Skip to main content
CVE-2023-5091 MEDIUM This Month

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Valhall Gpu Kernel Driver
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-29049 MEDIUM This Month

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Ox App Suite
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-34344 MEDIUM This Month

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite - WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.1.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-51246 MEDIUM This Month

A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Getsimplecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-51508 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.9.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51490 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security - Malware Scanner, Login Security & Firewall.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51408 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel - Gamified Optin Email Marketing Tool for WordPress and WooCommerce.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51406 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup - Fastest WordPress Migration & Duplicator.1.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-29052 MEDIUM This Month

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-41710 MEDIUM This Month

User-defined script code could be stored for a upsell related shop URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-52208 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-2585 MEDIUM PATCH This Month

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. Rated medium severity (CVSS 5.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-51701 MEDIUM PATCH This Month

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Reply From
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-5911 MEDIUM This Month

The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Custom Cursors Wordpress Cursor Plugin
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-1032 MEDIUM This Month

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-52222 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-52216 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.3.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47140 MEDIUM This Month

IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Cics Transaction Gateway
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2022-40696 LOW Monitor

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).1.1 through 6.0.2. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Advanced Custom Fields
NVD
CVSS 3.1
3.7
EPSS
0.5%
CVE-2024-21647 MEDIUM PATCH This Month

Puma is a web server for Ruby/Rack applications built for parallelism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Puma
NVD GitHub
CVSS 3.1
5.9
EPSS
2.5%
CVE-2024-0322 CRITICAL POC PATCH Act Now

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
9.1
EPSS
0.1%
CVE-2024-0321 CRITICAL POC PATCH Act Now

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-0308 MEDIUM This Month

A vulnerability was found in Inis up to 2.0.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Inis
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0307 HIGH POC This Month

A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dynamic Lab Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-0306 HIGH POC This Month

A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dynamic Lab Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-0304 MEDIUM This Month

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Youke 365
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0303 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Youke 365
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-22216 CRITICAL This Week

In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur,. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Maxview Storage Manager
NVD
CVSS 3.1
10.0
EPSS
0.4%
CVE-2024-0302 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Iparking
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0301 MEDIUM POC This Month

A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Iparking
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0300 MEDIUM POC This Month

A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S150 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.9%
CVE-2024-0299 HIGH POC This Month

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N200re Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
2.1%
CVE-2024-0298 HIGH POC This Month

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N200re Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
2.1%
CVE-2024-0297 HIGH POC This Month

A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical.cgi. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N200re Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.9%
CVE-2024-0296 HIGH POC This Month

A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N200re Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
2.1%
CVE-2024-0295 HIGH POC This Month

Elevation of privilege in Samsung Galaxy Watch4 via nearby BLE connection. Allows unauthorized access to watch data.

Command Injection Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
2.1%
CVE-2024-0294 HIGH POC This Month

A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
2.1%
CVE-2024-0293 MEDIUM POC This Month

A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
2.7%
CVE-2024-0292 MEDIUM POC This Month

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.5%
CVE-2024-0291 MEDIUM POC This Month

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.5%
CVE-2024-0290 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0.php. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Food Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0289 MEDIUM POC This Month

A vulnerability classified as critical was found in Kashipara Food Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Food Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0288 MEDIUM POC This Month

A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Food Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy