Skip to main content
CVE-2023-1596 MEDIUM POC This Month

The tagDiv Composer WordPress plugin before 4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Composer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0644 MEDIUM POC This Month

The Push Notifications for WordPress by PushAssist WordPress plugin through 3.0.8 does not sanitise and escape various parameters before outputting them back in pages, leading to Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Push Notifications
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-32308 CRITICAL PATCH Act Now

anuko timetracker is an open source time tracking system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Time Tracker
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1019 MEDIUM POC This Month

The Help Desk WP WordPress plugin through 1.2.0 does not sanitise and escape some parameters, which could allow users with a role as low as Editor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Help Desk Wp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0520 MEDIUM POC This Month

The RapidExpCart WordPress plugin through 1.0 does not sanitize and escape the url parameter in the rapidexpcart endpoint before storing it and outputting it back in the page, leading to a Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Rapidexpcart
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0490 MEDIUM POC This Month

The f(x) TOC WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS F X Toc
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0233 MEDIUM POC This Month

The ActiveCampaign WordPress plugin before 8.1.12 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Activecampaign
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-32313 MEDIUM POC PATCH This Month

vm2 is a sandbox that can run untrusted code with Node's built-in modules. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vm2
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-31131 CRITICAL PATCH Act Now

Greenplum Database (GPDB) is an open source data warehouse based on PostgreSQL. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PostgreSQL Greenplum Database
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-2009 MEDIUM POC This Month

Plugin does not sanitize and escape the URL field in the Pretty Url WordPress plugin through 1.5.4 settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pretty Url
NVD WPScan
CVSS 3.1
4.8
EPSS
0.8%
CVE-2023-23682 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ezp Maintenance Mode
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1839 MEDIUM POC This Month

The Product Addons & Fields for WooCommerce WordPress plugin before 32.0.6 does not sanitize and escape some of its setting fields, which could allow high-privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Addons Fields For Woocommerce
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0892 MEDIUM POC This Month

The BizLibrary WordPress plugin through 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bizlibrary
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0763 MEDIUM POC This Month

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Clock In Portal Staff Attendance Management
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0762 MEDIUM POC This Month

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting designations, which could allow attackers to make logged in admins delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Clock In Portal Staff Attendance Management
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0761 MEDIUM POC This Month

The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Staff members, which could allow attackers to make logged in admins delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Clock In Portal Staff Attendance Management
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-21117 HIGH PATCH This Week

In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21110 HIGH PATCH This Week

In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Privilege Escalation Denial Of Service Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21109 HIGH PATCH This Week

In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21107 HIGH PATCH This Week

In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21106 HIGH PATCH This Week

In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Buffer Overflow Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-23447 HIGH This Week

Uncontrolled Resource Consumption in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to influence the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ftmg Esd20Axx Firmware Ftmg Esd25Axx Firmware Ftmg Esn40Sxx Firmware Ftmg Esn50Sxx Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23446 HIGH This Week

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ftmg Esd20Axx Firmware Ftmg Esd25Axx Firmware Ftmg Esn40Sxx Firmware Ftmg Esn50Sxx Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-23445 HIGH This Week

Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ftmg Esd20Axx Firmware Ftmg Esd25Axx Firmware Ftmg Esn40Sxx Firmware Ftmg Esn50Sxx Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-32787 HIGH PATCH This Week

The OPC UA Legacy Java Stack before 6f176f2 enables an attacker to block OPC UA server applications via uncontrolled resource consumption so that they can no longer serve client applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Denial Of Service Ua Java Legacy Ua Historian Ua Modbus Server +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-22318 HIGH This Week

Denial of service in Webconf in Tribe29 Checkmk Appliance before 1.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Checkmk Appliance Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32758 HIGH PATCH This Week

giturlparse (aka git-url-parse) through 1.2.2, as used in Semgrep 1.5.2 through 1.24.1, is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing untrusted URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Git Url Parse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-21116 MEDIUM PATCH This Month

In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20722 MEDIUM This Month

In m4u, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20721 MEDIUM This Month

In isp, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20720 MEDIUM This Month

In pqframework, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20718 MEDIUM This Month

In vcu, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android Yocto
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20708 MEDIUM This Month

In keyinstall, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20707 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20701 MEDIUM This Month

In widevine, there is a possible out of bounds write due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20700 MEDIUM This Month

In widevine, there is a possible out of bounds write due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20699 MEDIUM This Month

In adsp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20696 MEDIUM This Month

In preloader, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20695 MEDIUM This Month

In preloader, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20694 MEDIUM This Month

In preloader, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20673 MEDIUM This Month

In vcu, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Iot Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-23450 MEDIUM This Month

Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ftmg Esd20Axx Firmware Ftmg Esd25Axx Firmware Ftmg Esn40Sxx Firmware Ftmg Esn50Sxx Firmware +3
NVD
CVSS 3.1
6.2
EPSS
0.5%
CVE-2023-31145 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Nextcloud Information Disclosure XSS +1
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22706 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Propertyhive
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22703 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wcp Contact Form
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2700 MEDIUM PATCH This Month

A vulnerability was found in libvirt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Information Disclosure Libvirt Fedora Enterprise Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-21118 MEDIUM PATCH This Month

In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21112 MEDIUM PATCH This Month

In AnalyzeMfcResp of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21111 MEDIUM PATCH This Month

In several functions of PhoneAccountRegistrar.java, there is a possible way to prevent an access to emergency services due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-21104 MEDIUM PATCH This Month

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Google Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy