28895 MEDIUM This Month

The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mib3 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-26024 MEDIUM This Month

IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4912 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49281 MEDIUM PATCH This Month

Calendarinho is an open source calendaring application to manage large teams of consultants. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Calendarinho
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-48314 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Microsoft Nextcloud Collabora Online
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49277 MEDIUM PATCH This Month

dpaste is an open source pastebin application written in Python using the Django framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Authentication Bypass Dpaste
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-42019 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service IBM Infosphere Information Server
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-42006 MEDIUM This Month

IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass IBM
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46174 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42022 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42009 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43015 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6033 MEDIUM This Month

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS Atlassian
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-43021 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-5915 MEDIUM This Month

A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stardom Fcj Firmware Stardom Fcn Firmware
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-3949 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-44381 MEDIUM PATCH This Month

October is a Content Management System (CMS) and web platform to assist with development workflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP October
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-46746 MEDIUM PATCH This Month

PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Posthog
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-4317 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3964 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-3443 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy