Skip to main content
CVE-2023-43300 HIGH This Week

An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-5058 HIGH This Week

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Securecore Technology
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33411 HIGH This Week

A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

X11Ssl Cf Firmware X11Dac Firmware X11Dai N Firmware X11Ddw L Firmware X11Ddw Nt Firmware +352
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-4486 HIGH This Week

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nae55 Firmware Sne22000 Firmware Sne11000 Firmware Sne10500 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46307 HIGH This Week

An issue was discovered in server.js in etcd-browser 87ae63d75260. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Etcd Browser
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-41106 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Collaboration
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5761 HIGH PATCH This Week

The Burst Statistics - Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Burst Statistics
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41804 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates - Elementor, WordPress & Beaver Builder Templates.2.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress Starter Templates
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-6578 MEDIUM This Month

A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webmethods
NVD VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-47440 MEDIUM PATCH This Month

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Gladys Assistant
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-6588 MEDIUM This Month

Offline mode is always enabled, even if permission disallows it, in Devolutions Server data source in Devolutions Workspace 2023.3.2.0 and earlier. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Workspace
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-46693 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in FormaLMS before 4.0.5 allows attackers to run arbitrary code via title parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Formalms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41170 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49225 MEDIUM PATCH This Month

A cross-site-scripting vulnerability exists in Ruckus Access Point products (ZoneDirector, SmartZone, and AP Solo). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS R750 Firmware R650 Firmware R730 Firmware T750 Firmware +33
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48208 MEDIUM This Month

A Cross Site Scripting vulnerability in Availability Booking Calendar 5.0 allows an attacker to inject JavaScript via the name, plugin_sms_api_key, plugin_sms_country_code, uuid, title, or country. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Availability Booking Calendar
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-43103 MEDIUM PATCH This Month

An XSS issue was discovered in a web endpoint in Zimbra Collaboration (ZCS) before 10.0.4 via an unsanitized parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-43102 MEDIUM PATCH This Month

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Collaboration
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6333 MEDIUM PATCH This Month

The affected ControlByWeb Relay products are vulnerable to a stored cross-site scripting vulnerability, which could allow an attacker to inject arbitrary scripts into the endpoint of a web interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS X 332 24I Firmware X 301 I Firmware X 301 24I Firmware
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41905 MEDIUM This Month

NETSCOUT nGeniusONE 6.3.4 build 2298 allows a Reflected Cross-Site scripting (XSS) vulnerability by an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41172 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 4 of 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41171 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 3 of 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41169 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 2 of 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-41168 MEDIUM This Month

NetScout nGeniusONE 6.3.4 build 2298 allows a Stored Cross-Site scripting vulnerability (issue 1 of 4). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48839 MEDIUM This Month

Appointment Scheduler 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Appointment Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28017 MEDIUM PATCH This Month

HCL Connections is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user after visiting the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Connections
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35909 MEDIUM This Month

Uncontrolled Resource Consumption vulnerability in Saturday Drive Ninja Forms Contact Form - The Drag and Drop Form Builder for WordPress leading to DoS.6.25. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service WordPress Ninja Forms
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-46641 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Code for Recovery 12 Step Meeting List.14.24. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF 12 Step Meeting List
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-49746 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in Softaculous Team SpeedyCache - Cache, Optimization, Performance.1.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Speedycache
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-36880 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.8
EPSS
1.6%
CVE-2023-45762 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Michael Uno (miunosoft) Responsive Column Widgets.2.7. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Responsive Column Widgets
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-47548 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SoftLab Integrate Google Drive - Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Open Redirect WordPress Integrate Google Drive
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-48325 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in PluginOps Landing Page Builder - Lead Page - Optin Page - Squeeze Page - WordPress Landing Pages.5.1.5. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Open Redirect Landing Page Builder
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-47779 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Integration For Constant Contact And Contact Form 7 Wpforms Elementor Ninja Elementor
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2023-5713 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_option_value() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-5714 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_db_specs() function hooked via an AJAX action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5712 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_global_value() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5711 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_php_info() function hooked via an AJAX action in all versions up to,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass PHP System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-5710 MEDIUM PATCH This Month

The System Dashboard plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the sd_constants() function hooked via an AJAX action in all versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass System Dashboard
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-38174 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.3
EPSS
2.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy