Skip to main content
CVE-2023-34829 MEDIUM POC This Month

Incorrect access control in TP-Link Tapo before v3.1.315 allows attackers to access user credentials in plaintext. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tapo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-49228 MEDIUM POC This Month

An issue was discovered in Peplink Balance Two before 8.4.0. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Balance Two Firmware
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2023-7133 MEDIUM POC This Month

A vulnerability was found in y_project RuoYi 4.7.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruoyi
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-49469 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) vulnerability in Shaarli v0.12.2, allows remote attackers to execute arbitrary code via search tag function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Shaarli
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-7124 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in code-projects E-Commerce Site 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Commerce Site
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-50470 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component admin_ Video.php of SeaCMS v12.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Seacms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7136 MEDIUM POC This Month

A vulnerability classified as problematic was found in code-projects Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7135 MEDIUM POC This Month

A vulnerability classified as problematic has been found in code-projects Record Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Record Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-7132 MEDIUM POC This Month

A vulnerability was found in code-projects Intern Membership Management System 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Intern Membership Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-52081 MEDIUM POC PATCH This Month

ffcss is a CLI interface to apply and configure Firefox CSS themes. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Mozilla Information Disclosure Firefox Css
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-51010 MEDIUM POC This Month

An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro v4.2.2 allows attackers to open a crafted URL without any filtering or checking. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qingdao Metro
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-49229 MEDIUM POC This Month

An issue was discovered in Peplink Balance Two before 8.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Balance Two Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-36381 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in Gesundheit Bewegt GmbH Zippy.6.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Zippy
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-50860 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TMS Booking for Appointments and Events Calendar - Amelia allows Stored XSS.0.85. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Amelia
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50859 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum WP Crowdfunding allows Stored XSS.1.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Crowdfunding
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50874 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Darren Cooney WordPress Infinite Scroll - Ajax Load More allows Stored XSS.1.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Ajax Load More
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50448 MEDIUM PATCH This Month

In ActiveAdmin (aka Active Admin) before 2.12.0, a concurrency issue allows a malicious actor to access potentially private data (that belongs to another user) by making CSV export requests at. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Activeadmin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-52079 MEDIUM PATCH This Month

msgpackr is a fast MessagePack NodeJS/JavaScript implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Msgpackr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-45701 MEDIUM This Month

HCL Launch could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hcl Launch
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4672 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Talent Software ECOP allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ecop
NVD VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-50836 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibericode HTML Forms allows Stored XSS.3.28. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Html Forms
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-45702 MEDIUM This Month

An HCL UrbanCode Deploy Agent installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts.. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Hcl Launch
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36399 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in BoxyStudio Booked - Appointment Booking for WordPress | Calendars.4.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Booked
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-50858 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.34. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Anti Hacker
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52084 MEDIUM PATCH This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Winter
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-27447 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in VeronaLabs WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc.0.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wp Sms
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-52083 MEDIUM PATCH This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Winter
NVD GitHub
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-50873 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Add Any Extension To Pages
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-50267 MEDIUM This Month

MeterSphere is a one-stop open source continuous testing platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Metersphere
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy