Skip to main content
CVE-2022-41328 MEDIUM KEV THREAT This Month

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on...

NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-27479 CRITICAL POC PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
9.9
EPSS
1.1%
CVE-2023-24775 CRITICAL POC THREAT Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\Member.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
19.8%
CVE-2023-24781 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \member\MemberLevel.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1253 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Health Center Patient Record Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Health Center Patient Record Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1263 MEDIUM POC PATCH THREAT This Month

The CMP - Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Information Disclosure WordPress Coming Soon Maintenance
NVD VulDB
CVSS 3.1
5.3
EPSS
18.6%
CVE-2023-1003 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Typora up to 1.5.5 on Windows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Microsoft Typora
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27480 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE Xwiki
NVD GitHub
CVSS 3.1
7.7
EPSS
0.7%
CVE-2023-25223 HIGH POC This Week

CRMEB <=1.3.4 is vulnerable to SQL Injection via /api/admin/user/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Crmeb Java
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-1211 HIGH POC PATCH This Week

SQL Injection in GitHub repository phpipam/phpipam prior to v1.5.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Phpipam
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
3.0%
CVE-2021-4330 HIGH PATCH This Week

The Envato Elements & Download and Template Kit - Import plugins for WordPress are vulnerable to arbitrary file uploads due to insufficient validation of file type upon extracting uploaded Zip files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Envato Elements Template Kit Import
NVD VulDB
CVSS 3.1
8.8
EPSS
9.1%
CVE-2023-27478 MEDIUM POC PATCH This Month

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libmemcached
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-3760 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.0.0.58. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mia Med
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-25690 CRITICAL Act Now

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Request Smuggling Authentication Bypass Http Server
NVD
CVSS 3.1
9.8
EPSS
83.8%
CVE-2023-1264 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1254 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Health Center Patient Record Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26955 MEDIUM POC This Month

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onekeyadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26954 MEDIUM POC This Month

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onekeyadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1245 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1244 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1242 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1241 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1240 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1238 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1237 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25230 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Loonflow
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2021-4331 HIGH This Week

The Plus Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation WordPress The Plus Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2020-36669 HIGH This Week

The JetBackup - WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Jetbackup
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-1227 HIGH This Week

Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-1222 HIGH This Week

Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-1220 HIGH This Week

Heap buffer overflow in UMA in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-1219 HIGH This Week

Heap buffer overflow in Metrics in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-1218 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-1216 HIGH This Week

Use after free in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had convienced the user to engage in direct UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-1215 HIGH This Week

Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-1214 HIGH This Week

Type confusion in V8 in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1213 HIGH This Week

Use after free in Swiftshader in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-27475 HIGH PATCH This Week

Goutil is a collection of miscellaneous functionality for the go language. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Goutil
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-26953 MEDIUM POC This Month

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onekeyadmin
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1243 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1239 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-23554 HIGH This Week

Uncontrolled search path element vulnerability exists in pg_ivm versions prior to 1.5.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pg Ivm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1212 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-27522 HIGH PATCH This Week

HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi.4.30 through 2.4.55. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling Http Server Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
2.1%
CVE-2023-25611 HIGH This Week

A improper neutralization of formula elements in a CSV file vulnerability in Fortinet FortiAnalyzer 6.4.0 - 6.4.9, 7.0.0 - 7.0.5, and 7.2.0 - 7.2.1 allows local attacker to execute unauthorized code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortianalyzer
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-25605 HIGH This Week

A improper access control vulnerability in Fortinet FortiSOAR 7.3.0 - 7.3.1 allows an attacker authenticated on the administrative interface to perform unauthorized actions via crafted HTTP requests. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortisoar
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-1257 MEDIUM This Month

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uc 2101 Lx Firmware Uc 2102 Lx Firmware Uc 2102 T Lx Firmware Uc 2104 Lx Firmware +50
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-20650 MEDIUM This Month

In apu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20643 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20642 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy