Skip to main content
CVE-2023-52130 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.9.31. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52127 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52184 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51678 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.0.33. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-6493 MEDIUM PATCH This Month

The Depicter Slider - Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51535 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.20. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-41782 LOW Monitor

There is a DLL hijacking vulnerability in ZTE ZXCLOUD iRAI, an attacker could place a fake DLL file in a specific directory and successfully exploit this vulnerability to execute malicious code. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Zte Information Disclosure Zxcloud Irai
NVD
CVSS 3.1
3.9
EPSS
0.0%
CVE-2023-45044 LOW Monitor

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2023-45043 LOW Monitor

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2023-45042 LOW Monitor

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2023-45041 LOW Monitor

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2023-45040 LOW Monitor

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2023-45039 LOW Monitor

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
3.8
EPSS
0.1%
CVE-2023-47219 LOW Monitor

A SQL injection vulnerability has been reported to affect QuMagie. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-46837 LOW PATCH Monitor

Arm provides multiple helpers to clean & invalidate the cache for a given region. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Xen
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-34321 LOW PATCH Monitor

Arm provides multiple helpers to clean & invalidate the cache for a given region. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Xen
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-21642 HIGH PATCH This Month

D-Tale is a visualizer for Pandas data structures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF D Tale
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-0246 MEDIUM Monitor

A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icewarp
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-22088 CRITICAL POC Act Now

Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Lotos Webserver
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-22087 CRITICAL POC THREAT Act Now

route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 10.8%.

Buffer Overflow RCE Memory Corruption Pico Http Server In C
NVD GitHub
CVSS 3.1
9.8
EPSS
10.8%
CVE-2024-22086 CRITICAL POC Act Now

handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Cherry
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2024-22075 MEDIUM PATCH This Month

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Firefly Iii
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy