Skip to main content
CVE-2023-38826 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Solutions Destiny
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-7100 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2023-49944 MEDIUM This Month

The Challenge Response feature of BeyondTrust Privilege Management for Windows (PMfW) before 2023-07-14 allows local administrators to bypass this feature by decrypting the shared key, or by locating. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Privilege Management For Windows
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-37225 MEDIUM This Month

Pexip Infinity before 32 allows Webapp1 XSS via preconfigured links. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Pexip Infinity
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-40236 MEDIUM This Month

In Pexip VMR self-service portal before 3, the same SSH host key is used across different customers' installations, which allows authentication bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Virtual Meeting Rooms
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-7098 MEDIUM This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in icret EasyImages 2.8.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Path Traversal PHP Easyimages2 0
NVD VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-30451 MEDIUM PATCH This Month

In TYPO3 11.5.24, the filelist component allows attackers (who have access to the administrator panel) to read arbitrary files via directory traversal in the baseuri field, as demonstrated by POST. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Typo3
NVD
CVSS 3.1
4.9
EPSS
1.2%
CVE-2023-31297 MEDIUM This Month

An issue was discovered in SESAMI planfocus CPTO (Cash Point & Transport Optimizer) 6.3.8.6 718. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cash Point Transport Optimizer
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-48652 MEDIUM PATCH This Month

Concrete CMS 9 before 9.2.3 is vulnerable to Cross Site Request Forgery (CSRF) via /ccm/system/dialogs/logs/delete_all/submit. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Concrete Cms
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-47247 MEDIUM This Month

In SysAid On-Premise before 23.3.34, there is an edge case in which an end user is able to delete a Knowledge Base article, aka bug 15102. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sysaid
NVD
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy