Skip to main content
CVE-2024-21911 MEDIUM POC PATCH This Month

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tinymce
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2023-6524 MEDIUM POC This Month

The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the map title parameter in all versions up to and including 2.88.13 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2024-21910 MEDIUM POC PATCH This Month

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tinymce
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.6%
CVE-2024-21908 MEDIUM POC PATCH This Month

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tinymce
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6621 MEDIUM POC This Month

The POST SMTP WordPress plugin before 2.8.7 does not sanitise and escape the msg parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Post Smtp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-50093 MEDIUM POC This Month

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2.2 is vulnerable to Host Header Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Broadcom Code Injection Api Gateway Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-50092 MEDIUM POC This Month

APIIDA API Gateway Manager for Broadcom Layer7 v2023.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Broadcom Api Gateway Manager
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2023-49556 MEDIUM POC This Month

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-49555 MEDIUM POC This Month

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49554 MEDIUM POC This Month

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49557 MEDIUM POC This Month

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-49558 MEDIUM POC This Month

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-5879 MEDIUM This Month

Users’ product account authentication data was stored in clear text in The Genie Company Aladdin Connect Mobile Application Version 5.65 Build 2075 (and below) on Android Devices. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Aladdin Connect Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-5138 MEDIUM This Month

Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Gecko Software Development Kit
NVD GitHub
CVSS 3.1
6.8
EPSS
0.0%
CVE-2023-41776 MEDIUM This Month

There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. Rated medium severity (CVSS 6.7). No vendor patch available.

Zte Privilege Escalation Zxcloud Irai
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2023-6540 MEDIUM This Month

A vulnerability was reported in the Lenovo Browser Mobile and Lenovo Browser HD Apps for Android that could allow an attacker to craft a payload that could result in the disclosure of sensitive. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Lenovo RCE Google Code Injection Browser Hd +2
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-30617 MEDIUM PATCH This Month

Kruise provides automated management of large-scale applications on Kubernetes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Kubernetes Privilege Escalation Kruise
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46740 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cubefs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46738 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Cubefs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-46739 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Cubefs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-6747 MEDIUM This Month

The Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom attributes in all versions up to, and including, 2.3.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-6986 MEDIUM PATCH This Month

The EmbedPress - Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Google
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-41780 MEDIUM This Month

There is an unsafe DLL loading vulnerability in ZTE ZXCLOUD iRAI. Rated medium severity (CVSS 6.4). No vendor patch available.

Zte Path Traversal Zxcloud Irai
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2023-6629 MEDIUM PATCH This Month

The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘msg’ parameter in all. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6981 MEDIUM PATCH This Month

The WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to SQL Injection via the 'group_id' parameter in all versions up to, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS WordPress SQLi
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-50344 MEDIUM This Month

HCL DRYiCE MyXalytics is impacted by improper access control (Unauthenticated File Download) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dryice Myxalytics
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-0201 MEDIUM This Month

The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-6984 MEDIUM PATCH This Month

The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.13. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress PHP CSRF Elementor
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-6004 MEDIUM This Month

A flaw was found in libssh. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Libssh Fedora Enterprise Linux
NVD
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-46742 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity.

Information Disclosure Cubefs
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2023-46741 MEDIUM PATCH This Month

CubeFS is an open-source cloud-native file storage system. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Cubefs
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2023-52302 MEDIUM PATCH This Month

Nullptr in paddle.nextafter in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52312 MEDIUM PATCH This Month

Nullptr dereference in paddle.crop in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52303 MEDIUM PATCH This Month

Nullptr in paddle.put_along_axis in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38676 MEDIUM PATCH This Month

Nullptr in paddle.dot in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52313 MEDIUM PATCH This Month

FPE in paddle.argmin and paddle.argmax in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52308 MEDIUM PATCH This Month

FPE in paddle.amin in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52306 MEDIUM PATCH This Month

FPE in paddle.lerp in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-52305 MEDIUM PATCH This Month

FPE in paddle.topk in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38677 MEDIUM PATCH This Month

FPE in paddle.linalg.eig in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38675 MEDIUM PATCH This Month

FPE in paddle.linalg.matrix_rank in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38674 MEDIUM PATCH This Month

FPE in paddle.nanmedian in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-38678 MEDIUM PATCH This Month

OOB access in paddle.mode in PaddlePaddle before 2.6.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Denial Of Service Paddlepaddle
NVD GitHub
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-41779 MEDIUM This Month

There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. Rated medium severity (CVSS 4.4). No vendor patch available.

Zte Buffer Overflow Zxcloud Irai
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2023-7068 MEDIUM PATCH This Month

The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-6980 MEDIUM PATCH This Month

The WP SMS - Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-41783 MEDIUM This Month

There is a command injection vulnerability of ZTE's ZXCLOUD iRAI. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Zte Command Injection RCE Code Injection Zxcloud Irai
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-21631 MEDIUM PATCH This Month

Vapor is an HTTP web framework for Swift. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Vapor
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2024-21622 MEDIUM PATCH This Month

Craft is a content management system. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy