Skip to main content
CVE-2023-2545 HIGH PATCH This Week

The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation WordPress Authentication Bypass Feather Login Page
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28345 MEDIUM POC This Month

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Insight
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-2836 MEDIUM POC PATCH This Month

The CRM Perks Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in versions up to, and including, 1.1.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Crm Perks Forms
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-26278 HIGH This Week

IBM QRadar WinCollect Agent 10.0 through 10.1.3 could allow a local authenticated attacker to gain elevated privileges on the system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Wincollect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26277 HIGH This Week

IBM QRadar WinCollect Agent 10.0 though 10.1.3 could allow a local user to execute commands on the system due to execution with unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Wincollect
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30285 HIGH This Week

An issue in Deviniti Issue Sync Synchronization v3.5.2 for Jira allows attackers to obtain the login credentials of a user via a crafted request sent to /rest/synchronizer/1.0/technicalUser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Issue Sync
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-33964 HIGH PATCH This Week

mx-chain-go is an implementation of the MultiversX blockchain protocol written in the Go language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mx Chain Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34227 HIGH This Week

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2749 HIGH This Week

Download Center fails to properly validate the file path submitted by a user, An attacker can exploit this vulnerability to gain unauthorized access to sensitive files or directories without. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Download Center
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-30197 HIGH This Week

Incorrect Access Control in the module "My inventory" (myinventory) <= 1.6.6 from Webbax for PrestaShop, allows a guest to download personal information without restriction by performing a path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Myinventory
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-28351 LOW POC Monitor

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Insight
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-2435 HIGH PATCH This Week

The Blog-in-Blog plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.0 via a shortcode attribute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Information Disclosure RCE WordPress +1
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2023-33643 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33642 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33641 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33640 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33639 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33638 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the Edit_BasicSSID_5G interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33637 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelDNSHnList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33636 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_editlist interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33635 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33634 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EdittriggerList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33633 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33632 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the ipqos_lanip_dellist interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33631 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelSTList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33630 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the EditvsList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33628 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-33627 HIGH This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-2304 MEDIUM PATCH This Month

The Favorites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'user_favorites' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Favorites
NVD
CVSS 3.1
6.4
EPSS
1.1%
CVE-2023-33979 MEDIUM PATCH This Month

gpt_academic provides a graphical interface for ChatGPT/GLM. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Docker Gpt Academic
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34228 MEDIUM This Month

In JetBrains TeamCity before 2023.05 authentication checks were missing - 2FA was not checked for some sensitive account actions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1661 MEDIUM This Month

The Display post meta, term meta, comment meta, and user meta plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post metadata in versions up to, and including, 1.0.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Display Post Meta Term Meta Comment Meta And User Meta
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-33732 MEDIUM This Month

Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-3016 MEDIUM This Month

A vulnerability was found in yiwent Vip Video Analysis 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Vip Video Analysis
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3014 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in BeipyVideoResolution up to 2.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Beipyvideoresolution
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34226 MEDIUM This Month

In JetBrains TeamCity before 2023.05 reflected XSS in the Subscriptions page was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-34222 MEDIUM This Month

In JetBrains TeamCity before 2023.05 possible XSS in the Plugin Vendor URL was possible. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-2999 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2998 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3006 MEDIUM PATCH This Month

A known cache speculation vulnerability, known as Branch History Injection (BHI) or Spectre-BHB, becomes actual again for the new hw AmpereOne. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Code Injection Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-34256 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 6.3.3. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Linux Enterprise +1
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33287 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the Inline Table Editing application before 3.8.0 for Confluence allows attackers to store and execute arbitrary JavaScript via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Atlassian Inline Table Editing
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34088 MEDIUM This Month

Collabora Online is a collaborative online office suite. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Collabora Online
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34229 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in GitLab Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34225 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the NuGet feed page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
60.7%
CVE-2023-34221 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the Show Connection page was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34220 MEDIUM This Month

In JetBrains TeamCity before 2023.05 stored XSS in the Commit Status Publisher window was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
61.2%
CVE-2023-2547 MEDIUM PATCH This Month

The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Feather Login Page
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34223 MEDIUM This Month

In JetBrains TeamCity before 2023.05 parameters of the "password" type from build dependencies could be logged in some cases. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2023-34224 MEDIUM This Month

In JetBrains TeamCity before 2023.05 open redirect during oAuth configuration was possible. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Teamcity
NVD
CVSS 3.1
4.8
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy