Skip to main content
CVE-2023-29004 MEDIUM POC This Month

hap-wi/roxy-wi is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Path Traversal Nginx Roxy Wi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1371 MEDIUM POC This Month

The W4 Post List WordPress plugin before 2.4.6 does not ensure that password protected posts can be accessed before displaying their content, which could allow any authenticated users to access them. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass W4 Post List
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1331 MEDIUM POC This Month

The Redirection WordPress plugin before 1.1.5 does not have CSRF checks in the uninstall action, which could allow attackers to make logged in admins delete all the redirections through a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Redirection
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1274 MEDIUM POC This Month

The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate some shortcode attributes before using them to generate paths passed to include. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Pricing Tables For Wpbakery Page Builder
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0889 MEDIUM POC This Month

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Themeflection Numbers
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1473 MEDIUM POC This Month

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Slider Gallery And Carousel
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1413 MEDIUM POC This Month

The WP VR WordPress plugin before 8.2.9 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Vr
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1373 MEDIUM POC This Month

The W4 Post List WordPress plugin before 2.4.6 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W4 Post List
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1282 MEDIUM POC This Month

The Drag and Drop Multiple File Upload PRO - Contact Form 7 Standard WordPress plugin before 2.11.1 and Drag and Drop Multiple File Upload PRO - Contact Form 7 with Remote Storage Integrations. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Drag And Drop Multiple File Upload Contact Form 7
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1325 MEDIUM POC This Month

The Easy Forms for Mailchimp WordPress plugin before 6.8.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Forms For Mailchimp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0764 MEDIUM POC This Month

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not perform proper sanitization of gallery information, leading to a Stored Cross-Site Scription vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Gallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0374 MEDIUM POC This Month

The W4 Post List WordPress plugin before 2.4.6 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W4 Post List
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0367 MEDIUM POC This Month

The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pricing Tables For Wpbakery Page Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1427 MEDIUM POC This Month

- The Photo Gallery by 10Web WordPress plugin before 1.8.15 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images anywhere in the. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Photo Gallery
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-30548 MEDIUM POC PATCH This Month

gatsby-plugin-sharp is a plugin for the gatsby framework which exposes functions built on the Sharp image processing library. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Gatsby
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-28972 MEDIUM This Month

An Improper Link Resolution Before File Access vulnerability in console port access of Juniper Networks Junos OS on NFX Series allows an attacker to bypass console access controls. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-30536 MEDIUM PATCH This Month

slim/psr7 is a PSR-7 implementation for use with Slim 4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Slim Psr 7
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28981 MEDIUM This Month

An Improper Input Validation vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28974 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the bbe-smgd of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28970 MEDIUM This Month

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing on the network interfaces of Juniper Networks Junos OS on JRR200 route reflector appliances allows an. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-28959 MEDIUM This Month

An Improper Check or Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on QFX10002 allows an unauthenticated, adjacent attacker on the local broadcast. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-24504 MEDIUM This Month

Electra Central AC unit - Adjacent attacker may cause the unit to connect to unauthorized update server. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Central Ac Unit Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-24503 MEDIUM This Month

Electra Central AC unit - Adjacent attacker may cause the unit to load unauthorized FW. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Kit For Split Ac
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-24502 MEDIUM This Month

Electra Central AC unit - The unit opens an AP with an easily calculated password. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Central Ac Unit Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-24500 MEDIUM This Month

Electra Central AC unit - Adjacent attacker may cause the unit to load unauthorized FW. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Central Ac Unit Firmware
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-1697 MEDIUM This Month

An Improper Handling of Missing Values vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a dcpfe process core and. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-25504 MEDIUM PATCH This Month

A malicious actor who has been authenticated and granted specific permissions in Apache Superset may use the import dataset feature in order to conduct Server-Side Request Forgery attacks and query. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Superset
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2109 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.14.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Chatwoot
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30543 MEDIUM PATCH This Month

@web3-react is a framework for building Ethereum Apps . Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Race Condition Node.js Information Disclosure Web3 React Coinbase Wallet Web3 React Eip1193 +2
NVD GitHub
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-28980 MEDIUM This Month

A Use After Free vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause Denial of Service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Juniper Denial Of Service Memory Corruption Junos +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30541 MEDIUM PATCH This Month

OpenZeppelin Contracts is a library for secure smart contract development. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Contracts Contracts Upgradeable
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-28984 MEDIUM This Month

A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Race Condition Juniper Denial Of Service Junos
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-28978 MEDIUM This Month

An Insecure Default Initialization of Resource vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated, network based attacker to read certain confidential information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos Os Evolved
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-28968 MEDIUM This Month

An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Appid Service Sigpack Jdpi Decoder Engine Junos
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-28963 MEDIUM This Month

An Improper Authentication vulnerability in cert-mgmt.php, used by the J-Web component of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to read arbitrary files from. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper PHP Authentication Bypass Junos
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-28961 MEDIUM This Month

An Improper Handling of Unexpected Data Type vulnerability in IPv6 firewall filter processing of Juniper Networks Junos OS on the ACX Series devices will prevent a firewall filter with the term 'from. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-28979 MEDIUM This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to bypass an integrity check. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Authentication Bypass Junos
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-28975 MEDIUM This Month

An Unexpected Status Code or Return Value vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated attacker with physical access to the device to cause a Denial of Service. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-30540 MEDIUM PATCH This Month

Nextcloud Talk is a chat, video & audio call extension for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Nextcloud Talk
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-27525 MEDIUM PATCH This Month

An authenticated user with Gamma role authorization could have access to metadata information using non trivial methods in Apache Superset up to and including 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy