Skip to main content
CVE-2023-24366 MEDIUM POC This Month

An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rconfig
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-25661 MEDIUM POC PATCH This Month

TensorFlow is an Open Source Machine Learning Framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1093 MEDIUM POC This Month

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Oauth Single Sign On
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1092 MEDIUM POC This Month

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Oauth Single Sign On
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-0816 MEDIUM POC This Month

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Formidable Form Builder
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0502 MEDIUM POC This Month

The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp News
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0501 MEDIUM POC This Month

The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Insurance
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0500 MEDIUM POC This Month

The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Film Studio
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0336 MEDIUM POC This Month

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ooohboi Steroids For Elementor
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-0335 MEDIUM POC This Month

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Shamsi
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-27096 MEDIUM POC This Month

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hippo4J
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28628 MEDIUM POC PATCH This Month

lambdaisland/uri is a pure Clojure/ClojureScript URI library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Uri
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27245 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27241 MEDIUM POC This Month

SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Water Billing System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25263 MEDIUM POC This Month

In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Designer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26924 MEDIUM POC This Month

LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Llvm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1069 MEDIUM POC PATCH This Month

The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Complianz
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0823 MEDIUM POC This Month

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cookie Notice Compliance For Gdpr Ccpa
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0660 MEDIUM POC This Month

The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smart Slider 3
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0589 MEDIUM POC This Month

The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Image Carousel
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0491 MEDIUM POC This Month

The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Schedulicity
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0395 MEDIUM POC This Month

The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Menu Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0272 MEDIUM POC This Month

The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nex Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1400 MEDIUM POC This Month

The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Modern Events Calendar Lite
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1025 MEDIUM POC This Month

The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple File List
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0326 MEDIUM POC This Month

An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab Dynamic Application Security Testing Analyzer
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-1089 MEDIUM POC This Month

The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Coupon Zen
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-1088 MEDIUM POC This Month

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Plugin Manager
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-1087 MEDIUM POC This Month

The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wc Sales Notification
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-1086 MEDIUM POC This Month

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Preview Link Generator
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0505 MEDIUM POC This Month

The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ever Compare
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0504 MEDIUM POC This Month

The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ht Politic
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0503 MEDIUM POC This Month

The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Free Woocommerce Theme 99Fy Extension
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0499 MEDIUM POC This Month

The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Quickswish
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0498 MEDIUM POC This Month

The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Education
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0497 MEDIUM POC This Month

The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ht Portfolio
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0496 MEDIUM POC This Month

The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ht Event
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0495 MEDIUM POC This Month

The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ht Slider For Elementor
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0484 MEDIUM POC This Month

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Contact Form 7 Widget For Elementor Page Builder Gutenberg Blocks
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0467 MEDIUM POC This Month

The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Wp Dark Mode
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-1079 MEDIUM PATCH This Month

A flaw was found in the Linux kernel. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-0778 MEDIUM PATCH This Month

A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Podman Enterprise Linux
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-28885 MEDIUM This Month

The MyLink infotainment system (build 2021.3.26) in General Motors Chevrolet Equinox 2021 vehicles allows attackers to cause a denial of service (temporary failure of Media Player functionality) via. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Mylink Infotainment System
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-1073 MEDIUM PATCH This Month

A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Linux Linux Kernel Enterprise Linux Fedora
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2023-0241 MEDIUM PATCH This Month

pgAdmin 4 versions prior to v6.19 contains a directory traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Pgadmin 4
NVD GitHub
CVSS 3.1
6.5
EPSS
8.8%
CVE-2023-28652 MEDIUM This Month

An authenticated malicious user could successfully upload a malicious image could lead to a denial-of-service condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ey As525F001 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-27927 MEDIUM This Month

An authenticated malicious user could acquire the simple mail transfer protocol (SMTP) Password in cleartext format, despite it being protected and hidden behind asterisks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ey As525F001 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-24834 MEDIUM This Month

WisdomGarden Tronclass has improper access control when uploading file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Tronclass Ilearn
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28884 MEDIUM PATCH This Month

In MISP 2.4.169, app/Lib/Tools/CustomPaginationTool.php allows XSS in the community index. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Misp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28650 MEDIUM This Month

An unauthenticated remote attacker could provide a malicious link and trick an unsuspecting user into clicking on it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ey As525F001 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy