Skip to main content
CVE-2023-40598 HIGH This Week

In Splunk Enterprise versions below 8.2.12, 9.0.6, and 9.1.1, an attacker can create an external lookup that calls a legacy internal function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk RCE Command Injection Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-40597 HIGH This Week

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can exploit an absolute path traversal to execute arbitrary code that is located on a separate disk. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Splunk RCE Path Traversal Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40596 HIGH This Week

In Splunk Enterprise versions earlier than 8.2.12, 9.0.6, and 9.1.1, a dynamic link library (DLL) that ships with Splunk Enterprise references an insecure path for the OPENSSLDIR build definition. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Splunk Privilege Escalation Microsoft
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40595 HIGH This Week

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can execute a specially crafted query that they can then use to serialize untrusted data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Splunk RCE Deserialization Splunk Cloud Platform
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-35092 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Breadcrumb Simple
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34372 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Spamreferrerblock
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32294 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gdpr Cookie Consent Notice Box
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28692 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wp Abstracts
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-28415 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Side Cart Woocommerce
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27621 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Livestream Notice
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24401 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mobile Call Now Map Buttons
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-24397 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Reservation Studio
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4109 MEDIUM POC This Month

The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by a HTML Injection security vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Ninja Forms Contact Form
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3501 MEDIUM POC This Month

The FormCraft WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Formcraft
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34173 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yandex Metric Counter
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34172 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Social Login
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1982 MEDIUM POC This Month

The Front Editor WordPress plugin through 4.0.4 does not sanitize and escape some of its form settings, which could allow high-privilege users to perform Stored Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Front Editor
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4571 HIGH This Week

In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Splunk Code Injection It Service Intelligence
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-4209 MEDIUM POC This Month

The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Poeditor
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-4150 MEDIUM POC This Month

The User Activity Tracking and Log WordPress plugin before 4.0.9 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF User Activity Tracking And Log
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-4036 MEDIUM POC This Month

The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via a shortcode are public, allowing any authenticated users, such as subscriber, to retrieve arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Simple Blog Card
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-4023 MEDIUM POC This Month

The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users from deleting messages from the all-users messenger. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress All Users Messenger
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3356 MEDIUM POC This Month

The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Subscribers Text Counter
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-41039 HIGH PATCH This Week

RestrictedPython is a restricted execution environment for Python to run untrusted code. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity.

Python Information Disclosure Restrictedpython
NVD GitHub
CVSS 3.1
7.7
EPSS
0.6%
CVE-2023-4640 HIGH This Week

The controller responsible for setting the logging level does not include any authorization checks to ensure the user is authenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Yugabytedb
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-40594 HIGH This Week

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service Splunk Cloud Platform
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40593 HIGH This Week

In Splunk Enterprise versions lower than 9.0.6 and 8.2.12, a malicious actor can send a malformed security assertion markup language (SAML) request to the `/saml/acs` REST endpoint which can cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk Denial Of Service Splunk Cloud Platform
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3136 HIGH PATCH This Week

The MailArchiver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.10.1 due to insufficient input sanitization and output. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Mailarchiver
NVD VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-20266 HIGH This Week

A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Jwt Attack Information Disclosure Emergency Responder Unified Communications Manager +1
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-41041 LOW POC PATCH Monitor

Graylog is a free and open log management platform. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Graylog
NVD GitHub
CVSS 3.1
3.1
EPSS
0.4%
CVE-2023-23765 MEDIUM This Month

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-40184 MEDIUM PATCH This Month

xrdp is an open source remote desktop protocol (RDP) server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Xrdp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-4597 MEDIUM This Month

The Slimstat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slimstat' shortcode in versions up to, and including, 5.0.9 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Slimstat Analytics
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-4599 MEDIUM This Month

The Email Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in versions up to, and including, 2.1.8 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Email Encoder
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4624 LOW POC PATCH Monitor

Server-Side Request Forgery (SSRF) in GitHub repository bookstackapp/bookstack prior to v23.08. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Bookstack
NVD GitHub
CVSS 3.1
2.4
EPSS
0.5%
CVE-2023-41163 MEDIUM This Month

A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40592 MEDIUM This Month

In Splunk Enterprise versions below 9.1.1, 9.0.6, and 8.2.12, an attacker can craft a special web request that can result in reflected cross-site scripting (XSS) on the “/app/search/table” web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Splunk XSS Splunk Cloud Platform
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34184 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Order Address Print
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34180 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS WordPress Free Google Fonts
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34176 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chilexpress Oficial
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34175 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Login Configurator
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34174 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bbs E Popup
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33325 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Leyka
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33320 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Hijri
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33317 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Returns And Warranty Requests
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32802 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woocommerce Pre Orders
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32801 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Composite Products
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32742 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Sms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32597 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Video Gallery
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-25019 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chaty
NVD
CVSS 3.1
6.1
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy