Skip to main content
CVE-2023-37630 MEDIUM POC This Month

Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Online Piggery Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-36266 MEDIUM POC This Month

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keeper Keeperfill
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-4417 MEDIUM POC PATCH This Month

The Forminator - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Forminator
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2021-4426 MEDIUM POC PATCH This Month

The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Absolute Reviews
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4427 MEDIUM POC PATCH This Month

The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP WordPress CSRF Vuukle Comments Reactions Share Bar Revenue
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4425 MEDIUM POC PATCH This Month

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Defender Security
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2020-36761 MEDIUM POC PATCH This Month

The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Top 10
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2020-36760 MEDIUM POC PATCH This Month

The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Ocean Extra
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36752 MEDIUM POC PATCH This Month

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Coming Soon Maintenance Mode Page
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3011 MEDIUM PATCH This Month

The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Armember
NVD VulDB
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-37960 MEDIUM This Month

Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Path Traversal Mathworks Polyspace
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-37959 MEDIUM This Month

A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Sumologic Publisher
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-37956 MEDIUM This Month

A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Test Results Aggregator
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37955 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Test Results Aggregator
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-37953 MEDIUM PATCH This Month

A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Mabl
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-37952 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Mabl
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-37951 MEDIUM PATCH This Month

Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Mabl
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-37944 MEDIUM PATCH This Month

A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Datadog
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-37942 MEDIUM PATCH This Month

Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE External Monitor Job Type
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-3618 MEDIUM This Month

A flaw was found in libtiff. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Libtiff Debian Linux Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-37456 MEDIUM This Month

The session restore helper crashed whenever there was no parameter sent to the message handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Null Pointer Dereference Apple Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-20207 MEDIUM This Month

A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Authentication Proxy
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38067 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent log. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38064 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent log. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38062 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-37579 MEDIUM PATCH This Month

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker.10.4, and 2.11.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Pulsar
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-36543 MEDIUM PATCH This Month

Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Denial Of Service Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-35908 MEDIUM PATCH This Month

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Apache Authentication Bypass Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-31007 MEDIUM PATCH This Month

Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Pulsar
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-22888 MEDIUM PATCH This Month

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-22887 MEDIUM PATCH This Month

Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Apache Path Traversal Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-3642 MEDIUM This Month

A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vacation Rental Website
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3641 MEDIUM This Month

A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nodcms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37947 MEDIUM PATCH This Month

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Open Redirect Openshift Login
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38066 MEDIUM This Month

In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloads. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-20210 MEDIUM This Month

A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Broadworks Application Delivery Platform Firmware Broadworks Application Server Firmware Broadworks Database Server Firmware +13
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-37943 MEDIUM PATCH This Month

Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Jenkins Information Disclosure Active Directory
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-29319 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29318 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29317 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29316 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29315 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29314 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29313 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29312 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29311 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29310 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-29309 MEDIUM This Month

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Indesign
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-33902 MEDIUM This Month

In bluetooth service, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33901 MEDIUM This Month

In bluetooth service, there is a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy