Skip to main content
CVE-2023-50572 MEDIUM POC PATCH This Month

An issue in the component GroovyEngine.execute of jline-groovy v3.24.1 allows attackers to cause an OOM (OutofMemory) error. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jline
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-50570 MEDIUM POC This Month

An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ipaddress
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-7166 MEDIUM POC PATCH This Month

A vulnerability classified as problematic has been found in Novel-Plus up to 4.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Novel Plus
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-52085 MEDIUM POC PATCH THREAT This Month

Winter is a free, open-source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Winter
NVD GitHub
CVSS 3.1
5.4
EPSS
30.2%
CVE-2023-45751 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in POSIMYTH Nexter Extension.0.3. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Nexter Extension
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-40606 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Kanban for WordPress Kanban Boards for WordPress.5.21. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection WordPress RCE Kanban Boards For Wordpress
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-51412 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Piotnet Piotnet Forms.0.25. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload Piotnet Forms
NVD
CVSS 3.1
9.0
EPSS
0.7%
CVE-2023-51420 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Soft8Soft LLC Verge3D Publishing and E-Commerce.5.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Verge3D
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2023-7171 MEDIUM POC PATCH This Month

A vulnerability was found in Novel-Plus up to 4.2.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java XSS Novel Plus
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-47804 HIGH PATCH This Week

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Openoffice
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-7114 HIGH This Week

Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost CSRF
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-44088 HIGH POC This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pandora Fms
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-7150 HIGH This Week

A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Chic Beauty Salon
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-7143 MEDIUM POC This Month

A vulnerability was found in code-projects Client Details System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Client Details System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-22677 HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.1.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Wp Booklet
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2022-44589 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator - WordPress Two Factor Authentication - 2FA , Two Factor, OTP SMS and Email |. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google WordPress Google Authenticator
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-7078 HIGH PATCH This Week

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Miniflare
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-7080 HIGH PATCH This Week

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation RCE SSRF Wrangler
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-51434 HIGH This Week

Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-50837 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown - Protect Login Form.06. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Login Lockdown
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-52135 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mark Westguard WS Form LITE ws-form allows Blind SQL Injection.9.170. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-4468 HIGH This Week

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trio 8800 Firmware Trio C60 Lens
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-31300 HIGH This Week

An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cash Point Transport Optimizer
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-31295 HIGH This Week

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cash Point Transport Optimizer
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31294 HIGH This Week

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cash Point Transport Optimizer
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23430 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Magichome
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23429 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Magicos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23428 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Magicos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23427 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Magicos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-4464 HIGH This Week

A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ccx 400 Firmware Ccx 600 Firmware Trio 8800 Firmware Trio C60 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
3.3%
CVE-2023-50893 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza - WordPress Website and WooCommerce Builder allows Reflected XSS.17.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Impreza
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-50892 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Thegem
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51373 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Google Photos Gallery With Shortcodes
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-50901 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega - Absolute Addons For Elementor allows Reflected XSS.3.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ht Mega
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51435 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Magic Ui
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51428 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magic Os
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51427 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magic Os
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51426 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magic Os
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-23443 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magic Os
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-23442 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magicos
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-23436 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Magicos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23435 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Magicos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23433 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23432 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23431 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-4467 MEDIUM This Month

A vulnerability was found in Poly Trio 8800 7.2.6.0019 and classified as critical. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Trio 8800 Firmware
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.3%
CVE-2023-50891 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Forms Form plugin for WordPress - Zoho Forms allows Stored XSS.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Zoho Forms
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-50880 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The BuddyPress Community BuddyPress allows Stored XSS.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Buddypress
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-51399 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Back Button Widget allows Stored XSS.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Back Button Widget
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-51397 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force WP Remote Site Search allows Stored XSS.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Remote Site Search
NVD
CVSS 3.1
6.5
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy