Skip to main content
CVE-2023-24009 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Upfrontwp
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-4282 MEDIUM PATCH This Month

The EmbedPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'admin_post_remove' and 'remove_private_data' functions in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Embedpress
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-36312 MEDIUM This Month

There is a Cross Site Scripting (XSS) vulnerability in the value-enum-o_bf_include_timezone parameter of index.php in PHPJabbers Callback Widget v1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Callback Widget
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37983 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Art Direction
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-24393 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Animated Number Counters
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23828 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Category Post List
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23798 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Layer Slider
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23826 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Add Posts To Pages
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40014 MEDIUM PATCH This Month

OpenZeppelin Contracts is a library for secure smart contract development. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Openzeppelin Contracts Openzeppelin Contracts Upgradable
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-39959 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-39958 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-44629 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Catalyst Connect Zoho Crm Client Portal
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-39953 MEDIUM PATCH This Month

user_oidc provides the OIDC connect user backend for Nextcloud, an open-source cloud platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Nextcloud User Oidc
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-38397 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Gestion Pymes
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-37388 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mahato Simple Light Weight Social Share
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-24391 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Applyonline Application Form Builder And Manager
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-36530 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sp Project Document Manager
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34374 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Anspress
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-23871 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Button
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24389 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Social Proof Testimonial Slider
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29299 MEDIUM This Month

Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an Untrusted Search Path vulnerability that could lead to Application denial-of-service. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. No vendor patch available.

Adobe Information Disclosure Acrobat Dc Acrobat Reader Dc Acrobat +1
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-30704 MEDIUM This Month

Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-39961 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-30703 MEDIUM This Month

Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Members
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-30700 LOW Monitor

PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-30685 LOW Monitor

Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-30684 LOW Monitor

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-30683 LOW Monitor

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-30682 LOW Monitor

Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy