Skip to main content
CVE-2023-2950 HIGH POC PATCH This Week

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-31873 HIGH POC This Week

Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process'). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gin
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-2949 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-2948 MEDIUM POC PATCH THREAT This Month

Cross-site Scripting (XSS) - Generic in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
6.1
EPSS
96.7%
CVE-2023-2951 CRITICAL Act Now

A vulnerability classified as critical has been found in code-projects Bus Dispatch and Information System 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Bus Dispatch And Information System
NVD VulDB GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-33926 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Easy Google Maps
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-33316 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Automatewoo
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-33313 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wip Custom Login
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33931 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtube Playlist Player
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33315 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smart App Banner
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33212 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder - Dynamic Blocks Form Builder plugin <= 3.0.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jetformbuilder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32763 HIGH PATCH This Week

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qt
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-33291 HIGH This Week

In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Ebankit
NVD
CVSS 3.1
7.4
EPSS
0.9%
CVE-2023-33314 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bear Woocommerce Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-33332 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Product Vendors
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33319 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Automatewoo
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32800 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Seo Pro
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33326 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eventprime
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33309 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Duplicator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33216 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Woodiscuz Woocommerce Comments
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-33311 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Contact Form Entries Contact Form 7 Wpforms And More
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28785 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yoast Seo
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32762 MEDIUM PATCH This Month

An issue was discovered in Qt before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Debian Linux Qt
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-33211 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Matomo Integration
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-33328 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mailchimp Subscribe Form
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32958 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Novelist
NVD
CVSS 3.1
4.8
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy