Skip to main content
CVE-2023-47624 MEDIUM POC This Month

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Audiobookshelf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-47619 MEDIUM POC This Month

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Audiobookshelf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6757 MEDIUM POC This Month

A vulnerability was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-41621 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-47623 MEDIUM POC This Month

Scrypted is a home video integration and automation platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scrypted
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47620 MEDIUM POC This Month

Scrypted is a home video integration and automation platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scrypted
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6775 MEDIUM POC This Month

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pos And Inventory Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6380 MEDIUM POC This Month

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Opencms
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-6379 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opencms
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2023-47324 MEDIUM POC PATCH This Month

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Silverpeas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-50268 MEDIUM POC PATCH This Month

jq is a command-line JSON processor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Jq
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-50246 MEDIUM POC PATCH This Month

jq is a command-line JSON processor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Jq
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-47325 MEDIUM POC PATCH This Month

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Silverpeas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6774 MEDIUM POC This Month

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pos And Inventory Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-6760 MEDIUM POC This Month

A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-47321 MEDIUM POC PATCH This Month

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Silverpeas
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-47327 MEDIUM POC PATCH This Month

The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Silverpeas
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6762 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-6758 MEDIUM POC This Month

A vulnerability was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icecms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-50770 MEDIUM PATCH This Month

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier stores a password of a local user account used as an anti-lockout feature in a recoverable format, allowing attackers with access to the. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openid
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-49646 MEDIUM This Month

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Authentication Bypass Meeting Software Development Kit Video Software Development Kit +2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-43585 MEDIUM This Month

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple Meeting Software Development Kit Video Software Development Kit Zoom
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-50248 MEDIUM PATCH This Month

CKAN is an open-source data management system for powering data hubs and data portals. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Ckan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6660 MEDIUM This Month

When a program running on an affected system appends data to a file via an NFS client mount, the bug can cause the NFS client to fail to copy in the data to be written but proceed as though the copy. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46675 MEDIUM This Month

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error or in the event where debug level logging is enabled in Kibana. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46671 MEDIUM This Month

An issue was discovered by Elastic whereby sensitive information may be recorded in Kibana logs in the event of an error. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Kibana
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-6792 MEDIUM This Month

An OS command injection vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated API user to disrupt system processes and potentially execute arbitrary code with. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Paloalto Command Injection Pan Os
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2023-49296 MEDIUM PATCH This Month

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Create Agent
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-6790 MEDIUM This Month

A DOM-Based cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to execute a JavaScript payload in the context of an administrator’s browser when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Paloalto XSS Pan Os
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-6767 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Guest e-Book 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Wedding Guest E Book
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-50771 MEDIUM PATCH This Month

Jenkins OpenId Connect Authentication Plugin 2.6 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Open Redirect Openid Connect Authentication
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6719 MEDIUM This Month

An XSS vulnerability has been detected in Repox, which allows an attacker to compromise interactions between a user and the vulnerable application, and can be exploited by a third party by sending a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Repox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47575 MEDIUM This Month

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47574 MEDIUM This Month

An issue was discovered on Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-45725 MEDIUM PATCH This Month

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Couchdb
NVD
CVSS 3.1
5.7
EPSS
1.2%
CVE-2023-50442 MEDIUM This Month

Encrypted folders created by PRIMX ZONECENTRAL through 2023.5 can be modified by a local attacker (with appropriate privileges) so that specific file types are excluded from encryption temporarily. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Zonecentral
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-50440 MEDIUM This Month

ZED containers produced by PRIMX ZED!. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Zed Zedmail Zonecentral
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-50441 MEDIUM This Month

Encrypted folders created by PRIMX ZONECENTRAL for Windows before Q.2021.2 (ANSSI qualification submission) or ZONECENTRAL for Windows before 2023.5 can be modified by an unauthenticated attacker to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Zonecentral
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-48638 MEDIUM This Month

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48637 MEDIUM This Month

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48636 MEDIUM This Month

Adobe Substance 3D Designer versions 13.0.0 (and earlier) and 13.1.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Designer
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48635 MEDIUM PATCH This Month

Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe After Effects
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-47081 MEDIUM This Month

Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-47080 MEDIUM This Month

Adobe Substance 3D Stager versions 2.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-47079 MEDIUM This Month

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-47078 MEDIUM This Month

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-47062 MEDIUM This Month

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-47061 MEDIUM This Month

Adobe Dimension versions 3.4.10 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-44362 MEDIUM This Month

Adobe Prelude versions 22.6 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Adobe Information Disclosure Prelude
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-6381 MEDIUM This Month

Improper input validation vulnerability in Newsletter Software SuperMailer affecting version 11.20.0.2204. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Supermailer
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy