Skip to main content
CVE-2023-5192 MEDIUM POC PATCH This Month

Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Core
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-5135 MEDIUM POC PATCH This Month

The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Simple Cloudfare Turnstile
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-41448 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-41453 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-41451 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-41445 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-44043 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blackcat Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-43263 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Froala Editor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-0833 MEDIUM POC This Month

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Red Hat Okhttp A Mq Streams
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-43191 MEDIUM POC This Month

SpringbootCMS 1.0 foreground message can be embedded malicious code saved in the database. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Springbootcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44048 MEDIUM POC This Month

Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Expense Tracker
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44042 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blackcat Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43857 MEDIUM POC This Month

Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dreamer Cms
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43830 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43828 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43331 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Small Crm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44216 MEDIUM POC This Month

PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Ubuntu Linux Ryzen 7 4800U Core I7 10510U Core I7 12700K +12
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2023-4423 MEDIUM POC PATCH This Month

The WP Event Manager - Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

XSS WordPress Wp Event Manager
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-4003 MEDIUM This Month

One Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Password Manager
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-34043 MEDIUM PATCH This Month

VMware Aria Operations contains a local privilege escalation vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation VMware Aria Operations Cloud Foundation
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-20109 MEDIUM KEV THREAT This Month

A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Apple RCE Cisco +3
NVD
CVSS 3.1
6.6
EPSS
2.3%
CVE-2023-5197 MEDIUM PATCH This Month

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Debian Linux +1
NVD
CVSS 3.1
6.6
EPSS
0.4%
CVE-2023-42822 MEDIUM PATCH This Month

xrdp is an open source remote desktop protocol server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Debian Xrdp Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20202 MEDIUM This Month

A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-5171 MEDIUM PATCH This Month

During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +4
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-5169 MEDIUM PATCH This Month

A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Mozilla Firefox Firefox Esr +3
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-44161 MEDIUM This Month

Sensitive information manipulation due to cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Cyber Protect
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-44160 MEDIUM This Month

Sensitive information manipulation due to cross-site request forgery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Cyber Protect
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-41321 MEDIUM This Month

GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Glpi
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-40441 MEDIUM This Month

A resource exhaustion issue was addressed with improved input validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-40420 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-40403 MEDIUM This Month

The issue was addressed with improved memory handling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-40048 MEDIUM This Month

In WS_FTP Server version prior to 8.8.2, the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ws Ftp Server
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39376 MEDIUM This Month

SiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Siberiancms
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39233 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-23958 MEDIUM This Month

Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Protection Engine
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5161 MEDIUM PATCH This Month

The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Modal Window
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5162 MEDIUM PATCH This Month

The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Options For Twenty Seventeen
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-44121 MEDIUM This Month

The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Android
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-43233 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Yzncms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-4523 MEDIUM This Month

Real Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 460 Series Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-43614 MEDIUM This Month

Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-43484 MEDIUM This Month

Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-41962 MEDIUM This Month

Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-41861 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Restrict
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41860 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Travelmap
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41653 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sermon E Sermons Online
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41238 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Social Media Share Buttons Social Sharing Icons
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41237 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Arya Multipurpose Theme
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41236 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Happy Addons For Elementor
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy