Skip to main content
CVE-2023-45378 CRITICAL PATCH Act Now

In the module "PrestaBlog" (prestablog) version 4.4.7 and before from HDclic for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Prestablog
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-27846 CRITICAL PATCH Act Now

SQL injection vulnerability found in PrestaShop themevolty v.4.0.8 and before allow a remote attacker to gain privileges via the tvcmsblog, tvcmsvideotab, tvcmswishlist, tvcmsbrandlist,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Theme Volty Cms Blog
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5866 MEDIUM POC PATCH This Month

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
5.7
EPSS
0.3%
CVE-2023-5114 MEDIUM POC This Month

The idbbee plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'idbbee' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Idbbee
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-46378 MEDIUM POC This Month

Stored Cross Site Scripting (XSS) vulnerability in MiniCMS 1.1.1 allows attackers to run arbitrary code via crafted string appended to /mc-admin/conf.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Minicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5458 MEDIUM POC This Month

The CITS Support svg, webp Media and TTF,OTF File Upload WordPress plugin before 3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress XSS Cits Support Svg Webp Media And Ttf Otf File Upload
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5237 MEDIUM POC This Month

The Memberlite Shortcodes WordPress plugin before 1.3.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Memberlite Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4823 MEDIUM POC This Month

The WP Meta and Date Remover WordPress plugin before 2.2.0 provides an AJAX endpoint for configuring the plugin settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Meta And Date Remover
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5873 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 11.1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46451 MEDIUM POC This Month

Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Best Courier Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46040 MEDIUM POC This Month

Cross Site Scripting vulnerability in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via the a crafted payload to the components.php function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Getsimplecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5867 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-39695 MEDIUM POC This Month

Insufficient session expiration in Elenos ETG150 FM Transmitter v3.12 allows attackers to arbitrarily change transmitter configuration and data after logging out. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37831 MEDIUM POC This Month

An issue discovered in Elenos ETG150 FM transmitter v3.12 allows attackers to enumerate user accounts based on server responses when credentials are submitted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5099 HIGH PATCH This Week

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE WordPress LFI +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40050 HIGH This Week

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Automate
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-5243 MEDIUM POC This Month

The Login Screen Manager WordPress plugin through 3.5.2 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Login Screen Manager
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5229 MEDIUM POC This Month

The E2Pdf WordPress plugin before 1.20.20 does not sanitize and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS E2pdf
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4390 MEDIUM POC This Month

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5864 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.2.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5861 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-31212 HIGH This Week

A vulnerability in CRM Perks Contact Form Entries contact-form-entries.3.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Elementor
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2023-28777 HIGH This Week

A vulnerability in LearnDash LearnDash LMS sfwd-lms.5.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2023-5519 MEDIUM POC This Month

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Eventprime
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-4836 MEDIUM POC This Month

The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization before displaying files and folders, allowing users to gain access to those filed by manipulating IDs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wordpress File Sharing Plugin
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-4251 MEDIUM POC This Month

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Eventprime
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5739 HIGH PATCH This Week

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation HP Microsoft Image Assistant Pc Hardware Diagnostics +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42658 HIGH This Week

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Inspec
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37243 HIGH This Week

The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Agent Package Availability
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37966 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.6.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-36508 HIGH This Week

A vulnerability in bestweblayout Contact Form to DB by BestWebSoft contact-form-to-db.7.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-35879 HIGH This Week

A vulnerability in Woo WooCommerce Product Vendors woocommerce-product-vendors.1.78. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-33927 HIGH This Week

A vulnerability in Themeisle MPG multiple-pages-generator-by-porthas.3.19. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-46129 HIGH PATCH This Week

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nats Server Nkeys
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-45955 HIGH This Week

An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lightstrip Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46723 HIGH This Week

lte-pic32-writer is a writer for PIC32 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lte Pic32 Writer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46240 HIGH PATCH This Week

CodeIgniter is a PHP full-stack web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46239 HIGH PATCH This Week

quic-go is an implementation of the QUIC protocol in Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Quic Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46236 HIGH PATCH This Week

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Fogproject
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5862 LOW POC PATCH Monitor

Missing Authorization in GitHub repository hamza417/inure prior to Build95. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Inure
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-25045 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rsvpmaker
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-37833 LOW POC Monitor

Improper access control in Elenos ETG150 FM transmitter v3.12 allows attackers to make arbitrary configuration edits that are only accessed by privileged users. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD GitHub
CVSS 3.1
2.7
EPSS
0.4%
CVE-2023-46255 MEDIUM PATCH This Month

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Spicedb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-5116 MEDIUM This Month

The Live updates from Excel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ipushpull_page' shortcode in versions up to, and including, 2.3.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Live Updates From Excel
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20886 MEDIUM This Month

VMware Workspace ONE UEM console contains an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware Open Redirect Workspace One Uem
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46722 MEDIUM PATCH This Month

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Authentication Bypass Admin Classic Bundle
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46235 MEDIUM PATCH This Month

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fogproject
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46622 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wppizza
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-46313 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zotpress
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46312 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Smart Online Order For Clover
NVD
CVSS 3.1
6.1
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy