Skip to main content
CVE-2023-42541 MEDIUM This Month

Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Push Service
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41798 MEDIUM This Month

A vulnerability in wpWax Directorist directorist.7.1. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.1
EPSS
0.7%
CVE-2023-46851 MEDIUM PATCH This Month

Allura Discussion and Allura Forum importing does not restrict URL values specified in attachments. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Apache RCE Allura
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2022-45810 MEDIUM This Month

A vulnerability in Icegram Email Subscribers & Newsletters email-subscribers.5.2. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2022-45360 MEDIUM This Month

A vulnerability in Scott Reilly Commenter Emails commenter-emails.6.1. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2023-36527 MEDIUM This Month

A vulnerability in bestweblayout Post to CSV by BestWebSoft post-to-csv.4.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2023-23796 MEDIUM This Month

A vulnerability in PluginOps Form Builder contact-form-add.9.9.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2023-22719 MEDIUM This Month

A vulnerability in StellarWP GiveWP give.25.1. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2023-5819 MEDIUM PATCH This Month

The Amazonify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.8.1 due to insufficient input sanitization and output. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress CSRF Amazonify
NVD VulDB
CVSS 3.1
4.4
EPSS
0.2%
CVE-2022-47181 MEDIUM This Month

A vulnerability in Saad Iqbal Email Templates email-templates.4.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-5975 MEDIUM PATCH This Month

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Imagemapper
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5818 MEDIUM PATCH This Month

The Amazonify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Amazonify
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-4956 MEDIUM This Month

A flaw was found in Quay. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Quay
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-41723 MEDIUM PATCH This Month

A vulnerability in Veeam ONE allows a user with the Veeam ONE Read-Only User role to view the Dashboard Schedule. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure One
NVD
CVSS 3.1
4.3
EPSS
12.3%
CVE-2023-38548 MEDIUM PATCH This Month

A vulnerability in Veeam ONE allows an unprivileged user who has access to the Veeam ONE Web Client the ability to acquire the NTLM hash of the account used by the Veeam ONE Reporting Service. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure One
NVD
CVSS 3.1
4.3
EPSS
11.8%
CVE-2023-23678 MEDIUM This Month

A vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent gdpr-cookie-consent.2.5. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
4.0
EPSS
0.5%
CVE-2023-42552 LOW Monitor

Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Firewall
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-42542 LOW Monitor

Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Push Service
NVD
CVSS 3.1
3.3
EPSS
0.2%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy