Skip to main content
CVE-2024-0305 MEDIUM POC THREAT This Month

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.7%.

PHP Information Disclosure Ncast
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
93.7%
Threat
5.4
CVE-2022-45354 MEDIUM POC THREAT This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.7.60. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.6%.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
87.6%
Threat
5.2
CVE-2024-21645 MEDIUM POC PATCH THREAT This Month

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.3%.

Python Code Injection Pyload
NVD GitHub
CVSS 3.1
5.3
EPSS
71.3%
Threat
4.7
CVE-2022-2588 MEDIUM POC PATCH THREAT This Month

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Rated medium severity (CVSS 5.3). Public exploit code available and EPSS exploitation probability 59.4%.

Linux Memory Corruption Use After Free Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
5.3
EPSS
59.4%
Threat
4.3
CVE-2022-2586 MEDIUM POC KEV PATCH THREAT Act Now

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Rated medium severity (CVSS 5.3). Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption Use After Free Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
2.3%
Threat
4.1
CVE-2023-6139 MEDIUM POC This Month

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Denial Of Service Essential Real Estate
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-52271 MEDIUM POC This Month

The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antifraud
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-6627 MEDIUM POC This Month

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Google Wp Go Maps
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-6555 MEDIUM POC This Month

The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Email Subscription Popup
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6161 MEDIUM POC This Month

The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Crowdfunding
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-6141 MEDIUM POC This Month

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Essential Real Estate
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-21745 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.3.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-21744 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-52198 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50948 MEDIUM This Month

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Storage Fusion Hci
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-36352 MEDIUM This Month

Missing Authorization vulnerability in Profilegrid ProfileGrid - User Profiles, Memberships, Groups and Communities.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-6529 MEDIUM This Month

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress CSRF Wp Vr
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6552 MEDIUM PATCH This Month

Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Tasmoadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-27739 MEDIUM This Month

easyXDM 2.5 allows XSS via the xdm_e parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easyxdm
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-52197 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-52203 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2022-2602 MEDIUM POC This Month

io_uring UAF, Unix SCM garbage collection. Rated medium severity (CVSS 5.3). No vendor patch available.

Memory Corruption Use After Free Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2023-5091 MEDIUM This Month

Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU processing operations to gain access to already freed memory. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Use After Free Denial Of Service Valhall Gpu Kernel Driver
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-29049 MEDIUM This Month

The "upsell" widget at the portal page could be abused to inject arbitrary script code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS RCE Ox App Suite
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2022-34344 MEDIUM This Month

Missing Authorization vulnerability in Rymera Web Co Wholesale Suite - WooCommerce Wholesale Prices, B2B, Catalog Mode, Order Form, Wholesale User Roles, Dynamic Pricing & More.1.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-51246 MEDIUM This Month

A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS PHP Getsimplecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-51508 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jordy Meow Database Cleaner: Clean, Optimize & Repair.9.8. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51490 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security - Malware Scanner, Login Security & Firewall.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51408 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in StudioWombat WP Optin Wheel - Gamified Optin Email Marketing Tool for WordPress and WooCommerce.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-51406 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ninja Team FastDup - Fastest WordPress Migration & Duplicator.1.7. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-29052 MEDIUM This Month

Users were able to define disclaimer texts for an upsell shop dialog that would contain script code that was not sanitized correctly. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-41710 MEDIUM This Month

User-defined script code could be stored for a upsell related shop URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-52208 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.4.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-2585 MEDIUM PATCH This Month

It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. Rated medium severity (CVSS 5.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-51701 MEDIUM PATCH This Month

fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Authentication Bypass Reply From
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-5911 MEDIUM This Month

The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Wp Custom Cursors Wordpress Cursor Plugin
NVD WPScan
CVSS 3.1
4.8
EPSS
0.2%
CVE-2023-1032 MEDIUM This Month

The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. Rated medium severity (CVSS 4.7). No vendor patch available.

Linux Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2023-52222 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.2.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-52216 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.3.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47140 MEDIUM This Month

IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required. No vendor patch available.

IBM Information Disclosure Cics Transaction Gateway
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-21647 MEDIUM PATCH This Month

Puma is a web server for Ruby/Rack applications built for parallelism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This HTTP Request/Response Smuggling vulnerability could allow attackers to manipulate HTTP request interpretation between frontend and backend servers.

Request Smuggling Information Disclosure Puma
NVD GitHub
CVSS 3.1
5.9
EPSS
2.5%
CVE-2024-0308 MEDIUM This Month

A vulnerability was found in Inis up to 2.0.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Inis
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0304 MEDIUM This Month

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Youke 365
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0303 MEDIUM This Month

A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Youke 365
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0302 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Iparking
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2024-0301 MEDIUM POC This Month

A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Iparking
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0300 MEDIUM POC This Month

A vulnerability was found in Byzoro Smart S150 Management Platform up to 20240101. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S150 Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.9%
CVE-2024-0293 MEDIUM POC This Month

A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
2.7%
CVE-2024-0292 MEDIUM POC This Month

A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.5%
CVE-2024-0291 MEDIUM POC This Month

A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr1200Gb Firmware
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
1.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy