Skip to main content
CVE-2023-28870 MEDIUM POC This Month

Insecure File Permissions in Support Assistant in NCP Secure Enterprise Client before 12.22 allow attackers to write to configuration files from low-privileged user accounts. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Secure Enterprise Client
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28869 MEDIUM POC This Month

Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers read the contents of arbitrary files on the operating system by creating a symbolic link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secure Enterprise Client
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-50430 MEDIUM POC This Month

The Goodix Fingerprint Device, as shipped in Dell Inspiron 15 computers, does not follow the Secure Device Connection Protocol (SDCP) when enrolling via Linux, and accepts an unauthenticated. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Microsoft Dell Authentication Bypass Fingerprint Sensor Firmware
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-28874 MEDIUM POC This Month

The next parameter in the /accounts/login endpoint of Seafile 9.0.6 allows attackers to redirect users to arbitrary sites. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Seafile
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6646 MEDIUM POC This Month

A vulnerability classified as problematic has been found in linkding 1.23.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Linkding
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28873 MEDIUM POC This Month

An XSS issue in wiki and discussion pages in Seafile 9.0.6 allows attackers to inject JavaScript into the Markdown editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Seafile
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28871 MEDIUM POC This Month

Support Assistant in NCP Secure Enterprise Client before 12.22 allows attackers to read registry information of the operating system by creating a symbolic link. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Secure Enterprise Client
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-50431 MEDIUM PATCH This Month

sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-47465 MEDIUM PATCH This Month

An issue in GPAC v.2.2.1 and before allows a local attacker to cause a denial of service (DoS) via the ctts_box_read function of file src/isomedia/box_code_base.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-47722 MEDIUM This Month

IBM API Connect V10.0.5.3 and V10.0.6.0 stores user credentials in browser cache which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Api Connect
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28527 MEDIUM This Month

IBM Informix Dynamic Server 12.10 and 14.10 cdr is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow IBM Informix Dynamic Server Informix Dynamic Server On Cloud Pak For Data
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28526 MEDIUM This Month

IBM Informix Dynamic Server 12.10 and 14.10 archecker is vulnerable to a heap buffer overflow, caused by improper bounds checking which could allow a local user to cause a segmentation fault. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow IBM Informix Dynamic Server Informix Dynamic Server On Cloud Pak For Data
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-6560 MEDIUM PATCH This Month

An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Memory Corruption Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-5756 MEDIUM This Month

The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Digital Publications By Supsystic
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-50428 MEDIUM This Month

In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Bitcoin Core Bitcoin Knots
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-6120 MEDIUM This Month

The Welcart e-Commerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.9.6 via the upload_certificate_file function. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal WordPress Welcart E Commerce
NVD VulDB
CVSS 3.1
4.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy