Skip to main content
CVE-2023-51655 CRITICAL Act Now

In JetBrains IntelliJ IDEA before 2023.3.2 code execution was possible in Untrusted Project mode via a malicious plugin repository specified in the project configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Intellij Idea
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-4256 MEDIUM POC This Month

Within tcpreplay's tcprewrite, a double free vulnerability has been identified in the tcpedit_dlt_cleanup() function within plugins/dlt_plugins.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay Extra Packages For Enterprise Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4255 MEDIUM POC PATCH This Month

An out-of-bounds write issue has been discovered in the backspace handling of the checkType() function in etc.c within the W3M application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service W3M Extra Packages For Enterprise Linux +1
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-7050 MEDIUM POC This Month

A vulnerability has been found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7041 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in codelyfe Stupid Simple CMS up to 1.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Stupid Simple Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-7036 MEDIUM POC This Month

A vulnerability was found in automad up to 1.10.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Automad
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-48116 MEDIUM POC This Month

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartermail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48115 MEDIUM POC This Month

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartermail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48114 MEDIUM POC This Month

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartermail
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46647 HIGH This Week

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-45117 HIGH This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-5594 HIGH This Week

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Antivirus Endpoint Security File Security Internet Security +5
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2023-7051 MEDIUM POC This Month

A vulnerability was found in PHPGurukul Online Notes Sharing System 1.0 and classified as problematic. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Online Notes Sharing System
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-49826 HIGH This Week

Deserialization of Untrusted Data vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress Soledad
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-2585 HIGH PATCH This Week

Keycloak's device authorization grant does not correctly validate the device code and client ID. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Single Sign On Openshift Container Platform Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone +1
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-7025 HIGH This Week

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Hedron Domain Hook
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-48288 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Jobwp
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-48298 HIGH PATCH This Week

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6847 HIGH This Week

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46648 HIGH This Week

An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41097 HIGH This Week

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-50481 HIGH This Week

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Blinksocks
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-51390 HIGH PATCH This Week

journalpump is a daemon that takes log messages from journald and pumps them to a given output. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Journalpump
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46131 HIGH PATCH This Week

Grails is a framework used to build web applications with the Groovy programming language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Grails
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45703 HIGH This Week

HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hcl Launch
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46649 HIGH This Week

A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-6546 HIGH PATCH This Week

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%
CVE-2023-32799 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple Addresses.8.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Shipping Multiple Addresses
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-45377 MEDIUM This Month

Unrestricted Upload of File with Dangerous Type vulnerability in Glen Don L. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload WordPress Drag And Drop Multiple File Upload For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-47191 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify - BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.2.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Youzify
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50834 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech WooCommerce Menu Extension allows Stored XSS.6.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Woocommerce Menu Extension
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50825 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terrier Tenacity iframe Shortcode allows Stored XSS.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Iframe Shortcode
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50824 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brian Batt Insert or Embed Articulate Content into WordPress allows Stored XSS.3000000021. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Insert Or Embed Articulate Content
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50823 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wipeout Media CSS & JavaScript Toolbox allows Stored XSS.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Css Javascript Toolbox
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50822 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Currency.Wiki Currency Converter Widget - Exchange Rates allows Stored XSS.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Microsoft Currency Converter Widget Exchange Rates
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-6802 MEDIUM This Month

An insertion of sensitive information into the log file in the audit log in GitHub Enterprise Server was identified that could allow an attacker to gain access to the management console. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-40058 MEDIUM This Month

Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Access Rights Manager
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-50783 MEDIUM PATCH This Month

Apache Airflow, versions before 2.8.0, is affected by a vulnerability that allows an authenticated user without the variable edit permission, to update a variable. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Apache Authentication Bypass Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-49920 MEDIUM PATCH This Month

Apache Airflow, version 2.7.0 through 2.7.3, has a vulnerability that allows an attacker to trigger a DAG in a GET request without CSRF validation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Apache CSRF Airflow
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-47093 MEDIUM This Month

An issue was discovered in Stormshield Network Security (SNS) 4.0.0 through 4.3.21, 4.4.0 through 4.6.8, and 4.7.0. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stormshield Network Security
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-6122 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Advanced C2C Marketplace Software
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-5989 MEDIUM This Month

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lioxerp
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-5988 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies LioXERP allows Reflected XSS.146. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Lioxerp
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-37520 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability identified in BigFix Server version 9.5.12.68, allowing for potential data exfiltration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bigfix Platform
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-37519 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bigfix Platform
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-2487 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Smackcoders Export All Posts, Products, Orders, Refunds & Users.4.1. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Export All Posts Products Orders Refunds Users
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-7035 LOW POC Monitor

A vulnerability was found in automad up to 1.10.9 and classified as problematic. Rated low severity (CVSS 1.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Automad
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2023-50829 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aerin Loan Repayment Calculator and Application Form allows Stored XSS.9.3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Loan Repayment Calculator And Application Form
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50830 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Seosbg Seos Contact Form allows Stored XSS.8.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Seos Contact Form
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50826 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Menu Image, Icons made easy allows Stored XSS.10. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Menu Image Icons Made Easy
NVD
CVSS 3.1
5.9
EPSS
0.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy