Skip to main content
CVE-2023-0084 HIGH POC PATCH THREAT Act Now

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.4%.

WordPress XSS Metform Elementor Contact Form Builder Elementor
NVD Exploit-DB VulDB
CVSS 3.1
7.2
EPSS
58.4%
Threat
4.7
CVE-2023-26055 CRITICAL POC PATCH Act Now

XWiki Commons are technical libraries common to several other top level XWiki projects. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Commons
NVD GitHub
CVSS 3.1
9.9
EPSS
1.2%
CVE-2023-26477 CRITICAL POC PATCH THREAT Act Now

XWiki Platform is a generic wiki platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
74.8%
CVE-2023-26780 CRITICAL POC Act Now

CleverStupidDog yf-exam v 1.8.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Yf Exam
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1151 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Electronic Medical Records System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26475 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
64.5%
CVE-2023-26474 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-26472 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-26471 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-26478 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-26476 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26470 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26473 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-26479 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-1156 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Health Center Patient Record Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Health Center Patient Record Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1106 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository flatpressblog/flatpress prior to 1.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Flatpress
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2022-46501 CRITICAL Act Now

Accruent LLC Maintenance Connection 2021 (all) & 2022.2 was discovered to contain a SQL injection vulnerability via the E-Mail to Work Order function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Maintenance Connection
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-3854 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Glox Technology Useroam Hotspot allows SQL Injection.1.0.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Useroam Hotspot
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-26053 CRITICAL PATCH Act Now

Gradle is a build tool with a focus on build automation and support for multi-language development. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gradle
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-1157 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in finixbit elf-parser. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Elf Parser
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-26056 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26480 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-1149 MEDIUM POC PATCH This Month

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1147 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Flatpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1146 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository flatpressblog/flatpress prior to 1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Flatpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1107 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Flatpress
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1101 HIGH This Week

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonicos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22381 HIGH This Week

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Microsoft Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-25363 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25362 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25361 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25360 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25358 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk Fedora
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-1148 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository flatpressblog/flatpress prior to 1.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Flatpress
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0228 HIGH This Week

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Symphony Plus S Operations
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1118 HIGH PATCH This Week

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0656 HIGH POC THREAT This Week

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
7.5
EPSS
41.3%
CVE-2023-0053 HIGH This Week

SAUTER Controls Nova 200-220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nova 220 Eyk220F001 Firmware Nova 230 Eyk230F001 Firmware Nova 106 Eyk300F001 Firmware Modunet300 Ey Am300F001 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-25536 MEDIUM PATCH This Month

Dell PowerScale OneFS 9.4.0.x contains exposure of sensitive information to an unauthorized actor. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-45478 MEDIUM This Month

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-45477 MEDIUM This Month

Improper Handling of Parameters vulnerability in Bordam Information Technologies Library Automation System allows Collect Data as Provided by Users.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Library Automation System
NVD VulDB
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-25155 MEDIUM PATCH This Month

Redis is an in-memory database that persists on disk. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Redis
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1155 MEDIUM This Month

The Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the nd_cc_meta_box_cc_price_icon parameter in versions up to, and including, 1.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Cost Calculator
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-26046 MEDIUM PATCH This Month

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Teler Waf
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0085 MEDIUM PATCH This Month

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to reCaptcha Bypass in versions up to, and including, 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Metform Elementor Contact Form Builder Elementor
NVD VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-45479 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Library Automation System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-22462 MEDIUM PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Privilege Escalation Grafana XSS
NVD GitHub
CVSS 3.1
5.4
EPSS
1.6%
CVE-2023-26052 MEDIUM PATCH This Month

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Python Saleor
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-25806 MEDIUM PATCH This Month

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opensearch Opensearch Security
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-26051 MEDIUM PATCH This Month

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Python Saleor
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy