Skip to main content
CVE-2023-44982 MEDIUM POC THREAT This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Perfect Images (Manage Image Sizes, Thumbnails, Replace, Retina).4.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Information Disclosure Perfect Images
NVD
CVSS 3.1
5.3
EPSS
12.9%
CVE-2023-6872 MEDIUM POC This Month

Browser tab titles were being leaked by GNOME to system logs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49006 MEDIUM POC PATCH This Month

Cross Site Request Forgery (CSRF) vulnerability in Phpsysinfo version 3.4.3 allows a remote attacker to obtain sensitive information via a crafted page in the XML.php file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP CSRF Phpsysinfo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-49489 MEDIUM POC This Month

Reflective Cross Site Scripting (XSS) vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APP_HOST parameter at. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Kodexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-6945 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-49706 MEDIUM This Month

Defective request context handling in Self Service in LinOTP 3.x before 3.2.5 allows remote unauthenticated attackers to escalate privileges, thereby allowing them to act as and with the permissions. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Race Condition Privilege Escalation Linotp Virtual Appliance
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2023-46154 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in E2Pdf.Com E2Pdf - Export To Pdf Tool for WordPress.20.18. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress E2pdf
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-44991 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Media File Renamer: Rename Files (Manual, Auto & AI).6.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Media File Renamer Auto Manual Rename
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-47146 MEDIUM PATCH This Month

IBM Qradar SIEM 7.5 could allow a privileged user to obtain sensitive domain information due to data being misidentified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-6869 MEDIUM This Month

A `<dialog>` element could have been manipulated to paint content outside of a sandboxed iframe. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6865 MEDIUM This Month

`EncryptingOutputStream` was susceptible to exposing uninitialized data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-6860 MEDIUM This Month

The `VideoBridge` allowed any content process to use textures produced by remote decoders. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-49734 MEDIUM PATCH This Month

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Superset
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-46104 MEDIUM PATCH This Month

Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-5432 MEDIUM PATCH This Month

The Jquery news ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jquery-news-ticker' shortcode in versions up to, and including, 3.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Jquery News Ticker
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5413 MEDIUM PATCH This Month

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Image Horizontal Reel Scroll Slideshow
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46212 MEDIUM This Month

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in TienCOP WP EXtra allows Accessing Functionality Not Properly Constrained by ACLs, Cross Site Request Forgery.2. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Wp Extra
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-6867 MEDIUM This Month

The timing of a button click causing a popup to disappear was approximately the same length as the anti-clickjacking delay on permission prompts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Debian Linux
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-42940 MEDIUM This Month

A session rendering issue was addressed with improved session tracking. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-45172 MEDIUM PATCH This Month

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in AIX windows to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Microsoft IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-6488 MEDIUM PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_button', 'su_members', and 'su_tabs' shortcodes in all versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Shortcodes Ultimate
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-50835 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Praveen Goswami Advanced Category Template.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Advanced Category Template
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49164 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in OceanWP Ocean Extra.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ocean Extra
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-25715 MEDIUM This Month

Missing Authorization vulnerability in GamiPress GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress.5.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Gamipress
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-44983 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aruba.It Aruba HiSpeed Cache.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Aruba Aruba Hispeed Cache
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-49812 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in J.N. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Photo Album Plus
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2022-45809 MEDIUM This Month

Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Ricard Torres Thumbs Rating.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Thumbs Rating
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-6857 MEDIUM This Month

When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Race Condition Apple Mozilla Microsoft +5
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-6918 MEDIUM This Month

A flaw was found in the libssh implements abstract layer for message digest (MD) operations implemented by different supported crypto backends. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libssh Fedora Enterprise Linux
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2023-45105 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in SERVIT Software Solutions affiliate-toolkit - WordPress Affiliate Plugin.3.9. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Affiliate Toolkit
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-41648 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Swapnil V. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Login And Logout Redirect
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-46624 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Parcel Pro.6.11. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Parcel Pro
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-37982 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for Salesforce and Contact Form 7, WPForms, Elementor, Ninja Forms.3.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Integration For Salesforce And Contact Form 7 Wpforms Elementor Ninja Forms Elementor
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-35883 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Magazine3 Core Web Vitals & PageSpeed Booster.0.12. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Core Web Vitals Pagespeed Booster
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-40602 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Doofinder Doofinder WP & WooCommerce Search.5.49. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Doofinder
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38481 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and Zoho CRM, Books, Invoice, Inventory, Bigin.3.7. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Integration For Woocommerce And Zoho Crm Books Invoice Inventory Bigin
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38478 MEDIUM This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks Integration for WooCommerce and QuickBooks.2.3. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect WordPress Integration For Woocommerce And Quickbooks
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-34382 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay, Etsy.7.19. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress Dokan
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2022-43450 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.9.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Stream
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-47754 MEDIUM This Month

Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.8.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Delete Duplicate Posts
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-48751 MEDIUM This Month

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Roland Barker, xnau webdesign Participants Database allows Accessing Functionality Not Properly Constrained by ACLs, Cross. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Participants Database
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-6871 MEDIUM This Month

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6870 MEDIUM This Month

Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Focus
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-6868 MEDIUM This Month

In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Authentication Bypass Firefox
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6135 MEDIUM This Month

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-50762 MEDIUM This Month

When processing a PGP/MIME payload that contains digitally signed text, the first paragraph of the text was never shown to the user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-50761 MEDIUM This Month

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Thunderbird Debian Linux
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-42015 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 is vulnerable to HTML injection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS IBM Urbancode Deploy
NVD
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy