Skip to main content
CVE-2023-28484 MEDIUM POC This Month

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libxml2 Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-1624 MEDIUM POC This Month

The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wpcode
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1623 MEDIUM POC This Month

The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Custom Post Type Ui
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1129 MEDIUM POC This Month

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wp Fevents Book
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1435 MEDIUM POC This Month

The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1420 MEDIUM POC This Month

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1324 MEDIUM POC This Month

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Forms For Mailchimp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-0899 MEDIUM POC This Month

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Live Chat Shoutbox
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26494 MEDIUM POC PATCH This Month

lorawan-stack is an open source LoRaWAN network server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Lorawan Stack
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-30414 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30410 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30408 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30406 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29570 MEDIUM POC This Month

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_ffi_cb_free at src/mjs_ffi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29583 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29582 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29579 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30627 MEDIUM POC PATCH This Month

jellyfin-web is the web client for Jellyfin, a free-software media system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Jellyfin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2023-1126 MEDIUM POC This Month

The WP FEvents Book WordPress plugin through 0.46 does not sanitise and escape some parameters, which could allow any authenticated users, such as subscriber to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Fevents Book
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0424 MEDIUM POC This Month

The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ms Reviews
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0418 MEDIUM POC This Month

The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Video Central
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0276 MEDIUM POC This Month

The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Weaver Xtreme Theme Support
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-30458 MEDIUM POC This Month

A username enumeration issue was discovered in Medicine Tracker System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Medicine Tracker System
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-31045 MEDIUM POC PATCH This Month

A stored Cross-site scripting (XSS) issue in Text Editors and Formats in Backdrop CMS before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via the name parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Backdrop Cms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-0420 MEDIUM POC This Month

The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Custom Post Type And Taxonomy Gui Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-29848 MEDIUM POC This Month

Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bang Resto
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.9%
CVE-2023-1414 MEDIUM POC This Month

The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Vr
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-2250 MEDIUM PATCH This Month

A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Privilege Escalation Kubernetes Open Cluster Management
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-29469 MEDIUM This Month

An issue was discovered in libxml2 before 2.10.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libxml2 Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-29530 MEDIUM PATCH This Month

Laminas Diactoros provides PSR HTTP Message implementations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Laminas Diactoros Psr 7 Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-22918 MEDIUM PATCH This Month

A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +48
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30776 MEDIUM PATCH This Month

An authenticated user with specific data permissions could access database connections stored passwords by requesting a specific REST API.3.0 up to 2.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
6.5
EPSS
2.1%
CVE-2023-31056 MEDIUM This Month

CloverDX before 5.17.3 writes passwords to the audit log in certain situations, if the audit log is enabled and single sign-on is not employed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cloverdx
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2022-45084 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Loginizer
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-26097 MEDIUM This Month

An issue was discovered in Telindus Apsal 3.14.2022.235 b. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Apsal
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31085 MEDIUM This Month

An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31084 MEDIUM This Month

An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel Fedora Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31082 MEDIUM This Month

An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31081 MEDIUM This Month

An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-26059 MEDIUM This Month

An issue was discovered in Nokia NetAct before 22 SP1037. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia XSS Netact
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26061 MEDIUM This Month

An issue was discovered in Nokia NetAct before 22 FP2211. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Nokia XSS CSRF Netact
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23892 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS M Chart
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29479 MEDIUM This Month

Ribose RNP before 0.16.3 may hang when the input is malformed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Rnp
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-27990 MEDIUM This Month

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +16
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-31083 MEDIUM This Month

An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-2019 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-30544 MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kiwi Tcms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy