Skip to main content
CVE-2023-4318 MEDIUM POC This Month

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Herd Effects
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-4307 MEDIUM POC This Month

The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Lock User Account
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-35687 HIGH PATCH This Week

In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Denial Of Service Use After Free Privilege Escalation Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35682 HIGH This Week

In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35676 HIGH This Week

In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35674 HIGH KEV PATCH THREAT This Week

In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
2.2%
CVE-2023-35670 HIGH PATCH This Week

In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Path Traversal Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35669 HIGH PATCH This Week

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35667 HIGH PATCH This Week

In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35666 HIGH PATCH This Week

In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35665 HIGH PATCH This Week

In multiple files, there is a possible way to import a contact from another user due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39227 HIGH This Week

​Softneta MedDream PACS stores usernames and passwords in plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meddream Pacs
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-38256 HIGH This Week

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 vulnerable to a path traversal attack, which could allow an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Maglink Lx Web Console Configuration
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39068 HIGH This Week

Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Nb080S09S Klc Firmware Nbd80N32Ra Kl V3 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36161 HIGH This Week

An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Smart Plug 10A Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4583 HIGH This Week

When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38743 HIGH This Week

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Admanager Plus
NVD
CVSS 3.1
7.2
EPSS
11.6%
CVE-2023-41336 MEDIUM PATCH This Month

ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ux Autocomplete
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4580 MEDIUM This Month

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4578 MEDIUM This Month

When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4577 MEDIUM This Month

When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4575 MEDIUM This Month

When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4574 MEDIUM This Month

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4573 MEDIUM This Month

When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +2
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-39067 MEDIUM This Month

Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Zlmediakit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35683 MEDIUM PATCH This Month

In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure SQLi Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35680 MEDIUM This Month

In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-35679 MEDIUM This Month

In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-35677 MEDIUM This Month

In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-35675 MEDIUM This Month

In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-35671 MEDIUM PATCH This Month

In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35664 MEDIUM PATCH This Month

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40032 MEDIUM PATCH This Month

libvips is a demand-driven, horizontally threaded image processing library. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Fedora Libvips
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41103 MEDIUM This Month

Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Interact
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41593 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Dairy Farm Shop Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-36980 MEDIUM This Month

An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Blockchain
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-40040 MEDIUM This Month

An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Higrade
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-4630 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-4581 MEDIUM This Month

Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-4579 LOW Monitor

Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
3.1
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy