Skip to main content
CVE-2023-44276 MEDIUM POC PATCH This Month

OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Opnsense
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44275 MEDIUM POC PATCH This Month

OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Opnsense
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-38871 MEDIUM POC This Month

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Economizzer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5187 HIGH This Week

Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5186 HIGH This Week

Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-43879 MEDIUM POC This Month

Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ritecms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-42756 MEDIUM POC PATCH This Month

A flaw was found in the Netfilter subsystem of the Linux kernel. Rated medium severity (CVSS 4.7). Public exploit code available.

Race Condition Denial Of Service Linux Linux Kernel Enterprise Linux +2
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-40375 HIGH PATCH This Week

Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40307 HIGH This Week

An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple Privileges
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38872 LOW POC Monitor

An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Economizzer
NVD GitHub
CVSS 3.1
3.7
EPSS
0.6%
CVE-2023-5256 HIGH PATCH This Week

In certain scenarios, Drupal's JSON:API module will output error backtraces. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Information Disclosure Drupal
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-43044 HIGH This Week

IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM License Metric Tool
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5233 MEDIUM This Month

The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Font Awesome Integration
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5232 MEDIUM This Month

The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Font Awesome More Icons
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5230 MEDIUM This Month

The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Tm Woocommerce Compare Wishlist
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-43657 MEDIUM PATCH This Month

discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse Encrypt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-41911 MEDIUM This Month

Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 2200 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-43664 MEDIUM PATCH This Month

PrestaShop is an Open Source e-commerce web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Prestashop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-43663 MEDIUM PATCH This Month

PrestaShop is an Open Source e-commerce web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Prestashop
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy