Skip to main content
CVE-2023-52339 MEDIUM POC PATCH This Month

In libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Libebml
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-51978 MEDIUM POC This Month

In PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Art Gallery Management System
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-51790 MEDIUM POC This Month

Cross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Piwigo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-40362 MEDIUM POC This Month

An issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Click2Gov Building Permit
NVD GitHub
CVSS 3.1
4.3
EPSS
6.1%
CVE-2022-4961 MEDIUM POC This Month

A vulnerability was found in Weitong Mall 1.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Wetong Mall
NVD VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-50920 MEDIUM POC This Month

An issue was discovered on GL.iNet devices before version 4.5.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Session Fixation Gl Ax1800 Firmware Gl Axt1800 Firmware Gl Mt3000 Firmware +9
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-51806 MEDIUM POC This Month

File Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Ujcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-4962 MEDIUM POC This Month

A vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apollo
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-31033 MEDIUM This Month

NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Denial Of Service Information Disclosure Nvidia RCE +1
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2023-6955 MEDIUM This Month

A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Gitlab
NVD VulDB
CVSS 3.1
6.6
EPSS
0.0%
CVE-2023-31034 MEDIUM This Month

NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. Rated medium severity (CVSS 6.6). No vendor patch available.

Integer Overflow Nvidia Denial Of Service Information Disclosure Dgx A100 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2023-31025 MEDIUM This Month

NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nvidia Code Injection LDAP Dgx A100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-6683 MEDIUM PATCH This Month

A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Qemu Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-36842 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-49258 MEDIUM This Month

User browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS H8951 4G Esp Firmware
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-49260 MEDIUM This Month

An XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS H8951 4G Esp Firmware
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2022-48619 MEDIUM PATCH This Month

An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Linux Denial Of Service Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-0437 MEDIUM This Month

When calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Driver
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-28898 MEDIUM This Month

The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Superb 3 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2023-28899 MEDIUM This Month

By sending a specific reset UDS request via OBDII port of Skoda vehicles, it is possible to cause vehicle engine shutdown and denial of service of other vehicle components even when the vehicle is. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Superb 3 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-49801 MEDIUM PATCH This Month

Lif Auth Server is a server for validating logins, managing information, and account recovery for Lif Accounts. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Lif Auth Server
NVD GitHub
CVSS 3.1
4.2
EPSS
0.3%
CVE-2023-31031 MEDIUM This Month

NVIDIA DGX Station A100 and DGX Station A800 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Information Disclosure Nvidia +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2023-28897 MEDIUM This Month

The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Superb 3 Firmware
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-23301 MEDIUM POC PATCH This Month

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Relax And Recover Linux Enterprise Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-21639 MEDIUM POC PATCH This Month

CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Buffer Overflow Google Information Disclosure Chromium Embedded Framework Chrome
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-0473 MEDIUM This Month

A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Dormitory Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-21655 MEDIUM Monitor

Discourse is a platform for community discussion. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-21654 MEDIUM PATCH Monitor

Rubygems.org is the Ruby community's gem hosting service. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Rubygems Org
NVD GitHub
CVSS 3.1
4.8
EPSS
0.1%
CVE-2024-0471 MEDIUM This Month

A vulnerability was found in code-projects Human Resource Integrated System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Human Resource Integrated System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0470 MEDIUM This Month

A vulnerability was found in code-projects Human Resource Integrated System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Human Resource Integrated System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0469 MEDIUM This Month

A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Human Resource Integrated System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0468 MEDIUM This Month

A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Fighting Cock Information System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0466 MEDIUM This Month

A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0.php. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

PHP SQLi Employee Profile Management System
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-0464 MEDIUM This Month

A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Faculty Clearance
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0463 MEDIUM This Month

A vulnerability was found in code-projects Online Faculty Clearance 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Faculty Clearance System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0462 MEDIUM This Month

A vulnerability was found in code-projects Online Faculty Clearance 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Faculty Clearance System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0461 MEDIUM This Month

A vulnerability was found in code-projects Online Faculty Clearance 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Faculty Clearance System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-22494 MEDIUM POC This Month

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22493 MEDIUM POC This Month

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-22492 MEDIUM POC This Month

A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0460 MEDIUM This Month

A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Faculty Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0459 MEDIUM POC Monitor

A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank Donor Management System
NVD VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-22027 MEDIUM This Month

Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Denial Of Service Quiz Maker
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-23179 MEDIUM POC PATCH This Month

An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23178 MEDIUM POC This Month

An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-23177 MEDIUM POC PATCH This Month

An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23174 MEDIUM POC PATCH This Month

An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-23173 MEDIUM POC PATCH This Month

An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS PHP Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-23172 MEDIUM POC PATCH This Month

An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2024-23171 MEDIUM POC PATCH This Month

An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy