Skip to main content
CVE-2022-41328 MEDIUM KEV THREAT This Month

A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through 7.2.3, 7.0.0 through 7.0.9 and before 6.4.11 allows a privileged attacker to read and write files on...

NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-1263 MEDIUM POC PATCH THREAT This Month

The CMP - Coming Soon & Maintenance plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 4.1.6 via the cmp_get_post_detail function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 18.6%.

Information Disclosure WordPress Coming Soon Maintenance
NVD VulDB
CVSS 3.1
5.3
EPSS
18.6%
CVE-2023-27478 MEDIUM POC PATCH This Month

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Libmemcached
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1264 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1392. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1254 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Health Center Patient Record Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Health Center Patient Record Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26955 MEDIUM POC This Month

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Admin Group module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onekeyadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26954 MEDIUM POC This Month

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Group module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onekeyadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1245 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1244 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1242 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1241 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1240 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1238 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1237 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25230 MEDIUM POC This Month

A Server-Side Request Forgery (SSRF) in loonflow r2.0.14 allows attackers to force the application to make arbitrary requests via manipulation of the hook_url parameter. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Loonflow
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-26953 MEDIUM POC This Month

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Administrator module. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onekeyadmin
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1243 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1239 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Answer
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1212 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository phpipam/phpipam prior to v1.5.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpipam
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1257 MEDIUM This Month

An attacker with physical access to the affected Moxa UC Series devices can initiate a restart of the device and gain access to its BIOS. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Uc 2101 Lx Firmware Uc 2102 Lx Firmware Uc 2102 T Lx Firmware Uc 2104 Lx Firmware +50
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-20650 MEDIUM This Month

In apu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20643 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20642 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20641 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20640 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20639 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20638 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20637 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20636 MEDIUM This Month

In display drm, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20634 MEDIUM This Month

In widevine, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20633 MEDIUM This Month

In usb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20632 MEDIUM This Month

In usb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20630 MEDIUM This Month

In usb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20628 MEDIUM This Month

In thermal, there is a possible memory corruption due to an uncaught exception. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20627 MEDIUM This Month

In pqframework, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20626 MEDIUM This Month

In msdc, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20624 MEDIUM This Month

In vow, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20621 MEDIUM This Month

In tinysys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-4332 MEDIUM This Month

The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in versions up to, and including 4.1.9 (pro) and 2.0.6 (free). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress The Plus Addons For Elementor Elementor
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-4333 MEDIUM PATCH This Month

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Wp Statistics
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-1226 MEDIUM This Month

Insufficient policy enforcement in Web Payments API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass content security policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-1217 MEDIUM This Month

Stack buffer overflow in Crash reporting in Google Chrome on Windows prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Microsoft Chrome
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-20625 MEDIUM This Month

In adsp, there is a possible double free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20623 MEDIUM This Month

In ion, there is a possible escalation of privilege due to improper locking. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Android Yocto
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2020-36670 MEDIUM PATCH This Month

The NEX-Forms. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Nex Forms
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-1235 MEDIUM This Month

Type confusion in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted UI. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2021-44196 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Student Information Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-44197 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Student Information Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2020-36667 MEDIUM PATCH This Month

The JetBackup - WP Backup, Migrate & Restore plugin for WordPress is vulnerable to unauthorized back-up location changes in versions up to, and including 1.4.1 due to a lack of proper capability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Jetbackup
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-20651 MEDIUM This Month

In apu, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy