Skip to main content
CVE-2023-3492 MEDIUM POC This Month

The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Wp Shopping Pages
NVD WPScan
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-3671 MEDIUM POC This Month

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3524 MEDIUM POC This Month

The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpcode
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3575 MEDIUM POC This Month

The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz And Survey Master
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0604 MEDIUM POC This Month

The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Food Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3650 MEDIUM POC This Month

The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bubble Menu
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-20817 MEDIUM This Month

In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20816 MEDIUM This Month

In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20815 MEDIUM This Month

In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20814 MEDIUM This Month

In wlan service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20811 MEDIUM This Month

In IOMMU, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Linux Kernel
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20809 MEDIUM This Month

In vdec, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20808 MEDIUM This Month

In OPTEE, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20807 MEDIUM This Month

In dpe, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20806 MEDIUM This Month

In hcp, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20805 MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20804 MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20797 MEDIUM This Month

In camera middleware, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20795 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20786 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20784 MEDIUM This Month

In keyinstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20783 MEDIUM This Month

In keyinstall, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-38924 MEDIUM This Month

Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Dgn3500 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36054 MEDIUM PATCH This Month

lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Memory Corruption Denial Of Service Kerberos 5 Debian Linux Active Iq Unified Manager +4
NVD GitHub
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-38157 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
2.3%
CVE-2023-20803 MEDIUM This Month

In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20802 MEDIUM This Month

In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20800 MEDIUM This Month

In imgsys, there is a possible system crash due to a mssing ptr check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Yocto Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20801 MEDIUM This Month

In imgsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20788 MEDIUM This Month

In thermal, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20787 MEDIUM This Month

In thermal, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Denial Of Service Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20785 MEDIUM This Month

In audio, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-39527 MEDIUM PATCH This Month

PrestaShop is an open source e-commerce web application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Prestashop
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-38045 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Admiror Gallery
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-38392 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Custom Field Template
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4194 MEDIUM PATCH This Month

A flaw was found in the Linux kernel's TUN/TAP functionality. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Linux Authentication Bypass Memory Corruption Linux Kernel Enterprise Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-27373 MEDIUM This Month

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Insydeh2o
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33912 MEDIUM This Month

In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33911 MEDIUM This Month

In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33910 MEDIUM This Month

In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33909 MEDIUM This Month

In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33908 MEDIUM This Month

In ims service, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33907 MEDIUM This Month

In Contacts Service, there is a possible missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-33906 MEDIUM This Month

In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-39903 MEDIUM PATCH This Month

An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure Software Infrastructure Manager
NVD
CVSS 3.1
5.0
EPSS
0.1%
CVE-2023-20818 MEDIUM This Month

In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20813 MEDIUM This Month

In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20812 MEDIUM This Month

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Iot Yocto Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20810 MEDIUM This Month

In IOMMU, there is a possible information disclosure due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20798 MEDIUM This Month

In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy