Skip to main content
CVE-2023-46952 MEDIUM POC This Month

Cross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Abo Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2024-0647 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simplemde
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2024-22714 MEDIUM POC This Month

Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Stupid Simple Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2024-22414 MEDIUM POC This Month

flaskBlog is a simple blog app built with Flask. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Python Flaskblog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-36418 MEDIUM This Month

Missing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hreflang Tags Lite
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2022-40203 MEDIUM This Month

Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.1.5. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Advanced Dynamic Pricing For Woocommerce
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-0641 MEDIUM PATCH This Month

A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-0639 MEDIUM PATCH This Month

A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-42884 MEDIUM This Month

Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.2.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wip Custom Login
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-41786 MEDIUM This Month

Missing Authorization vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Job Portal
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-23896 MEDIUM This Month

Missing Authorization vulnerability in MyThemeShop URL Shortener by MyThemeShop.0.17. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Url Shortener
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-41695 MEDIUM This Month

Missing Authorization vulnerability in SedLex Traffic Manager.4.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Traffic Manager
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-41619 MEDIUM This Month

Missing Authorization vulnerability in SedLex Image Zoom.8.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Image Zoom
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2022-40702 MEDIUM This Month

Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.5.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Advanced Local Pickup For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2023-34379 MEDIUM This Month

Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.0.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Adobe WordPress Magento To Woocommerce Migration
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2024-20270 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Broadworks Xtended Services Platform Broadworks Application Delivery Platform
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-20251 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Identity Services Engine
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-41790 MEDIUM This Month

Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.1.76. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wp Time Slots Booking Form
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-38141 MEDIUM This Month

Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Sales Report Email For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-23882 MEDIUM This Month

Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder - Lite.5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ultimate Addons For Beaver Builder
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy