Skip to main content
CVE-2023-3742 MEDIUM POC This Month

Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-49269 MEDIUM POC This Month

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hotel Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0011 MEDIUM This Month

A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toby L200 Firmware Toby L201 Firmware Toby L210 Firmware Toby L220 Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-28491 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.7.6. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Slideshow Gallery
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-6910 MEDIUM This Month

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-47161 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Urbancode Deploy
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-50704 MEDIUM This Month

An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Uc 500E Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-50703 MEDIUM This Month

An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Uc 500E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-32128 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box - Accept Payments in any Cryptocurrency on. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cryptocurrency Payment Donation Box
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-47599 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager - 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.2.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress File Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-31092 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.0.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easy Bet
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42012 MEDIUM This Month

An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Urbancode Deploy
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36520 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.7.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Editorial Calendar
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-38513 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Photo Engine
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-50639 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Cute Http File Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49272 MEDIUM This Month

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Hotel Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49271 MEDIUM This Month

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Hotel Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49270 MEDIUM This Month

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Hotel Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-51462 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-51461 MEDIUM This Month

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-51460 MEDIUM This Month

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-51459 MEDIUM This Month

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-51458 MEDIUM This Month

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-51457 MEDIUM This Month

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Experience Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47707 MEDIUM PATCH This Month

IBM Security Guardium Key Lifecycle Manager 4.3 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-47597 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Popup Maker Popup Maker - Popup for opt-ins, lead gen, & more.17.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Popup Maker
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-41796 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sunshine Photo Cart
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-47703 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-50705 MEDIUM This Month

An attacker could create malicious requests to obtain sensitive information about the web server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uc 500E Firmware
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-42013 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Urbancode Deploy
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-6769 MEDIUM This Month

Stored XSS vulnerability in Amazing Little Poll, affecting versions 1.3 and 1.4. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Amazing Little Poll
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2023-6784 MEDIUM This Month

A malicious user could potentially use the Sitefinity system for the distribution of phishing emails. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sitefinity
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-47705 MEDIUM This Month

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to manipulate username data due to improper input validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-50706 MEDIUM This Month

A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Uc 500E Firmware
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy