Skip to main content
CVE-2023-50377 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AB-WP Simple Counter allows Stored XSS.0.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Counter
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-47527 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sajjad Hossain Sagor WP Edit Username allows Stored XSS.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Edit Username
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-47525 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Management Tickets Booking event-monster allows DOM-Based XSS.4.9. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-50827 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Accredible Accredible Certificates & Open Badges allows Stored XSS.4.8. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Accredible Certificates Open Badges
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-6746 MEDIUM This Month

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an `adversary in the middle attack`. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2023-6804 MEDIUM This Month

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-7042 MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() in drivers/net/wireless/ath/ath10k/wmi-tlv.c in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49762 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in AppMySite AppMySite - Create an app with the Best Mobile App Builder.11.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appmysite
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-28421 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Winwar Media WordPress Email Marketing Plugin - WP Email Capture.10. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wp Email Capture
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-32747 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.15.78. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Bookings
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-22674 MEDIUM This Month

Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in Hal Gatewood Dashicons + Custom Post Types.0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dashicons Custom Post Types
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-49162 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BigCommerce BigCommerce For WordPress.0.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Bigcommerce
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-50473 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability in bill-ahmed qbit-matUI version 1.16.4, allows remote attackers to obtain sensitive information via fixed session identifiers (SID) in index.js file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qbit Matui
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47265 MEDIUM PATCH This Month

Apache Airflow, versions 2.6.0 through 2.7.3 has a stored XSS vulnerability that allows a DAG author to add an unbounded and not-sanitized javascript in the parameter description field of the DAG. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Apache XSS Airflow
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2023-45700 MEDIUM This Month

HCL Launch is vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure XSS Hcl Launch
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-27319 MEDIUM This Month

ONTAP Mediator versions prior to 1.7 are susceptible to a vulnerability that can allow an unauthenticated attacker to enumerate URLs via REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ontap Mediator
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-46646 MEDIUM This Month

Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-41166 MEDIUM This Month

An issue was discovered in Stormshield Network Security (SNS) 3.7.0 through 3.7.39, 3.11.0 through 3.11.27, 4.3.0 through 4.3.22, 4.6.0 through 4.6.9, and 4.7.0 through 4.7.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stormshield Network Security
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-51379 MEDIUM This Month

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-46645 MEDIUM This Month

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Server
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-28025 MEDIUM This Month

Due to this vulnerability, the Master operator could potentially incorporate an SVG tag into HTML, leading to an alert pop-up displaying a cookie. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Bigfix Modern Client Management
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-7047 MEDIUM This Month

Inadequate validation of permissions when employing remote tools and macros via the context menu within Devolutions Remote Desktop Manager versions 2023.3.31 and earlier permits a user to initiate a. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-49765 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Rate My Post
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51380 MEDIUM This Month

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-48291 MEDIUM PATCH This Month

Apache Airflow, in versions prior to 2.8.0, contains a security vulnerability that allows an authenticated user with limited access to some DAGs, to craft a request that could give the user write. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Apache Information Disclosure Airflow
NVD GitHub
CVSS 3.1
4.3
EPSS
1.8%
CVE-2023-6803 MEDIUM This Month

A race condition in GitHub Enterprise Server allows an outside collaborator to be added while a repository is being transferred. Rated medium severity (CVSS 4.0). No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
4.0
EPSS
0.2%
CVE-2023-6690 LOW Monitor

A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on transferred repositories by making a GraphQL mutation to alter repository permissions during the. Rated low severity (CVSS 2.0), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
2.0
EPSS
0.3%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy