Skip to main content
CVE-2023-5707 MEDIUM POC PATCH This Month

The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Seo Slider
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5948 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Amaze File Utilities
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-5945 MEDIUM POC PATCH This Month

The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Video Carousel Slider With Lightbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45360 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-34261 MEDIUM POC This Month

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D Copia253Mf Plus Firmware
NVD
CVSS 3.1
5.3
EPSS
8.1%
CVE-2023-34259 MEDIUM POC THREAT This Month

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D Copia253Mf Plus Firmware
NVD
CVSS 3.1
4.9
EPSS
60.7%
CVE-2023-36620 MEDIUM POC This Month

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Boomerang
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-45362 MEDIUM POC This Month

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-47588 MEDIUM This Month

A vulnerability in Tips and Tricks HQ, Peter Petreski Simple Photo Gallery simple-photo-gallery.8.1. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-36022 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.6
EPSS
1.2%
CVE-2023-45189 MEDIUM PATCH This Month

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Hashicorp IBM Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4091 MEDIUM This Month

A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samba Fedora Storage Enterprise Linux +1
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-42670 MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-41356 MEDIUM This Month

NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zoho Tronclass Ilearn
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5946 MEDIUM PATCH This Month

The Digirisk plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'current_group_id' parameter in version 6.0.0.0 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Digirisk
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4592 MEDIUM This Month

A Cross-Site Scripting vulnerability has been detected in WPN-XM Serverstack affecting version 0.8.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Wpn Xm
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4768 MEDIUM This Month

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zoho Manageengine Desktop Central
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2023-4767 MEDIUM This Month

A CRLF injection vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Zoho Manageengine Desktop Central
NVD
CVSS 3.1
6.1
EPSS
2.9%
CVE-2022-47426 MEDIUM This Month

A vulnerability in neshanmaps Neshan Maps neshan-maps.1.4. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
6.0
EPSS
0.2%
CVE-2023-41343 MEDIUM This Month

Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Enterprise Cloud Database
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-35896 MEDIUM PATCH This Month

IBM Content Navigator 3.0.13 is vulnerable to server-side request forgery (SSRF). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

SSRF IBM Content Navigator
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-42029 MEDIUM PATCH This Month

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Txseries For Multiplatforms Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46846 MEDIUM This Month

SQUID is vulnerable to HTTP request smuggling, caused by chunked decoder lenience, allows a remote attacker to perform Request/Response smuggling past firewall and frontend security systems. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Squid Enterprise Linux Enterprise Linux Eus +5
NVD GitHub
CVSS 3.1
5.3
EPSS
5.3%
CVE-2023-41354 MEDIUM This Month

Chunghwa Telecom NOKIA G-040W-Q Firewall function does not block ICMP TIMESTAMP requests by default, an unauthenticated remote attacker can exploit this vulnerability by sending a crafted package,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nokia G 040W Q Firmware
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-47233 MEDIUM PATCH This Month

The brcm80211 component in the Linux kernel through 6.5.10 has a brcmf_cfg80211_detach use-after-free in the device unplugging (disconnect the USB by hotplug) code. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Broadcom Linux Information Disclosure Use After Free Memory Corruption +1
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2023-39301 MEDIUM This Month

A server-side request forgery (SSRF) vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap SSRF Qts Quts Hero Qutscloud
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-36029 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy