Skip to main content
CVE-2023-26920 MEDIUM POC PATCH This Month

fast-xml-parser before 4.1.2 allows __proto__ for Prototype Pollution. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Fast Xml Parser
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-36654 MEDIUM POC This Month

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cryptospike
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-28604 MEDIUM POC PATCH This Month

The fluid_components (aka Fluid Components) extension before 3.5.0 for TYPO3 allows XSS via a component argument parameter, for certain {content} use cases that may be edge cases. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fluid Components
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49563 MEDIUM POC This Month

Cross Site Scripting (XSS) in Voltronic Power SNMP Web Pro v.1.1 allows an attacker to execute arbitrary code via a crafted script within a request to the webserver. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Snmp Web Pro
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49994 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Espeak Ng
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-46219 MEDIUM POC This Month

When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-49993 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow via the function ReadClause at readclause.c. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Espeak Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-49992 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Espeak Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-49991 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Espeak Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-49990 MEDIUM POC This Month

Espeak-ng 1.52-dev was discovered to contain a buffer-overflow via the function SetUpPhonemeTable at synthdata.c. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Espeak Ng
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-36652 MEDIUM POC This Month

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cryptospike
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-35629 MEDIUM PATCH This Month

Microsoft USBHUB 3.0 Device Driver Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Microsoft Windows 10 1507 +2
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-49695 MEDIUM This Month

OS command injection vulnerability in WRC-X3000GSN v1.0.2, WRC-X3000GS v1.0.24 and earlier, and WRC-X3000GSA v1.0.24 and earlier allows a network-adjacent attacker with an administrative privilege to. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Wrc X3000Gsn Firmware Wrc X3000Gs Firmware Wrc X3000Gsa Firmware
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-42476 MEDIUM This Month

SAP Business Objects Web Intelligence - version 420, allows an authenticated attacker to inject JavaScript code into Web Intelligence documents which is then executed in the victim’s browser each. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP XSS Businessobjects Web Intelligence
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-41337 MEDIUM PATCH This Month

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Code Injection Jwt Attack H2O
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-49692 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V7.2.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V7.2.2), SCALANCE. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens 6Gk6108 4Am00 2Ba2 Firmware 6Gk6108 4Am00 2Da2 Firmware 6Gk5804 0Ap00 2Aa2 Firmware +17
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2023-49691 MEDIUM This Month

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.0), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.0), SCALANCE M804PB. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Siemens 6Gk6108 4Am00 2Ba2 Firmware 6Gk6108 4Am00 2Da2 Firmware 6Gk5804 0Ap00 2Aa2 Firmware +17
NVD
CVSS 3.1
6.7
EPSS
0.6%
CVE-2023-6687 MEDIUM This Month

An issue was discovered by Elastic whereby Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Agent
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49922 MEDIUM PATCH This Month

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Elastic Beats
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49089 MEDIUM PATCH This Month

Umbraco is an ASP.NET content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Umbraco Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49923 MEDIUM This Month

An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Enterprise Search
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35642 MEDIUM PATCH This Month

Internet Connection Sharing (ICS) Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +9
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-35636 MEDIUM PATCH This Month

Microsoft Outlook Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel
NVD
CVSS 3.1
6.5
EPSS
17.6%
CVE-2023-4421 MEDIUM This Month

The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Nss
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-50495 MEDIUM PATCH This Month

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry(). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ncurse
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-49809 MEDIUM This Month

Mattermost fails to handle a null request body in the /add endpoint, allowing a simple member to send a request with null request body to that endpoint and make it crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41120 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-41115 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41114 MEDIUM This Month

An issue was discovered in EnterpriseDB Postgres Advanced Server (EPAS) before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PostgreSQL Postgres Advanced Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5536 MEDIUM This Month

A feature in LXD (LP#1829071), affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Ubuntu Ubuntu Linux
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-49587 MEDIUM This Month

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Command Injection Solution Manager
NVD
CVSS 3.1
6.4
EPSS
0.4%
CVE-2023-42914 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-48313 MEDIUM PATCH This Month

Umbraco is an ASP.NET content management system (CMS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Umbraco Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46282 MEDIUM PATCH This Month

A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions <. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Opcenter Quality Simatic Pcs Neo Sinumerik Integrate Runmyhmi Automotive Totally Integrated Automation Portal
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4958 MEDIUM PATCH This Month

In Red Hat Advanced Cluster Security (RHACS), it was found that some security related HTTP headers were missing, allowing an attacker to exploit this with a clickjacking attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Red Hat XSS Advanced Cluster Security
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49577 MEDIUM This Month

The SAP HCM (SMART PAYE solution) - versions S4HCMCIE 100, SAP_HRCIE 600, SAP_HRCIE 604, SAP_HRCIE 608, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP XSS Human Capital Management
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-42479 MEDIUM This Month

An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Biller Direct
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-36009 MEDIUM PATCH This Month

Microsoft Word Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35635 MEDIUM PATCH This Month

Windows Kernel Denial of Service Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Microsoft Windows 11 22h2 +1
NVD
CVSS 3.1
5.5
EPSS
1.0%
CVE-2023-42932 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42924 MEDIUM This Month

A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42922 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42919 MEDIUM This Month

A privacy issue was addressed with improved private data redaction for log entries. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42900 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42898 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-42894 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42891 MEDIUM This Month

An authentication issue was addressed with improved state management. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42884 MEDIUM This Month

This issue was addressed with improved redaction of sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42883 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-6710 MEDIUM POC This Month

A flaw was found in the mod_proxy_cluster in the Apache server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Mod Proxy Cluster Enterprise Linux
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy