Skip to main content
CVE-2023-4502 MEDIUM POC This Month

The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Translate Wordpress With Gtranslate
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-43382 HIGH This Week

Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-3226 MEDIUM POC This Month

The Popup Builder WordPress plugin before 4.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Builder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5154 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload D-Link PHP Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
15.1%
CVE-2023-5145 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
34.3%
CVE-2023-4892 MEDIUM POC This Month

Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Teedy
NVD
CVSS 3.1
4.6
EPSS
0.4%
CVE-2023-0633 HIGH This Week

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).12.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Docker Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0627 HIGH This Week

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).11.X. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Docker Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38907 HIGH This Week

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tapo L530E Firmware Tapo
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5156 HIGH PATCH This Week

A flaw was found in the GNU C Library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Glibc Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-41303 HIGH This Week

Command injection vulnerability in the distributed file system module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41302 HIGH This Week

Redirection permission verification vulnerability in the home screen module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41301 HIGH This Week

Vulnerability of unauthorized API access in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41300 HIGH This Week

Vulnerability of parameters not being strictly verified in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41293 HIGH This Week

Data security classification vulnerability in the DDMP module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-41299 HIGH This Week

DoS vulnerability in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41298 HIGH This Week

Vulnerability of permission control in the window module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-39409 HIGH This Week

DoS vulnerability in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-39408 HIGH This Week

DoS vulnerability in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3664 HIGH This Week

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Fileorganizer
NVD WPScan
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-4258 MEDIUM PATCH This Month

In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-43132 MEDIUM This Month

szvone vmqphp <=1.13 is vulnerable to SQL Injection. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Vmqphp
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5166 MEDIUM This Month

Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL.23.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Docker Desktop
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43256 MEDIUM PATCH This Month

A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Path Traversal Gladys Assistant
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43319 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webclient
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41871 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Poll Maker
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41868 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Stagtools
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41867 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Acymailing
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41863 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Peprodev Cf7 Database
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41872 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Woodmart
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41874 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Order Delivery Date For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5158 MEDIUM PATCH This Month

A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42817 MEDIUM PATCH This Month

Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Admin Classic Bundle
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-41295 MEDIUM This Month

Vulnerability of improper permission management in the displayengine module. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-41949 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ifolders
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-41948 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cookie Notice Consent
NVD
CVSS 3.1
4.8
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy