Skip to main content
CVE-2023-3508 MEDIUM POC This Month

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Pre Orders
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3507 MEDIUM POC This Month

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Pre Orders
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3345 MEDIUM POC This Month

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Masteriyo
NVD WPScan
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-37580 MEDIUM POC KEV PATCH THREAT This Month

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
6.1
EPSS
59.0%
CVE-2023-34917 MEDIUM POC This Month

Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34916 MEDIUM POC This Month

Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-38309 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38308 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38306 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38305 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3292 MEDIUM POC This Month

The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Portfolio Gallery Product Catalog Grid Kit Portfolio
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3134 MEDIUM POC This Month

The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forminator
NVD WPScan
CVSS 3.1
6.1
EPSS
3.5%
CVE-2023-0602 MEDIUM POC This Month

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Twittee Text Tweet
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-34872 MEDIUM POC PATCH This Month

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Poppler
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2023-38311 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-38310 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-38307 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38304 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38303 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-3130 MEDIUM POC This Month

The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Short Url
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-4010 MEDIUM POC This Month

A flaw was found in the USB Host Controller Driver framework in the Linux kernel. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-38989 MEDIUM POC This Month

An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jeesite
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-24971 MEDIUM PATCH This Month

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Denial Of Service Deserialization IBM B2B Advanced Communications +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35016 MEDIUM This Month

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Security Verify Governance
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-35792 MEDIUM This Month

Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intella Connect
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-35791 MEDIUM This Month

Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Intella Connect
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-34360 MEDIUM This Month

A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rt Ax88U Firmware
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22595 MEDIUM PATCH This Month

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM B2B Advanced Communications Multi Enterprise Integration Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-4007 MEDIUM PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3462 MEDIUM PATCH This Month

HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-3817 MEDIUM PATCH This Month

Issue summary: Checking excessively long DH keys or parameters may be very slow. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
2.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy