Skip to main content
CVE-2023-4284 MEDIUM POC This Month

The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Post Timeline
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-4151 MEDIUM POC This Month

The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Store Locator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2813 MEDIUM POC This Month

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Connections Reloaded Atlast Business Fashionable Store +43
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-40208 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Stock Ticker
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-41057 MEDIUM POC PATCH This Month

hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Hyper Bump It
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4758 MEDIUM POC PATCH This Month

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4755 MEDIUM POC PATCH This Month

Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4756 MEDIUM POC PATCH This Month

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4754 MEDIUM POC PATCH This Month

Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41052 MEDIUM POC PATCH This Month

Vyper is a Pythonic Smart Contract Language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-40015 MEDIUM POC PATCH This Month

Vyper is a Pythonic Smart Contract Language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-4298 MEDIUM POC This Month

The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS 123 Chat
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4254 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4253 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3499 MEDIUM POC This Month

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Robo Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4269 MEDIUM POC This Month

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass User Activity Log
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-32812 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Yocto Android Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32811 MEDIUM This Month

In connectivity system driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32806 MEDIUM This Month

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20837 MEDIUM This Month

In seninf, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20832 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20831 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20830 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20829 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20828 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20822 MEDIUM This Month

In netdagent, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20821 MEDIUM This Month

In nvram, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-38553 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32805 MEDIUM This Month

In power, there is a possible out of bounds write due to an insecure default value. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20850 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20849 MEDIUM This Month

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Yocto +3
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20848 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20842 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20841 MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20840 MEDIUM This Month

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20835 MEDIUM This Month

In camsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Yocto Iot Yocto +1
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20834 MEDIUM This Month

In pda, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20827 MEDIUM This Month

In ims service, there is a possible memory corruption due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20851 MEDIUM This Month

In stc, there is a possible out of bounds read due to a race condition. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-40214 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Business Pro
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-40196 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-32296 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Kangu
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30485 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Avartan Slider Lite
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-39992 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Online Booking Scheduling Calendar
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-39991 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bigbluebutton
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-39918 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Booking Package
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-31220 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Categories Widget
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-30494 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Imagerecycle Pdf Image Compression
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-39164 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Molongui
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-39162 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Woo Confirmation Email
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy