Skip to main content
CVE-2023-7059 MEDIUM POC This Month

A vulnerability was found in SourceCodester School Visitor Log e-Book 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS School Visitor Log E Book
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7056 MEDIUM POC This Month

A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Faculty Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7055 MEDIUM POC This Month

A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7054 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-49086 MEDIUM POC PATCH This Month

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Cacti
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2023-50259 MEDIUM POC PATCH This Month

Medusa is an automatic video library manager for TV shows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Medusa
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-50258 MEDIUM POC This Month

Medusa is an automatic video library manager for TV shows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Medusa
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-50928 CRITICAL PATCH Act Now

"Sandbox Accounts for Events" provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Awslabs Sandbox Accounts For Events
NVD GitHub
CVSS 3.1
9.0
EPSS
0.4%
CVE-2023-49088 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti
NVD GitHub
CVSS 3.1
4.8
EPSS
1.3%
CVE-2023-51708 HIGH This Week

Bentley eB System Management Console applications within Assetwise Integrity Information Server allow an unauthenticated user to view configuration options via a crafted request, leading to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Assetwise Alim For Transportation Eb System Management Console
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2023-7052 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-48670 HIGH This Week

Dell SupportAssist for Home PCs version 3.14.1 and prior versions contain a privilege escalation vulnerability in the installer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Home Pcs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-50730 HIGH PATCH This Week

Grackle is a GraphQL server written in functional Scala, built on the Typelevel stack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Grackle
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-51662 HIGH PATCH This Week

The Snowflake .NET driver provides an interface to the Microsoft .NET open source software framework for developing applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Snowflake Connector
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-48704 HIGH PATCH This Week

ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43088 MEDIUM This Month

Dell Client BIOS contains a pre-boot direct memory access (DMA) vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Dell Precision 7865 Tower Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-39251 MEDIUM This Month

Dell BIOS contains an Improper Input Validation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Inspiron 7510 Firmware Inspiron 7610 Firmware Latitude 5430 Rugged Firmware +10
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-48308 MEDIUM PATCH This Month

Nextcloud/Cloud is a calendar app for Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Calendar
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-50727 MEDIUM PATCH This Month

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Redis XSS Resque
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-50725 MEDIUM PATCH This Month

Resque is a Redis-backed Ruby library for creating background jobs, placing them on multiple queues, and processing them later. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Redis XSS Resque
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-7076 MEDIUM PATCH This Month

A vulnerability was found in slawkens MyAAC up to 0.8.13. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Myaac
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-45165 MEDIUM This Month

IBM AIX 7.2 and 7.3 could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service IBM Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-50924 MEDIUM PATCH This Month

Englesystem is a shift planning system for chaos events. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Engelsystem
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-50712 MEDIUM This Month

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass Iris
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-49791 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-45957 MEDIUM PATCH This Month

A stored cross-site scripting (XSS) vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

PHP XSS Thirty Bees
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-51451 MEDIUM PATCH This Month

Symbolicator is a service used in Sentry. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Symbolicator
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-51649 MEDIUM PATCH This Month

Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Python PostgreSQL Authentication Bypass Nautobot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-49790 MEDIUM PATCH This Month

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Apple Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-51386 LOW PATCH Monitor

Sandbox Accounts for Events provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Awslabs Sandbox Accounts For Events
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-51651 LOW PATCH Monitor

AWS SDK for PHP is the Amazon Web Services software development kit for PHP. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Aws Software Development Kit
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy