Skip to main content
CVE-2023-42363 MEDIUM POC This Month

A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Busybox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-5942 MEDIUM POC This Month

The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Medialist
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5738 MEDIUM POC This Month

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Backup And Migration
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5620 MEDIUM POC This Month

The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Web Push Notifications
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4514 MEDIUM POC This Month

The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Mmm Simple File List
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49028 MEDIUM POC This Month

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Absis
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-5845 MEDIUM POC This Month

The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Simple Social Buttons
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5611 MEDIUM POC This Month

The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Seraphinite Accelerator
NVD WPScan
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-4252 MEDIUM POC This Month

The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Eventprime
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5209 MEDIUM POC This Month

The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bookly
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-41257 HIGH This Week

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-6303 MEDIUM POC This Month

A vulnerability was found in CSZCMS 1.3.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cszcms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-5737 MEDIUM POC This Month

The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Backup And Migration
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-5525 MEDIUM POC This Month

The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Limit Login Attempts Reloaded
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-4297 MEDIUM POC This Month

The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Mmm Simple File List
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-31275 HIGH This Week

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2023-4931 HIGH This Week

Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Plesk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-6254 HIGH This Week

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-0.X through 8.0.37. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-49068 HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48268 HIGH PATCH This Week

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-40703 HIGH PATCH This Week

Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-49322 HIGH This Week

Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5607 HIGH This Week

An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Application And Change Control
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-5885 MEDIUM This Month

The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Colibri Firmware
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-48034 MEDIUM This Month

An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Sk 9662 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-47168 MEDIUM PATCH This Month

Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6287 MEDIUM This Month

Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Checkmk Appliance Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-25632 MEDIUM This Month

The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Google Authentication Bypass Whale Browser
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-49145 MEDIUM PATCH This Month

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Nifi
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-43701 MEDIUM PATCH This Month

Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache XSS Superset
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-35075 MEDIUM PATCH This Month

Mattermost fails to use innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost XSS
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46355 MEDIUM This Month

In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Csv Feeds Pro
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-5871 MEDIUM PATCH This Month

A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libnbd Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-48369 MEDIUM PATCH This Month

Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-49321 MEDIUM This Month

Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-2707 MEDIUM This Month

The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Gappointments
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32062 MEDIUM PATCH This Month

OroPlatform is a package that assists system and user calendar management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Oroplatform
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-42501 MEDIUM PATCH This Month

Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Superset
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-6202 MEDIUM PATCH This Month

Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-45223 MEDIUM PATCH This Month

Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-43754 MEDIUM PATCH This Month

Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-47865 MEDIUM PATCH This Month

Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy