Skip to main content
CVE-2024-21641 MEDIUM POC PATCH THREAT This Month

Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.8%.

Open Redirect Flarum
NVD GitHub
CVSS 3.1
6.5
EPSS
32.8%
CVE-2023-50991 HIGH POC THREAT Act Now

Buffer Overflow vulnerability in Tenda i29 versions 1.0 V1.0.0.5 and 1.0 V1.0.0.2, allows remote attackers to cause a denial of service (DoS) via the pingIp parameter in the pingSet function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Buffer Overflow Tenda Denial Of Service I29 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
12.9%
CVE-2023-51277 CRITICAL POC PATCH Act Now

nbviewer-app (aka Jupyter Notebook Viewer) before 0.1.6 has the get-task-allow entitlement for release builds. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jupyter Notebook Viewer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-50027 CRITICAL POC Act Now

SQL Injection vulnerability in Buy Addons baproductzoommagnifier module for PrestaShop versions 1.0.16 and before, allows remote attackers to escalate privileges and gain sensitive information via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bazoom Magnifier
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-39296 HIGH POC This Week

A prototype pollution vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Prototype Pollution Qnap Qts Quts Hero
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-0247 HIGH POC This Week

A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2022-46839 CRITICAL Act Now

Unrestricted file upload in JS Help Desk WordPress plugin. CVSS 10.0.

File Upload
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2020-13880 CRITICAL Act Now

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption B3D
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-13879 CRITICAL Act Now

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption B3D
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2020-13878 CRITICAL Act Now

IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption B3D
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-41288 HIGH This Week

An OS command injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Video Station
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-52150 HIGH This Week

CSRF in Dynamic Content for Elementor plugin before 2.12.5.

CSRF Elementor
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-34326 HIGH This Week

The caching invalidation guidelines from the AMD-Vi specification (48882-Rev 3.07-PUB-Oct 2022) is incorrect on some hardware, as devices will malfunction (see stale DMA mappings) if some fields of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Amd Information Disclosure Xen
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-34325 HIGH PATCH This Week

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] libfsimage contains parsing code for several filesystems, most of them. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Memory Corruption Xen
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-34322 HIGH This Week

For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xen
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-52143 HIGH This Week

Information exposure in WP Stripe Checkout plugin through 1.2.2.37.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-51502 HIGH This Week

Authorization bypass via user-controlled key in WooCommerce Stripe Payment Gateway plugin.

Authentication Bypass WordPress
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-47560 HIGH This Week

An OS command injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qumagie
NVD
CVSS 3.1
7.4
EPSS
0.5%
CVE-2023-39294 MEDIUM This Month

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-52125 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52124 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs - Responsive Tabs Plugin for WordPress allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52178 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.2.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-41289 MEDIUM This Month

An OS command injection vulnerability has been reported to affect QcalAgent. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qcalagent
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-52129 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-52323 MEDIUM PATCH This Month

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pycryptodome Pycryptodomex
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-34328 MEDIUM PATCH This Month

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Information Disclosure Xen
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-34327 MEDIUM PATCH This Month

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Information Disclosure Xen
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-46835 MEDIUM PATCH This Month

The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Amd Memory Corruption Xen
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-34323 MEDIUM PATCH This Month

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Xen
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-47559 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Qumagie
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51539 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52121 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51673 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List - Price Table Builder & QR Code Restaurant Menu.0.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52149 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52120 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms - Ultimate Form Builder - Contact forms and much more.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-52126 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-52151 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator - Automate everything with the #1 no-code automation and integration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-52148 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.9.30. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-52146 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.33.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-34324 MEDIUM PATCH This Month

Closing of an event channel in the Linux kernel can result in a deadlock. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Linux Denial Of Service Linux Kernel Xen
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-46836 MEDIUM PATCH This Month

The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. Rated medium severity (CVSS 4.7).

Buffer Overflow Xen
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-41287 MEDIUM This Month

A SQL injection vulnerability has been reported to affect Video Station. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Video Station
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52119 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.1.18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52128 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label - WordPress Custom Admin, Custom Login Page, and Custom Dashboard.9.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52123 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.1.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51538 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support - WordPress HelpDesk & Support Plugin.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52122 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.10.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51668 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.1.18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52145 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.21. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52136 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds - A Tweets Widget or X Feed Widget.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy