Skip to main content
CVE-2023-23795 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Form Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-29707 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in GBCOM LAC WEB Control Center version lac-1.3.x, allows attackers to create an arbitrary device. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lac Web Control Center
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-47593 HIGH This Week

Auth. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-3256 HIGH This Week

Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure R Seenet
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-28006 HIGH This Week

The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bigfix Osd Bare Metal Server
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32449 HIGH PATCH This Week

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Jwt Attack Dell Powerstoret Os
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28956 HIGH PATCH This Week

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation IBM Spectrum Protect Backup Archive Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3114 HIGH This Week

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Terraform Enterprise
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2023-35133 HIGH PATCH This Week

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Moodle
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-32320 HIGH PATCH This Week

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-20896 HIGH PATCH This Week

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure VMware Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31867 HIGH This Week

Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection X3
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-27083 HIGH This Week

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP Pluck
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-28534 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpjobportal WP Job Portal wp-job-portal allows DOM-Based XSS.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-34553 MEDIUM This Month

An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via code replay attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wafu Keyless Smart Lock Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-25499 MEDIUM PATCH This Month

When adding non-visible components to the UI in server side, content is sent to the browser in Vaadin 10.0.0 through 10.0.22, 11.0.0 through 14.10.0, 15.0.0 through 22.0.28, 23.0.0 through 23.3.12,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Vaadin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35093 MEDIUM This Month

Broken Access Control vulnerability in StylemixThemes MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin <= 3.0.8 versions allows any logged-in users, such as subscribers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Masterstudy Lms
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-35132 MEDIUM PATCH This Month

A limited SQL injection risk was identified on the Mnet SSO access control page. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

SQLi Moodle
NVD
CVSS 3.1
6.3
EPSS
0.8%
CVE-2023-28016 MEDIUM This Month

Host Header Injection vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to supply invalid input to cause the OSD Bare Metal Server to perform a redirect to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Bigfix Osd Bare Metal Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-23343 MEDIUM This Month

A clickjacking vulnerability in the HCL BigFix OSD Bare Metal Server version 311.12 or lower allows attacker to use transparent or opaque layers to trick a user into clicking on a button or link on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bigfix Osd Bare Metal Server
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-35131 MEDIUM PATCH This Month

Content on the groups page required additional sanitizing to prevent an XSS risk. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28800 MEDIUM This Month

When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Client Connector
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28799 MEDIUM This Month

A URL parameter during login flow was vulnerable to injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Client Connector
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33997 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bbp Style Pack
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32960 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in UpdraftPlus.Com, DavidAnderson UpdraftPlus WordPress Backup Plugin <= 1.23.3 versions leads to sitewide Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS CSRF Updraftplus
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-35918 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Bulk Stock Management
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30500 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contact Form Wpforms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28784 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contest Gallery
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28776 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Continuous Image Carousel With Lightbox
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28750 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Albo Pretorio On Line
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33387 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in DATEV eG Personal-Management System Comfort/Comfort Plus v15.1.0 to v16.1.1 P4 allows attackers to steal targeted users' login data by sending. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eg Personal Management System Comfort Comfort Plus
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28166 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tags Cloud Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33842 MEDIUM PATCH This Month

IBM SPSS Modeler on Windows 17.0, 18.0, 18.2.2, 18.3, 18.4, and 18.5 requires the end user to have access to the server SSL key which could allow a local user to decrypt and obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft IBM Spss Modeler
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-31868 MEDIUM This Month

Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS X3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32239 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Woodmart Theme
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28418 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mediciti Lite
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35090 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Masterstudy Lms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31213 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28171 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Brilliance
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27631 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Daily Prayer Time
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27629 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Site Reviews
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27612 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Site Reviews
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27413 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS W4 Post List
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34170 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Download Quick Bulk Order Form For Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34368 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Kanban Boards
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34006 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Telegram Bot Channel
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-33323 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Armember
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28774 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Review Stream
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28778 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Pagination
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28174 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Erocket
NVD
CVSS 3.1
4.8
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy