Skip to main content
CVE-2024-21641 MEDIUM POC PATCH THREAT This Month

Flarum is open source discussion platform software. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.8%.

Open Redirect Flarum
NVD GitHub
CVSS 3.1
6.5
EPSS
32.8%
CVE-2023-39294 MEDIUM This Month

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qnap Qts Quts Hero
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2023-52125 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly iframe allows Stored XSS.8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52124 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ShapedPlugin LLC WP Tabs - Responsive Tabs Plugin for WordPress allows Stored XSS.2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-52178 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP WP Affiliate Disclosure allows Stored XSS.2.7. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-41289 MEDIUM This Month

An OS command injection vulnerability has been reported to affect QcalAgent. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qcalagent
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-52129 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Michael Winkler teachPress.0.4. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2023-52323 MEDIUM PATCH This Month

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pycryptodome Pycryptodomex
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-34328 MEDIUM PATCH This Month

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Information Disclosure Xen
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-34327 MEDIUM PATCH This Month

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Information Disclosure Xen
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-46835 MEDIUM PATCH This Month

The current setup of the quarantine page tables assumes that the quarantine domain (dom_io) has been initialized with an address width of DEFAULT_DOMAIN_ADDRESS_WIDTH (48) and hence 4 page table. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Buffer Overflow Amd Memory Corruption Xen
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-34323 MEDIUM PATCH This Month

When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Xen
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-47559 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS Qumagie
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-51539 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Apollo13 Framework Extensions.9.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52121 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in NitroPack Inc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51673 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Designful Stylish Price List - Price Table Builder & QR Code Restaurant Menu.0.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52149 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Floating Button.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52120 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Basix NEX-Forms - Ultimate Form Builder - Contact forms and much more.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-52126 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Suman Bhattarai Send Users Email.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-52151 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Uncanny Automator, Uncanny Owl Uncanny Automator - Automate everything with the #1 no-code automation and integration. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-52148 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.9.30. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-52146 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Aaron J 404 Solution.33.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-34324 MEDIUM PATCH This Month

Closing of an event channel in the Linux kernel can result in a deadlock. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Linux Denial Of Service Linux Kernel Xen
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2023-46836 MEDIUM PATCH This Month

The fixes for XSA-422 (Branch Type Confusion) and XSA-434 (Speculative Return Stack Overflow) are not IRQ-safe. Rated medium severity (CVSS 4.7).

Buffer Overflow Xen
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-41287 MEDIUM This Month

A SQL injection vulnerability has been reported to affect Video Station. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Video Station
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52119 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Icegram Icegram Engage - WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building.1.18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52128 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WhiteWP White Label - WordPress Custom Admin, Custom Login Page, and Custom Dashboard.9.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52123 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.1.10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51538 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Awesome Support Team Awesome Support - WordPress HelpDesk & Support Plugin.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52122 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in PressTigers Simple Job Board.10.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51668 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Inline Image Upload for BBPress.1.18. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52145 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Republish Old Posts.21. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52136 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Smash Balloon Custom Twitter Feeds - A Tweets Widget or X Feed Widget.1.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52130 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager.9.31. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52127 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WPClever WPC Product Bundles for WooCommerce.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52184 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51678 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Doofinder Doofinder WP & WooCommerce Search.0.33. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-6493 MEDIUM PATCH This Month

The Depicter Slider - Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51535 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in СleanTalk - Anti-Spam Protection Spam protection, Anti-Spam, FireWall by CleanTalk.20. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0246 MEDIUM Monitor

A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icewarp
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-22075 MEDIUM PATCH This Month

Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Firefly Iii
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy