Skip to main content
CVE-2023-6931 HIGH PATCH This Week

A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Memory Corruption Linux Buffer Overflow Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-6932 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's ipv4: igmp component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Memory Corruption Linux Debian Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-6315 HIGH This Week

Out-of-bouds read vulnerability in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-6314 HIGH This Week

Stack-based buffer overflow in FPWin Pro version 7.7.0.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48764 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GuardGiant Brute Force Protection WordPress Brute Force Protection - Stop Brute Force Attacks.2.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Guardgiant
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-48741 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in QuantumCloud AI ChatBot.7.8. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wpbot
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-48327 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors - WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.4.7. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Woocommerce Multi Vendor Woocommerce Marketplace Product Vendors
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-49764 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Younes JFR. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Advanced Database Cleaner
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-49819 HIGH This Week

Deserialization of Untrusted Data vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc.5.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Structured Content
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46804 HIGH This Week

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-46803 HIGH This Week

An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Avalanche
NVD
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-46262 HIGH This Week

An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Ivanti Avalanche
NVD
CVSS 3.1
7.5
EPSS
82.8%
CVE-2023-6711 HIGH This Week

Vulnerability exists in SCI IEC 60870-5-104 and HCI IEC 60870-5-104 that affects the RTU500 series product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rtu500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-6280 HIGH This Week

An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Wps
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1514 HIGH This Week

A vulnerability exists in the component RTU500 Scripting interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rtu500 Scripting Interface
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-38126 HIGH This Week

Softing edgeAggregator Restore Configuration Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Edgeaggregator
NVD
CVSS 3.1
7.2
EPSS
68.6%
CVE-2023-50376 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in smp7, wp.Insider Simple Membership allows Reflected XSS.3.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Simple Membership
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-49706 MEDIUM This Month

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Privilege Escalation Linotp Virtual Appliance
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-46154 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.18. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress E2pdf
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-44991 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).6.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Media File Renamer Auto Manual Rename
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-47146 MEDIUM PATCH This Month

IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-6869 MEDIUM This Month

A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6865 MEDIUM This Month

`EncryptingOutputStream` was susceptible to exposing uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-6860 MEDIUM This Month

The `VideoBridge` allowed any content process to use textures produced by remote decoders. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-49734 MEDIUM PATCH This Month

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-46104 MEDIUM PATCH This Month

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-5432 MEDIUM PATCH This Month

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Jquery News Ticker
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5413 MEDIUM PATCH This Month

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Image Horizontal Reel Scroll Slideshow
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46212 MEDIUM This Month

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Wp Extra
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-6867 MEDIUM This Month

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-42940 MEDIUM This Month

A session rendering issue was addressed with improved session tracking. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-45172 MEDIUM PATCH This Month

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-6488 MEDIUM PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shortcodes Ultimate
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-50835 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Advanced Category Template
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49164 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ocean Extra
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-25715 MEDIUM This Month

Missing Authorization vulnerability in GamiPress GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.5.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Gamipress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-44983 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Aruba Hispeed Cache
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-49812 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in J.N. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Photo Album Plus
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-45809 MEDIUM This Month

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thumbs Rating
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-6857 MEDIUM This Month

When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Apple Mozilla Microsoft +5
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-6918 MEDIUM This Month

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libssh Fedora Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2023-45105 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit - WordPress Affiliate Plugin.3.9. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Affiliate Toolkit
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-41648 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Login And Logout Redirect
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-46624 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.6.11. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Parcel Pro
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-37982 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.3.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Integration For Salesforce And Contact Form 7 Wpforms Elementor Ninja Forms Elementor
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-35883 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.0.12. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Core Web Vitals Pagespeed Booster
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-40602 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.5.49. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Doofinder
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38481 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.3.7. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Integration For Woocommerce And Zoho Crm Books Invoice Inventory Bigin
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38478 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.2.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Integration For Woocommerce And Quickbooks
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-34382 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy.7.19. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Dokan
NVD
CVSS 3.1
4.4
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy