Skip to main content
CVE-2023-3726 MEDIUM POC This Month

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ocsinventory Ocsreports
NVD
CVSS 3.1
6.9
EPSS
0.1%
CVE-2023-29962 MEDIUM POC This Month

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal S Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50630 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Teamwork Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-22049 MEDIUM POC PATCH This Month

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Debian Linux Fedora Httparty
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-41784 MEDIUM This Month

Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro. Rated medium severity (CVSS 6.6). No vendor patch available.

Zte Privilege Escalation Redmagic 8 Pro Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2023-6733 MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-22048 MEDIUM PATCH This Month

govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Govuk Tech Docs
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2023-7044 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-52322 MEDIUM PATCH This Month

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Spip
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-6944 MEDIUM PATCH This Month

A flaw was found in the Red Hat Developer Hub (RHDH). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Gitlab Information Disclosure Red Hat Developer Hub Backstage
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-6551 MEDIUM This Month

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS PHP Class Upload Php
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-6738 MEDIUM PATCH This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-3864 MEDIUM This Month

A vulnerability exists in the Relion update package signature validation. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Relion 650 Firmware Relion 670 Firmware Relion Sam600 Io Firmware
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2023-6498 MEDIUM PATCH This Month

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-6992 MEDIUM PATCH This Month

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required.

Buffer Overflow Denial Of Service Zlib Cloudflare
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-21636 MEDIUM POC PATCH This Month

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS View Component
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-20809 MEDIUM Monitor

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nearby Device Scanning
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-20808 MEDIUM Monitor

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nearby Device Scanning
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-20806 MEDIUM This Month

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2024-20804 MEDIUM Monitor

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android Myfiles Samsung
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-20803 MEDIUM This Month

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2024-20802 MEDIUM Monitor

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Dex
NVD
CVSS 3.1
4.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy