Skip to main content
CVE-2023-0744 CRITICAL POC PATCH Act Now

Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Answer
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
6.4%
CVE-2023-0743 CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2023-0742 CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-0741 CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-0740 CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2023-25151 HIGH POC PATCH This Week

opentelemetry-go-contrib is a collection of extensions for OpenTelemetry-Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opentelemetry Go Contrib
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-0739 MEDIUM POC PATCH This Month

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') in GitHub repository answerdev/answer prior to 1.0.4. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available.

Race Condition Information Disclosure Answer
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2023-0748 MEDIUM POC PATCH This Month

Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Btcpayserver
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-0747 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Btcpayserver
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-25152 HIGH PATCH This Week

Wings is Pterodactyl's server control plane. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wings
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-24828 HIGH PATCH This Week

Onedev is a self-hosted Git Server with CI/CD and Kanban. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Onedev
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25164 HIGH PATCH This Week

Critical information disclosure vulnerability in TinaCMS CLI versions 1.0.0 through 1.0.8 that exposes environment variables (including sensitive credentials) by writing them in plaintext to the index.js file. Attackers can access exposed API keys, database credentials, or other secrets without authentication, though no active exploitation has been observed (EPSS: 0.37%, not in KEV). A patch is available in version 1.0.9.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.4%
CVE-2023-25165 MEDIUM POC PATCH This Month

Helm is a tool that streamlines installing and managing Kubernetes applications.`getHostByName` is a Helm template function introduced in Helm v3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Information Disclosure Helm
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-0251 HIGH This Week

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a buffer overflow through improper restrictions of operations within memory, which could allow an attacker to remotely. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Diascreen
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0250 HIGH This Week

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to a stack-based buffer overflow, which could allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Diascreen
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2023-0249 HIGH This Week

Delta Electronics DIAScreen versions 1.2.1.23 and prior are vulnerable to out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Diascreen
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25396 HIGH This Week

Privilege escalation in the MSI repair functionality in Caphyon Advanced Installer 20.0 and below allows attackers to access and manipulate system files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Advanced Installer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0002 HIGH This Week

A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto Microsoft Cortex Xdr Agent
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0401 HIGH PATCH This Week

A NULL pointer can be dereferenced when signatures are being verified on PKCS7 signed or signedAndEnveloped data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service OpenSSL Null Pointer Dereference Stormshield Management Center
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-0217 HIGH PATCH This Week

An invalid pointer dereference on read can be triggered when an application tries to check a malformed DSA public key by the EVP_PKEY_public_check() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service OpenSSL Null Pointer Dereference
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-0216 HIGH PATCH This Week

An invalid pointer dereference on read can be triggered when an application tries to load malformed PKCS7 data with the d2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service OpenSSL Null Pointer Dereference Stormshield Management Center
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-0215 HIGH PATCH This Week

The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free OpenSSL Denial Of Service Memory Corruption Stormshield Management Center
NVD
CVSS 3.1
7.5
EPSS
4.5%
CVE-2023-0286 HIGH PATCH This Week

There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption OpenSSL Denial Of Service Stormshield Management Center Stormshield Network Security
NVD
CVSS 3.1
7.4
EPSS
59.5%
CVE-2023-0690 HIGH PATCH This Week

HashiCorp Boundary from 0.10.0 through 0.11.2 contain an issue where when using a PKI-based worker with a Key Management Service (KMS) defined in the configuration file, new credentials created after. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Boundary
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-0001 MEDIUM POC This Month

An information exposure vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local system administrator to disclose the admin password for the agent in cleartext,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Paloalto Microsoft Cortex Xdr Agent
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-25163 MEDIUM PATCH This Month

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Information Disclosure Argo Cd
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-25166 MEDIUM PATCH This Month

formula is a math and string formula parser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Formula
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0751 MEDIUM PATCH This Month

When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Freebsd
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0003 MEDIUM This Month

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Paloalto Cortex Xsoar Fedora
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-25167 MEDIUM PATCH This Month

Discourse is an open source discussion platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-25150 MEDIUM PATCH This Month

Nextcloud office/richdocuments is an office suit for the nextcloud server platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Nextcloud Richdocuments
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-0720 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0717 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0716 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0715 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0711 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0684 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0718 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0726 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0725 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0724 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0722 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0685 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-23475 MEDIUM PATCH This Month

IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
4.6
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy