Skip to main content
CVE-2023-1080 MEDIUM POC THREAT This Month

The GN Publisher plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tab’ parameter in versions up to, and including, 1.5.5 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 34.0%.

XSS WordPress Gn Publisher
NVD VulDB
CVSS 3.1
6.1
EPSS
34.0%
CVE-2023-27293 MEDIUM POC This Month

Improper neutralization of input during web page generation allows an unauthenticated attacker to submit malicious Javascript as the answer to a questionnaire which would then be executed when an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27371 MEDIUM POC PATCH This Month

GNU libmicrohttpd before 0.9.76 allows remote DoS (Denial of Service) due to improper parsing of a multipart/form-data boundary in the postprocessor.c MHD_create_post_processor() method. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Information Disclosure Denial Of Service Libmicrohttpd
NVD GitHub
CVSS 3.1
5.9
EPSS
1.2%
CVE-2023-27295 MEDIUM POC This Month

Cross-site request forgery is facilitated by OpenCATS failure to require CSRF tokens in POST requests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Opencats
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27294 MEDIUM POC This Month

Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious Javascript as the description for a calendar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencats
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-27292 MEDIUM POC This Month

An open redirect vulnerability exposes OpenCATS to template injection due to improper validation of user-supplied GET parameters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Opencats
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-25807 MEDIUM POC PATCH This Month

DataEase is an open source data visualization and analysis tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Dataease
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-25431 MEDIUM POC This Month

An issue was discovered in Online Reviewer Management System v1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Reviewer Management System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-20857 MEDIUM This Month

VMware Workspace ONE Content contains a passcode bypass vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

VMware Authentication Bypass Workspace One Content
NVD
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-25575 MEDIUM PATCH This Month

API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Core
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1095 MEDIUM PATCH This Month

In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22999 MEDIUM PATCH This Month

In the Linux kernel before 5.16.3, drivers/usb/dwc3/dwc3-qcom.c misinterprets the dwc3_qcom_create_urs_usb_platdev return value (expects it to be NULL in the error case, whereas it is actually an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22998 MEDIUM PATCH This Month

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22997 MEDIUM PATCH This Month

In the Linux kernel before 6.1.2, kernel/module/decompress.c misinterprets the module_get_next_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22996 MEDIUM PATCH This Month

In the Linux kernel before 5.17.2, drivers/soc/qcom/qcom_aoss.c does not release an of_find_device_by_node reference after use, e.g., with put_device. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1018 MEDIUM This Month

An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Trusted Platform Module Windows 10 1507 Windows 10 1607 +9
NVD
CVSS 3.1
5.5
EPSS
5.6%
CVE-2023-1023 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Meta Seo
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-1022 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Google WordPress Wp Meta Seo
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-23983 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Responsive Vertical Icon Menu plugin <= 1.5.8 can lead to theme deletion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Responsive Vertical Icon Menu
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-1065 MEDIUM PATCH This Month

This vulnerability in the Snyk Kubernetes Monitor can result in irrelevant data being posted to a Snyk Organization, which could in turn obfuscate other, relevant, security issues. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Kubernetes Authentication Bypass Kubernetes Monitor
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1081 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

XSS Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1026 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Meta Seo
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-1027 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Meta Seo
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-1024 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Wp Meta Seo
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-23992 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AutomatorWP plugin <= 2.5.0 leads to object delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Automatorwp
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-1028 MEDIUM PATCH This Month

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Meta Seo
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-23865 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin <= 1.4.10 leads to settings change. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Stripe Payments For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy