Skip to main content
CVE-2023-42547 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42546 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-36409 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5743 MEDIUM PATCH This Month

The Telephone Number Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'telnumlink' shortcode in all versions up to, and including, 1.2 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Telephone Number Linker
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5076 MEDIUM PATCH This Month

The Ziteboard Online Whiteboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ziteboard' shortcode in versions up to, and including, 2.9.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Ziteboard
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-4888 MEDIUM PATCH This Month

The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sfp-page-plugin' shortcode in versions up to, and including, 1.5.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Simple Like Page
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4842 MEDIUM PATCH This Month

The Social Sharing Plugin - Social Warfare plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social_warfare' shortcode in versions up to, and including, 4.4.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Social Warfare
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5577 MEDIUM This Month

The Bitly's plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpbitly' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Bitly
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5567 MEDIUM This Month

The QR Code Tag plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'qrcodetag' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Qr Code Tag
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5507 MEDIUM PATCH This Month

The ImageMapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'imagemap' shortcode in versions up to, and including, 1.2.6 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Imagemapper
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5659 MEDIUM This Month

The Interact: Embed A Quiz On Your Site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'interact-quiz' shortcode in all versions up to, and including, 3.0.7 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Interact
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5658 MEDIUM PATCH This Month

The WP MapIt plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_mapit' shortcode in all versions up to, and including, 2.7.1 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Wp Mapit
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2022-46809 MEDIUM This Month

A vulnerability in ReviewX ReviewX reviewx.6.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-46803 MEDIUM This Month

A vulnerability in Noptin Newsletter Team Noptin newsletter-optin-box.9.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-46801 MEDIUM This Month

A vulnerability in Gemini Labs Site Reviews site-reviews.2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-45370 MEDIUM This Month

A vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce.3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-46802 MEDIUM This Month

A vulnerability in WebToffee Product Reviews Import Export for WooCommerce product-reviews-import-export-for-woocommerce.4.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure WordPress
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-45357 MEDIUM This Month

A vulnerability in 8blocks 1003 Mortgage Application 1003-mortgage-application.75. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-5532 MEDIUM PATCH This Month

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Imagemapper
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2022-45078 MEDIUM This Month

Improper Neutralization of Formula Elements in a CSV File vulnerability in Solwin Infotech User Blocker.5.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure User Blocker
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2022-44738 MEDIUM This Month

A vulnerability in Patrick Robrecht Posts and Users Stats posts-and-users-stats.1.3. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-42882 MEDIUM This Month

A vulnerability in Duke Simple CSV/XLS Exporter simple-csv-xls-exporter.5.8. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-46821 MEDIUM This Month

A vulnerability in Jackmail Emails & Newsletters with Jackmail jackmail-newsletters.2.22. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-46804 MEDIUM This Month

A vulnerability in narolainfotech Export Users Data Distinct export-users-data-distinct.3. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-45348 MEDIUM This Month

A vulnerability in anmari amr users amr-users.59.4. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-47442 MEDIUM This Month

A vulnerability in Stiofan UsersWP userswp.2.3.9. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-45350 MEDIUM This Month

A vulnerability in Pär Thernström Simple History simple-history.3.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.7%
CVE-2022-38702 MEDIUM This Month

A vulnerability in Masahiro NAKASHIMA WP CSV Exporter wp-csv-exporter.0. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.8
EPSS
0.2%
CVE-2023-4272 MEDIUM This Month

A local non-privileged user can make GPU processing operations that expose sensitive data from previously freed memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bifrost Gpu Kernel Driver Mali Gpu Kernel Driver Midgard Gpu Kernel Driver Valhall Gpu Kernel Driver
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42555 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easysetup
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42544 MEDIUM This Month

Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Quick Share
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42540 MEDIUM This Month

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Account
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42539 MEDIUM This Month

PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42534 MEDIUM This Month

Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42527 MEDIUM This Month

Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28569 MEDIUM This Month

Information disclosure in WLAN HAL while handling command through WMI interfaces. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware Ar9380 Firmware Csr8811 Firmware +204
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28568 MEDIUM This Month

Information disclosure in WLAN HAL when reception status handler is called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +84
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28566 MEDIUM This Month

Information disclosure in WLAN HAL while handling the WMI state info command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware Csrb31024 Firmware Fastconnect 6200 Firmware +121
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28563 MEDIUM This Month

Information disclosure in IOE Firmware while handling WMI command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Aqt1000 Firmware Ar8031 Firmware Ar8035 Firmware +226
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28554 MEDIUM PATCH This Month

Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Qualcomm Information Disclosure Aqt1000 Firmware Ar9380 Firmware +144
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-28553 MEDIUM PATCH This Month

Information Disclosure in WLAN Host when processing WMI event command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Information Disclosure Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +139
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-35140 MEDIUM This Month

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Zyxel Gs1900 48Hpv2 Firmware Gs1900 48 Firmware Gs1900 24Hpv2 Firmware +7
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5748 MEDIUM This Month

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology SSL VPN Client before 1.4.7-0687 allows local users to conduct denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Synology Ssl Vpn Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32966 MEDIUM This Month

A vulnerability in CRUDLab Jazz Popups jazz-popups.8.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-5982 MEDIUM PATCH This Month

The UpdraftPlus: WordPress Backup & Migration Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Google WordPress CSRF Updraftplus
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-5506 MEDIUM PATCH This Month

The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Imagemapper
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-28499 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Slide Anything Responsive Content Html Slider And Carousel
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-38549 MEDIUM PATCH This Month

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS One
NVD
CVSS 3.1
5.4
EPSS
19.1%
CVE-2023-46819 MEDIUM PATCH This Month

Missing Authentication in Apache Software Foundation Apache OFBiz when using the Solr plugin.12.09. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Apache Authentication Bypass Ofbiz
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2023-42553 MEDIUM This Month

Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Email
NVD
CVSS 3.1
5.3
EPSS
0.4%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy