Skip to main content
CVE-2023-26054 MEDIUM POC PATCH This Month

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buildkit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-24737 MEDIUM POC This Month

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pmb
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-24735 MEDIUM POC This Month

PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Pmb
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-24733 MEDIUM POC This Month

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pmb
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-22432 MEDIUM POC PATCH This Month

Open redirect vulnerability exists in web2py versions prior to 2.23.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Web2Py
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2023-22481 MEDIUM POC PATCH This Month

FreshRSS is a self-hosted RSS feed aggregator. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

PHP Authentication Bypass Freshrss
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-1189 MEDIUM POC This Month

A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wise Folder Hider
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1188 MEDIUM POC This Month

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webcam For Remote Desktop
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1187 MEDIUM POC This Month

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic.sys of the component Global Variable Handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webcam For Remote Desktop
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1186 MEDIUM POC This Month

A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Webcam For Remote Desktop
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1200 MEDIUM POC This Month

A vulnerability was found in ehuacui bbs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ehuacui Bbs
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0377 MEDIUM POC This Month

The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Scriptless Social Sharing
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-0212 MEDIUM POC This Month

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advanced Recent Posts
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0165 MEDIUM POC This Month

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cost Calculator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0078 MEDIUM POC This Month

The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Resume Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0069 MEDIUM POC This Month

The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpaudio Mp3 Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0068 MEDIUM POC This Month

The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Gtin Ean Upc Isbn For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0065 MEDIUM POC This Month

The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS I2 Pros Cons
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0064 MEDIUM POC This Month

The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Evision Responsive Column Layout Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0063 MEDIUM POC This Month

The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-26108 MEDIUM POC PATCH This Month

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nest
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-1197 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Community Skeleton
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0328 MEDIUM POC This Month

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wpcode
NVD WPScan
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-26600 MEDIUM This Month

ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Manageengine Assetexplorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
6.5
EPSS
6.3%
CVE-2021-35377 MEDIUM This Month

Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE PHP Vicidial
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-2178 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saysis Computer Starcities allows Cross-Site Scripting (XSS).1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Starcities
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-27472 MEDIUM PATCH This Month

quickentity-editor-next is an open source, system local, video game asset editor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Quickentity Editor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-0330 MEDIUM PATCH This Month

A vulnerability in the lsi53c895a device affects the latest version of qemu. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Stack Overflow Buffer Overflow Qemu Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.3%
CVE-2022-42248 MEDIUM This Month

QlikView 12.60.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the QvsViewClient functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qlikview
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27474 MEDIUM PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Directus
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0076 MEDIUM This Month

The Download Attachments WordPress plugin before 1.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Download Attachments
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22857 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an injection of a malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Blogengine Net
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22856 MEDIUM This Month

A stored Cross-site Scripting (XSS) vulnerability in BlogEngine.NET 3.3.8.0, allows injection of arbitrary JavaScript in the security context of a blog visitor through an upload of a specially. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Blogengine Net
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25077 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Authentication Key Settings of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker to inject an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ec Cube
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-22838 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Product List Screen and Product Detail Screen of EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0 allows a remote authenticated attacker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ec Cube
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22438 MEDIUM PATCH This Month

Cross-site scripting vulnerability in Contents Management of EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.0.6-p2, EC-CUBE 4.1.0 to 4.1.2-p1, and EC-CUBE 4.2.0), EC-CUBE 3 series (EC-CUBE 3.0.0 to 3.0.18-p5),. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ec Cube
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-25169 MEDIUM PATCH This Month

discourse-yearly-review is a discourse plugin which publishes an automated Year in Review topic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse Yearly Review
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-22858 MEDIUM This Month

An Improper Access Control vulnerability in BlogEngine.NET 3.3.8.0, allows unauthenticated visitors to access the files of unpublished blogs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Blogengine Net
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy