Skip to main content
CVE-2023-24046 MEDIUM POC This Month

An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to run arbitrary commands via use of a crafted string in the ping utility. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ac21000 G6 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-49280 MEDIUM POC PATCH This Month

XWiki Change Request is an XWiki application allowing to request changes on a wiki without publishing directly the changes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Change Request
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5990 MEDIUM POC This Month

The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Funnelforms Free
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5884 MEDIUM POC This Month

The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Word Balloon
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-5105 MEDIUM POC This Month

The Frontend File Manager Plugin WordPress plugin before 22.6 has a vulnerability that allows an Editor+ user to bypass the file download logic and download files such as `wp-config.php`. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Frontend File Manager Plugin
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-47106 MEDIUM POC PATCH This Month

Traefik is an open source HTTP reverse proxy and load balancer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nginx Traefik
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49293 MEDIUM POC PATCH This Month

Vite is a website frontend framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vite
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-5951 MEDIUM POC This Month

The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Welcart E Commerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5141 MEDIUM POC This Month

The BSK Contact Form 7 Blacklist WordPress plugin through 1.0.1 does not sanitise and escape the inserted_count parameter before outputting it back in the page, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bsk Contact Form 7 Blacklist
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48815 MEDIUM POC This Month

kkFileView v4.3.0 is vulnerable to Incorrect Access Control. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Kkfileview
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4460 MEDIUM POC This Month

The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Uploading Svg Webp And Ico Files
NVD WPScan
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-5874 MEDIUM POC This Month

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5809 MEDIUM POC This Month

The Popup box WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5137 MEDIUM POC This Month

The Simply Excerpts WordPress plugin through 1.4 does not sanitize and escape some fields in the plugin settings, which could allow high-privilege users such as an administrator to inject arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simply Excerpts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-40464 MEDIUM This Month

Several versions of ALEOS, including ALEOS 4.16.0, use a hardcoded SSL certificate and private key. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Aleos
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-24047 MEDIUM This Month

An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ac21000 G6 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-32870 MEDIUM This Month

In display drm, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32869 MEDIUM This Month

In display drm, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32868 MEDIUM This Month

In display drm, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32867 MEDIUM This Month

In display drm, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32866 MEDIUM This Month

In mmp, there is a possible memory corruption due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32865 MEDIUM This Month

In display drm, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32864 MEDIUM This Month

In display drm, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32863 MEDIUM This Month

In display drm, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32862 MEDIUM This Month

In display, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32861 MEDIUM This Month

In display, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32860 MEDIUM This Month

In display, there is a possible classic buffer overflow due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32859 MEDIUM This Month

In meta, there is a possible classic buffer overflow due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32855 MEDIUM This Month

In aee, there is a possible escalation of privilege due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Yocto Rdk B Android +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32854 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32853 MEDIUM This Month

In rpmb, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32849 MEDIUM This Month

In cmdq, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32848 MEDIUM This Month

In vdec, there is a possible out of bounds write due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-42722 MEDIUM This Month

In camera service, there is a possible use after free due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-40090 MEDIUM PATCH This Month

In BTM_BleVerifySignature of btm_ble.cc, there is a possible way to bypass signature validation due to side channel information disclosure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5979 MEDIUM This Month

The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Ecommerce Product Catalog
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-44306 MEDIUM This Month

Dell DM5500 contains a path traversal vulnerability in the appliance. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Dm5500 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5210 MEDIUM This Month

The AMP+ Plus WordPress plugin through 3.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Amp Plus
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5768 MEDIUM This Month

A vulnerability exists in the HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rtu520 Firmware Rtu530 Firmware Rtu540 Firmware Rtu560 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5767 MEDIUM This Month

A vulnerability exists in the webserver that affects the RTU500 series product versions listed below. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rtu520 Firmware Rtu530 Firmware Rtu540 Firmware Rtu560 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47124 MEDIUM PATCH This Month

Traefik is an open source HTTP reverse proxy and load balancer. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Traefik
NVD GitHub
CVSS 3.1
5.9
EPSS
0.8%
CVE-2023-45781 MEDIUM This Month

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40465 MEDIUM This Month

Several versions of ALEOS, including ALEOS 4.16.0, include an opensource third-party component which can be exploited from the local area network, resulting in a Denial of Service condition for the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Denial Of Service Aleos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-40098 MEDIUM PATCH This Month

In mOnDone of NotificationConversationInfo.java, there is a possible way to access app notification data of another user due to a logic error in the code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40092 MEDIUM PATCH This Month

In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40083 MEDIUM PATCH This Month

In parse_gap_data of utils.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40081 MEDIUM This Month

In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40076 MEDIUM PATCH This Month

In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
CVSS 3.1
5.5
EPSS
2.3%
CVE-2023-40075 MEDIUM PATCH This Month

In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-40074 MEDIUM PATCH This Month

In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy