Skip to main content
CVE-2023-48795 MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2023-51385 MEDIUM POC PATCH THREAT This Month

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%.

Command Injection SSH Openssh Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
16.5%
CVE-2023-6077 MEDIUM POC This Month

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Slider Factory Pro
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-5348 MEDIUM POC This Month

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Catalog Mode For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-50979 MEDIUM POC This Month

Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Crypto
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-6778 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Clearml Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6065 MEDIUM POC THREAT This Month

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Quttera Web Malware Scanner
NVD WPScan
CVSS 3.1
5.3
EPSS
18.7%
CVE-2023-5005 MEDIUM POC This Month

The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Autocomplete Location Field Contact Form 7
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-6289 MEDIUM POC This Month

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Swift Performance
NVD WPScan
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-6355 MEDIUM This Month

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Controller 7000 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-49855 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.49.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Menu Bar Cart Icon For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-5236 MEDIUM PATCH This Month

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Data Grid Jboss Data Grid Infinispan
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-3629 MEDIUM PATCH This Month

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Grid Jboss Data Grid Jboss Enterprise Application Platform Infinispan
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-3628 MEDIUM PATCH This Month

A flaw was found in Infinispan's REST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jboss Data Grid Jboss Enterprise Application Platform Data Grid Infinispan
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-48762 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetElements For Elementor.6.13. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jetelements For Elementor Elementor
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-5115 MEDIUM PATCH This Month

An absolute path traversal attack exists in the Ansible automation platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ansible Automation Platform Ansible Inside Ansible Developer Debian Linux
NVD
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-6927 MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Keycloak Single Sign On
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-35867 MEDIUM This Month

An improper handling of a malformed API answer packets to API clients in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Building Integration System Video Engine Bosch Video Management System Video Management System Viewer Configuration Manager +10
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-6908 MEDIUM PATCH This Month

A vulnerability, which was classified as problematic, was found in DFIRKuiper Kuiper 2.3.4. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Kuiper
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.8%
CVE-2022-40312 MEDIUM This Month

Server-Side Request Forgery (SSRF) vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform.25.1. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

SSRF Givewp
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51384 MEDIUM PATCH This Month

In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

SSH Authentication Bypass Openssh Debian Linux
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2023-49821 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in LiveChat LiveChat - WP live chat plugin for WordPress.5.15. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Livechat
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49761 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Gravity Master Product Enquiry for WooCommerce.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Product Enquiry For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49760 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Giannopoulos Kostas WPsoonOnlinePage.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpsoononlinepage
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49759 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team WooDiscuz - WooCommerce Comments.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woodiscuz Woocommerce Comments
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49163 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teachpress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49148 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Kulwant Nagi Affiliate Booster - Pros & Cons, Notice, and CTA Blocks for Affiliates.0.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Affiliate Booster
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48778 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in VillaTheme Product Size Chart For WooCommerce.1.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Product Size Chart For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48773 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce Login Redirect
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-48772 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Prevent Landscape Rotation.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Prevent Landscape Rotation
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-46617 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly - Ad Manager, AdSense Ads & Ads.Txt.Txt: from n/a through 1.8.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Adfoxly
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47806 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Saint Systems Disable User Login.3.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Disable User Login
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-33214 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox - UGC Galleries, Social Media Widgets, User Reviews & Analytics.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Taggbox
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49854 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Tribe Interactive Caddy - Smart Side Cart for WooCommerce.9.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Caddy
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49853 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PayTR Ödeme ve Elektronik Para Kuruluşu A.Ş. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Paytr Taksit Tablosu Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49843 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in QuanticEdge First Order Discount Woocommerce.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF First Order Discount Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-47741 MEDIUM PATCH This Month

IBM i 7.3, 7.4, 7.5, IBM i Db2 Mirror for i 7.4 and 7.5 web browser clients may leave clear-text passwords in browser memory that can be viewed using common browser tools before the memory is garbage. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure IBM Db2 Mirror For I
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-28053 MEDIUM This Month

Dell NetWorker Virtual Edition versions 19.8 and below contain the use of deprecated cryptographic algorithms in the SSH component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Networker
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-40691 MEDIUM PATCH This Month

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Business Automation
NVD
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-6911 MEDIUM PATCH This Month

Multiple WSO2 products have been identified as vulnerable due to improper output encoding, a Stored Cross Site Scripting (XSS) attack can be carried out by an attacker injecting a malicious payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Api Manager Api Manager Analytics Api Microgateway Data Analytics Server +5
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-41967 MEDIUM This Month

Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Controller 6000 Firmware
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-48781 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Marketing Rapel MkRapel Regiones y Ciudades de Chile para WC.3.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mkrapel Regiones Y Ciudades De Chile Para Wc
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-49763 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Creatomatic Ltd CSprite.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Csprite
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-49155 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator - easily Button Builder.3.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Button Generator
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-49153 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Saiful Islam Add to Cart Text Changer and Customize Button, Add Custom Icon.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Add To Cart Text Changer And Customize Button Add Custom Icon
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48768 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CodeAstrology Team Quantity Plus Minus Button for WooCommerce by CodeAstrology.1.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Quantity Plus Minus Button For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48766 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in SVGator SVGator - Add Animated SVG Easily.2.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Svgator
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48769 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Blue Coral Chat Bubble - Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Chat Bubble
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48755 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teachpress
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47789 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Canada Post Shipping Method.8.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Canada Post Shipping Method
NVD
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy