Skip to main content
CVE-2023-45653 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Video Playlist For Youtube
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45651 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Attachments
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45650 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 Maps plugin <= 1.7.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Html5 Maps
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45638 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Eupago Gateway Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45629 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery - Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gallery Image And Video Gallery With Thumbnails
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45606 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Urls
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45605 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Feed Statistics
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45274 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Free Web Push
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45273 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Stout Google Calendar
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45150 MEDIUM POC PATCH This Month

Nextcloud calendar is a calendar app for the Nextcloud server platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Nextcloud Calendar
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-3707 MEDIUM POC This Month

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Activitypub
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-3706 MEDIUM POC This Month

The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed are public and belong to the plugin, allowing any authenticated user, such as subscriber to retrieve the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Activitypub
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-45688 MEDIUM POC This Month

Lack of sufficient path validation in South River Technologies' Titan MFT and Titan SFTP servers on Linux allows an authenticated attacker to get the size of an arbitrary file on the filesystem using. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Titan Mft Server Titan Sftp Server
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-21415 HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API overlay_del.cgi is vulnerable to path traversal attacks that allows for file deletion. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2016 Axis Os 2018 Axis Os 2020 +1
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-45898 HIGH PATCH This Week

The Linux kernel before 6.5.4 has an es1 use-after-free in fs/ext4/extents_status.c, related to ext4_es_insert_extent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-38280 HIGH PATCH This Week

IBM HMC (Hardware Management Console) 10.1.1010.0 and 10.2.1030.0 could allow a local user to escalate their privileges to root access on a restricted shell. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM Hardware Management Console
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-40377 HIGH PATCH This Week

Backup, Recovery, and Media Services (BRMS) for IBM i 7.2, 7.3, and 7.4 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation IBM
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-40374 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to denial of service with a specially crafted query statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-30991 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to denial of service with a specially crafted query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-45131 HIGH POC This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-44388 HIGH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nginx Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-38740 HIGH PATCH This Week

IBM Db2 for Linux, UNIX, and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted SQL statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38728 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted XML query statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38720 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 and 11.5 is vulnerable to denial of service with a specially crafted ALTER TABLE statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-30987 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain databases. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43121 HIGH This Week

A Directory Traversal vulnerability discovered in Chalet application in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, before 22.7, and before 31.7.2 allows attackers to read arbitrary files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Exos
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-40180 HIGH PATCH This Week

silverstripe-graphql is a package which serves Silverstripe data in GraphQL representations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Graphql
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-4457 HIGH PATCH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Grafana Information Disclosure Google Google Sheets
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-43667 HIGH PATCH This Week

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Apache InLong.4.0 through 1.8.0, the attacker can create misleading or false log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-4822 HIGH This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Grafana
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-21413 HIGH This Week

GoSecure on behalf of Genetec Inc. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Axis Os
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-35018 HIGH PATCH This Week

IBM Security Verify Governance 10.0 could allow a privileged use to upload arbitrary files due to improper file validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload IBM Security Verify Governance
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-21414 MEDIUM This Month

NCC Group has found a flaw during the annual internal penetration test ordered by Axis Communications. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Axis Os
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-4800 MEDIUM This Month

The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that shows the IPs of failed logins to low privileged users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Dologin Security
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-29484 MEDIUM PATCH This Month

In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Terminalfour
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5575 MEDIUM This Month

Improper access control in the permission inheritance in Devolutions Server 2022.3.13.0 and earlier allows an attacker that compromised a low privileged user to access entries via a specific. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-43666 MEDIUM PATCH This Month

Insufficient Verification of Data Authenticity vulnerability in Apache InLong.4.0 through 1.8.0, General user can view all user data like Admin account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-5591 MEDIUM PATCH This Month

SQL Injection in GitHub repository librenms/librenms prior to 23.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Librenms
NVD GitHub
CVSS 3.1
6.5
EPSS
22.2%
CVE-2023-43658 MEDIUM PATCH This Month

dicourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse Calendar
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-45683 MEDIUM PATCH This Month

github.com/crewjam/saml is a saml library for the go language. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Saml
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45757 MEDIUM This Month

Security vulnerability in Apache bRPC <=1.6.0 on all platforms allows attackers to inject XSS code to the builtin rpcz page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache XSS Brpc
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-5421 MEDIUM This Month

An attacker who is logged into OTRS as an user with privileges to create and change customer user data may manipulate the CustomerID field to execute JavaScript code that runs immediatly after the. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-45807 MEDIUM PATCH This Month

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana following the license change in early 2021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Opensearch
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43659 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46066 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Mediabay Wordpress Media Library Folders
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44985 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Buddymeet
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44984 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bbp Style Pack
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44391 MEDIUM This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-45669 MEDIUM PATCH This Month

WebAuthn4J Spring Security provides Web Authentication specification support for Spring applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Java Authentication Bypass Spring Security
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-38059 MEDIUM This Month

The loading of external images is not blocked, even if configured, if the attacker uses protocol-relative URL in the payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
5.3
EPSS
0.5%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy