Skip to main content
CVE-2023-0942 MEDIUM POC PATCH THREAT This Month

The Japanized For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 2.5.4 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 46.1%.

XSS WordPress Japanized For Woocommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
46.1%
Threat
4.1
CVE-2023-25157 CRITICAL POC PATCH THREAT Act Now

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java SQLi Geoserver
NVD GitHub
CVSS 3.1
9.8
EPSS
85.2%
CVE-2023-24320 CRITICAL POC Act Now

An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Axcora
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-0938 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Music Gallery Site
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-0935 CRITICAL POC Act Now

A vulnerability was found in DolphinPHP up to 1.5.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Dolphinphp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.8%
CVE-2023-0232 CRITICAL POC PATCH Act Now

The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Code Injection WordPress PHP Shoplentor
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-26234 CRITICAL POC Act Now

JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Jd Gui
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25812 HIGH POC PATCH This Week

Minio is a Multi-Cloud Object Storage framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0943 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0.php?page=site_settings of the component Image Handler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Best Pos Management System
NVD VulDB Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-26253 HIGH POC This Week

In Gluster GlusterFS 11.0, there is an xlators/mount/fuse/src/fuse-bridge.c notify stack-based buffer over-read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Glusterfs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26266 HIGH POC This Week

In AFL++ 4.05c, the CmpLog component uses the current working directory to resolve and execute unprefixed fuzzing targets, allowing code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Afl
NVD GitHub
CVSS 3.1
7.3
EPSS
0.4%
CVE-2023-23009 MEDIUM POC This Month

Libreswan 4.9 allows remote attackers to cause a denial of service (assert failure and daemon restart) via crafted TS payload with an incorrect selector length. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libreswan Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-0936 MEDIUM POC This Month

A vulnerability was found in TP-Link Archer C50 V2_160801. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Archer C50
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-22984 MEDIUM POC This Month

A Vulnerability was discovered in Axis 207W network camera. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS 207W Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0442 MEDIUM POC This Month

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its query parameters before outputting them back in a page/post via an embedded shortcode, which could allow an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Loan Comparison
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0428 MEDIUM POC This Month

The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Watu Quiz
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24080 CRITICAL Act Now

A lack of rate limiting on the password reset endpoint of Chamberlain myQ v5.222.0.32277 (on iOS) allows attackers to compromise user accounts via a bruteforce attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Myq
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25657 CRITICAL PATCH Act Now

Nautobot is a Network Source of Truth and Network Automation Platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Nautobot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-25158 CRITICAL PATCH Act Now

GeoTools is an open source Java library that provides tools for geospatial data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Java SQLi Geotools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-0946 CRITICAL Act Now

A vulnerability has been found in SourceCodester Best POS Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Best Pos Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-22920 CRITICAL Act Now

A security misconfiguration vulnerability exists in the Zyxel LTE3316-M604 firmware version V2.00(ABMP.6)C0 due to a factory default misconfiguration intended for testing purposes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Zyxel Lte3202 M437 Firmware Lte3316 M604 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24184 CRITICAL Act Now

TOTOLink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-24081 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in Redrock Software TutorTrac before v4.2.170210 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tutortrac
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-25811 MEDIUM POC This Month

Uptime Kuma is a self-hosted monitoring tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Uptime Kuma
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0934 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0559 MEDIUM POC This Month

The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gs Portfolio For Envato
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0541 MEDIUM POC This Month

The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gs Books Showcase
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0540 MEDIUM POC This Month

The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gs Filterable Portfolio
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0492 MEDIUM POC This Month

The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gs Products Slider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0419 MEDIUM POC This Month

The Shortcode for Font Awesome WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortcode For Font Awesome
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0380 MEDIUM POC This Month

The Easy Digital Downloads WordPress plugin before 3.1.0.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Digital Downloads
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0378 MEDIUM POC This Month

The Greenshift WordPress plugin before 5.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Greenshift
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0375 MEDIUM POC This Month

The Easy Affiliate Links WordPress plugin before 3.7.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embedded, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Affiliate Links
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0372 MEDIUM POC This Month

The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Embedstories
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0371 MEDIUM POC This Month

The EmbedSocial WordPress plugin before 1.1.28 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Embedsocial
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0366 MEDIUM POC This Month

The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Loan Comparison
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0285 MEDIUM POC This Month

The Real Media Library WordPress plugin before 4.18.29 does not sanitise and escape the created folder names, which could allow users with the role of author and above to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Real Media Library
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0271 MEDIUM POC This Month

The WP Font Awesome WordPress plugin before 1.7.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Font Awesome
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0231 MEDIUM POC This Month

The ShopLentor WordPress plugin before 2.5.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shoplentor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0067 MEDIUM POC This Month

The Timed Content WordPress plugin before 2.73 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Timed Content
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0059 MEDIUM POC This Month

The Youzify WordPress plugin before 1.2.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Youzify
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0429 MEDIUM POC This Month

The Watu Quiz WordPress plugin before 3.3.8.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Watu Quiz
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0453 MEDIUM POC This Month

The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin) before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wp Private Messaging
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-24575 HIGH This Week

Dell Multifunction Printer E525w Driver and Software Suite, versions prior to 1.047.2022, A05, contain a local privilege escalation vulnerability that could be exploited by malicious users to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Multifunction Printer E525W Driver And Software Suite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26242 HIGH This Week

afu_mmio_region_get_by_offset in drivers/fpga/dfl-afu-region.c in the Linux kernel through 6.1.12 has an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26249 HIGH This Week

Knot Resolver before 5.6.0 enables attackers to consume its resources, launching amplification attacks and potentially causing a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Knot Resolver
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26267 MEDIUM PATCH This Month

php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Php Saml Sp
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-26235 MEDIUM PATCH This Month

JD-GUI 1.6.6 allows XSS via util/net/InterProcessCommunicationUtil.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jd Gui
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25810 MEDIUM This Month

Uptime Kuma is a self-hosted monitoring tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Uptime Kuma
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0945 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Best POS Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Best Pos Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy