Skip to main content
CVE-2022-45835 MEDIUM POC THREAT This Month

Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.0.15. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.1%.

SSRF Phonepe
NVD
CVSS 3.1
5.8
EPSS
71.1%
Threat
4.8
CVE-2023-4603 MEDIUM POC PATCH This Month

The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'printersettings' parameter in versions up to, and including, 2.0.3 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Star Cloudprnt For Woocommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-46020 MEDIUM POC This Month

Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Blood Bank
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46019 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Blood Bank
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46016 MEDIUM POC This Month

Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Blood Bank
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46015 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Blood Bank
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46021 MEDIUM POC This Month

SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46018 MEDIUM POC This Month

SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-46017 MEDIUM POC This Month

SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-46014 MEDIUM POC This Month

SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-48068 MEDIUM POC This Month

DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47625 MEDIUM POC PATCH This Month

PX4 autopilot is a flight control solution for drones. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-48063 MEDIUM POC This Month

An issue was discovered in dreamer_cms 4.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-41239 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.0.6. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Powerpress
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-4775 MEDIUM PATCH This Month

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Advanced Iframe
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5741 MEDIUM This Month

The POWR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'powr-powr-pack' shortcode in all versions up to, and including, 2.1.0 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Powr
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-32123 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Dream-Theme The7 allows Stored XSS.7.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF The7
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-47697 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wp Event Manager
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47696 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Product Enquiry For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47695 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Shortcodes Finder
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47690 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Additional Order Filters For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6098 MEDIUM This Month

An XSS vulnerability has been discovered in ICS Business Manager affecting version 7.06.0028.7066. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ics Business Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38364 MEDIUM PATCH This Month

IBM CICS TX Advanced 10.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Cics Tx
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38515 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.7.56. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Church Admin
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-46092 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com Webmaster Tools allows Stored XSS.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Webmaster Tools
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-6103 MEDIUM This Month

A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rx 1500 Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-42816 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-42815 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42814 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-42813 MEDIUM PATCH This Month

Kyverno is a policy engine designed for Kubernetes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Kubernetes Denial Of Service Kyverno
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-6100 MEDIUM This Month

A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Maiwei Safety Production Control Platform
NVD VulDB
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-47801 MEDIUM This Month

An issue was discovered in Click Studios Passwordstate before 9811. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Passwordstate
NVD
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-23684 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.14.5. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable.

SSRF Wpgraphql
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-34013 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker - Best WordPress Poll Plugin.6.2. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress Poll Maker
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-37978 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers.18.11. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Http Headers
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-46201 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration allows Stored XSS.9.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Auto Login New User After Registration
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-35877 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Vadym K. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS CSRF Extra User Details
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-38363 MEDIUM PATCH This Month

IBM CICS TX Advanced 10.1 does not set the secure attribute on authorization tokens or session cookies. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cics Tx
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-46207 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors - Car Dealer, Classifieds & Listing.4.6. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Motors Car Dealer Classifieds Listing
NVD
CVSS 3.1
4.1
EPSS
0.2%
CVE-2023-31219 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.8.1. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Download Monitor
NVD
CVSS 3.1
4.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy