Skip to main content
CVE-2023-30788 MEDIUM POC This Month

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30787 MEDIUM POC This Month

MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Monica
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-30860 MEDIUM POC PATCH This Month

WWBN AVideo is an open source video platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avideo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-1905 MEDIUM POC This Month

The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Popups
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1651 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Wpbot
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0542 MEDIUM POC This Month

The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Custom Post Type List Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0537 MEDIUM POC This Month

The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Slider For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0536 MEDIUM POC This Month

The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp D3
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0526 MEDIUM POC This Month

The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Post Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0280 MEDIUM POC This Month

The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Carousel For Elementor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0268 MEDIUM POC This Month

The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mega Addons For Wpbakery Page Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0267 MEDIUM POC This Month

The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Carousel For Wpbakery Page Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30019 MEDIUM POC PATCH This Month

imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Imgproxy
NVD GitHub
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-31178 CRITICAL Act Now

AgilePoint NX v8.0 SU2.2 & SU2.3 - Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Agilepoint Nx
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-31123 CRITICAL PATCH Act Now

`effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Tripreporter
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-27958 CRITICAL Act Now

The issue was addressed with improved memory handling. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple macOS
NVD
CVSS 3.1
9.1
EPSS
1.6%
CVE-2023-31127 HIGH PATCH This Week

libspdm is a sample implementation that follows the DMTF SPDM specifications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Libspdm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-27935 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-27934 HIGH This Week

A memory initialization issue was addressed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-23532 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-30844 HIGH PATCH This Week

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Mutagen Mutagen Compose
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22790 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22789 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22788 HIGH This Week

Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Command Injection Arubaos Instantos
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-1649 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0894 MEDIUM POC This Month

The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pickup Delivery Dine In Date Time
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0544 MEDIUM POC This Month

The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Login Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2566 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-27967 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Xcode
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-27944 HIGH This Week

This issue was addressed with a new entitlement. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-2534 HIGH This Week

Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Otrs
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-28181 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27970 HIGH This Week

An out-of-bounds write issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27969 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Apple RCE Memory Corruption +5
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27965 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27960 HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Mac Os X
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27959 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27957 HIGH This Week

A buffer overflow issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27949 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Apple Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27946 HIGH This Week

An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Apple Ipados +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27938 HIGH This Week

An out-of-bounds read issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27937 HIGH This Week

An integer overflow was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27936 HIGH This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple Ipados Iphone Os +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23540 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23536 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23525 HIGH This Week

This issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-30840 HIGH PATCH This Week

Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Fluid
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31181 HIGH This Week

WJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Innokb
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31179 HIGH This Week

AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Agilepoint Nx
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31133 HIGH PATCH This Week

Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Ghost
NVD GitHub
CVSS 3.1
7.5
EPSS
45.7%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy