Skip to main content
CVE-2023-26154 MEDIUM POC PATCH This Month

Versions of the package pubnub before 7.4.0; all versions of the package com.pubnub:pubnub; versions of the package pubnub before 6.19.0; all versions of the package github.com/pubnub/go; versions of. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure C Core Kotlin Pubnub Swift
NVD GitHub
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-28875 MEDIUM POC This Month

A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Filerun
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28876 MEDIUM POC This Month

A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filerun
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6512 MEDIUM This Month

Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Debian Linux Fedora Chrome
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-24547 MEDIUM This Month

On affected platforms running Arista MOS, the configuration of a BGP password will cause the password to be logged in clear text that can be revealed in local logs or remote logging servers by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-6527 MEDIUM PATCH This Month

The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Email Subscription Popup
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-46688 MEDIUM This Month

Open redirect vulnerability in Pleasanter 1.3.47.0 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Pleasanter
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49248 MEDIUM This Month

Vulnerability of unauthorized file access in the Settings app. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-48940 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in /admin.php of DaiCuo v2.5.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Daicuo
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34439 MEDIUM This Month

Pleasanter 1.3.47.0 and earlier contains a stored cross-site scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pleasanter
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6393 MEDIUM PATCH This Month

A flaw was found in the Quarkus Cache Runtime. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Build Of Quarkus
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-39326 MEDIUM PATCH This Month

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-6459 MEDIUM PATCH This Month

Mattermost is grouping calls in the /metrics endpoint by id and reports that id in the response. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-6273 MEDIUM This Month

Permission management vulnerability in the module for disabling Sound Booster. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-40053 MEDIUM This Month

A vulnerability has been identified within Serv-U 15.4 that allows an authenticated actor to insert content on the file share function feature of Serv-U, which could be used maliciously. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Serv U
NVD
CVSS 3.1
5.0
EPSS
0.8%
CVE-2023-45210 MEDIUM This Month

Pleasanter 1.3.47.0 and earlier contains an improper access control vulnerability, which may allow a remote authenticated attacker to view the temporary files uploaded by other users who are not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pleasanter
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6511 MEDIUM This Month

Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Debian Linux Fedora Chrome
NVD
CVSS 3.1
4.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy