Skip to main content
CVE-2023-40168 MEDIUM PATCH This Month

TurboWarp is a desktop application that compiles scratch projects to JavaScript. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Turbowarp Desktop
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-39971 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation vulnerability in AcyMailing Enterprise component for Joomla allows XSS.7.0-8.6.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Acymailing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-31072 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Advanced Category Template
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28693 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Advanced Youtube Channel Pagination
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31074 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Extensions For Leaflet Map
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26530 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Updraft
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31076 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Recipe Maker For Your Food Blog From Zip Recipes
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31071 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Modal Dialog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30877 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Xml For Google Merchant Center
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4394 MEDIUM PATCH This Month

A use-after-free flaw was found in btrfs_get_dev_args_from_path in fs/btrfs/volumes.c in btrfs file-system in the Linux Kernel. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-30874 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve Curtis GPS Plotter gps-plotter allows DOM-Based XSS.4.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-40251 MEDIUM This Month

Missing Encryption of Sensitive Data vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Man in the Middle Attack.0: from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Genian Nac Genian Ztna
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-31079 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Tippy
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28783 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Tip Donation
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28622 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Easy Slider Revolution
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39974 MEDIUM This Month

Exposure of Sensitive Information vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Acymailing
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-36847 MEDIUM KEV THREAT This Month

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper PHP Authentication Bypass Junos
NVD
CVSS 3.1
5.3
EPSS
84.7%
CVE-2023-36846 MEDIUM KEV THREAT This Month

A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper PHP Authentication Bypass Junos
NVD
CVSS 3.1
5.3
EPSS
94.2%
CVE-2023-3244 MEDIUM This Month

The Comments Like Dislike plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the restore_settings function called via an AJAX action in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Comments Like Dislike
NVD VulDB
CVSS 3.1
4.3
EPSS
3.4%
CVE-2023-28690 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Browserupdate
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34412 MEDIUM This Month

A vulnerability in Red Lion Europe mbNET/mbNET.rokey and Helmholz REX 200 and REX 250 devices with firmware lower 7.3.2 allows an authenticated remote attacker with high privileges to inject. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rex 250 Firmware Rex 200 Firmware Mbnet Rokey Rkh 210 Firmware Mbnet Rokey Rkh 216 Firmware +13
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-31091 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dynamically Register Sidebars
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-30876 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Dave S Wordpress Live Search
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28533 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cab Grid
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-40281 MEDIUM PATCH This Month

EC-CUBE 2.11.0 to 2.17.2-p1 contain a cross-site scripting vulnerability in "mail/template" and "products/product" of Management page. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ec Cube
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-39973 MEDIUM This Month

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Acymailing
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-39972 MEDIUM This Month

Improper Access Control vulnerability in AcyMailing Enterprise component for Joomla. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Acymailing
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-25647 LOW Monitor

There is a permission and access control vulnerability in some ZTE mobile phones. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Zte Axon 30 Firmware Axon 40 Pro Firmware Axon 40 Ultra Firmware +1
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy