Skip to main content
CVE-2023-35053 HIGH This Week

In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Youtrack
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34494 HIGH PATCH This Week

NanoMQ 0.16.5 is vulnerable to heap-use-after-free in the nano_ctx_send function of nmq_mqtt.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29385 HIGH This Week

The WP Abstracts plugin for WordPress (versions <= 2.6.2) contains an unauthenticated reflected Cross-Site Scripting (XSS) vulnerability that allows remote attackers to execute malicious JavaScript in users' browsers. With an EPSS score of 0.10% (28th percentile), this vulnerability has relatively low exploitation activity in the wild and is not currently listed in CISA's KEV catalog.

XSS WordPress PHP Wp Abstracts
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-3159 MEDIUM PATCH This Month

A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-34345 MEDIUM This Month

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Megarac Sp X
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-34212 MEDIUM PATCH This Month

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Deserialization Nifi
NVD
CVSS 3.1
6.5
EPSS
2.4%
CVE-2023-34026 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS This Day In History
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32961 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zotpress
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-32118 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Salert Fake Sales Notification Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30753 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ip Metaboxes
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3161 MEDIUM PATCH This Month

A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0431 MEDIUM This Month

The File Away WordPress plugin through 3.9.9.0.1 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS File Away
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35054 MEDIUM This Month

In JetBrains YouTrack before 2023.1.10518 stored XSS in a Markdown-rendering engine was possible. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34344 MEDIUM This Month

AMI BMC contains a vulnerability in the IPMI handler, where an unauthorized attacker can use certain oracles to guess a valid username, which may lead to information disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-1323 MEDIUM This Month

The Easy Forms for Mailchimp WordPress plugin before 6.8.9 does not sanitise and escape some of its from parameters, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Easy Forms For Mailchimp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28933 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Call Now Accessibility Button
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31236 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Scripts N Styles
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30745 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ip Metaboxes
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23822 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Utm Tracker
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23819 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Itemprop Wp For Serp Seo Rich Snippets
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-23818 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Register Profile With Shortcode
NVD
CVSS 3.1
4.8
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy