Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

CVE-2023-46069

The CVE refers to a Stored Cross-Site Scripting (XSS) vulnerability in the Osmansorkar Ajax Archive Calendar WordPress plugin, affecting versions

CVE-2023-45768 WordPress Next Page Plugin <= 1.5.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Stephanie Leary Next Page plugin = 1.5.2 versions...

CVE-2023-45767

CVE-2023-45767 represents a Stored XSS vulnerability in the WordPress plugin Simple Tweet, versioned

CVE-2023-45764

CVE-2023-45764 is a stored XSS vulnerability in the Gopi Ramasamy Scroll post excerpt plugin for WordPress, affecting versions 8.0. No exploitation details are provided in the documents. Monitor for a vendor patch and apply the upgrade when available.

CVE-2023-45758 WordPress Amministrazione Trasparente Plugin <= 8.0.2 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Marco Milesi Amministrazione Trasparente plugin = 8.0.2 versions...

CVE-2023-25032

CVE-2023-25032 applies to the WordPress plugin Print, PDF, Email by PrintFriendly (versions &lt;= 5.5.1). The vulnerability is a Stored XSS that requires admin+ authentication to exploit. Root cause: input handling in the PrintFriendly feature allows injected script to be stored and later rendere...

CVE-2023-45755 WordPress BuddyPress Global Search Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in BuddyBoss BuddyPress Global Search plugin = 1.2.1 versions...

CVE-2023-45755

CVE-2023-45755 : Authenticated (admin+) Stored Cross-Site Scripting in the WordPress plugin “BuddyBoss BuddyPress Global Search” up to version 1.2.1. Public records (NVD/Red Hat/Patchstack) describe the vulnerability as an XSS flaw in the BuddyPress Global Search feature, triggered by authenticat...

CVE-2023-45754

CVE-2023-45754 : A stored Cross-Site Scripting (XSS) flaw in the WordPress plugin “Easy Testimonial Slider and Form” (versions ≤ 1.0.18). The root cause is improper input neutralization during web page generation, enabling an attacker (with administrator privileges per PatchStack/Wordfence contex...

CVE-2023-45640

CVE-2023-45640 describes a stored XSS vulnerability in the WordPress plugin WP ULike (TechnoWich) – Most Advanced WordPress Marketing Toolkit, affecting versions up to 4.6.8. The issue is exploitable by authenticated users with contributor or higher permissions and results in stored cross-site sc...

hass-auth-synology (>=0.0.0 <=0.4.28), homeassistant-cli (=0.2.0) +4 more potentially affected by CVE-2023-41893 via homeassistant (>=0.83.3 <=2023.8.4)

homeassistant PYPI version =0.83.3, =0.0.0, =2021.4.0, =0.4.11, =1.2.0, =0.3.0, =0.13.85 Source cves: CVE-2023-41893 Source advisory: OSV:PYSEC-2023-214...

CVE-2023-41893 Account takeover via auth_callback login in Home Assistant Core

Home assistant is an open source home automation. The audit team’s analyses confirmed that the redirecturi and clientid are alterable when logging in. Consequently, the code parameter utilized to fetch the accesstoken post-authentication will be sent to the URL specified in the aforementioned...

SUSE SLES15: libnss_slurm2 / libpmi0 / libslurm36 / perl-slurm / slurm / etc (SUSE-SU-2023:4114-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4114-1 advisory. - CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. bsc1216207 Tenable ha...

PT-2023-30299 · Nats +1 · Nats Nats-Server +1

Name of the Vulnerable Software and Affected Versions: NATS nats-server versions 2.2.0 through 2.9.22 NATS nats-server versions 2.10.0 through 2.10.1 Description: The issue is related to an authentication bypass in NATS nats-server. An implicit $G user in an authorization block can sometimes be...

Home Assistant Information Disclosure Vulnerability

Home Assistant is an open source home automation management system. The system is primarily used to control home automation devices. An information disclosure vulnerability exists in Home Assistant versions prior to 2023.9.0, which stems from a vulnerability that allows an attacker to log in and...

SUSE SLES12: libnss_slurm2_20_02 / libpmi0_20_02 / libslurm35 / perl-slurm_20_02 / etc (SUSE-SU-2023:4119-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2023:4119-1 advisory. - CVE-2023-41914: Fixed a filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file. bsc1216207...

SUSE SLES15: libnss_slurm2 / libpmi0 / libslurm35 / perl-slurm / slurm / etc (SUSE-SU-2023:4116-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2023:4116-1 advisory. - CVE-2023-41914: Fixed several filesystem handling race conditions that could lead to an attacker taking control of an arbitrary file bsc1216207...

CVE-2023-45628

CVE-2023-45628 corresponds to a Stored XSS in the QROkes QR Twitter Widget WordPress plugin (

CVE-2023-45067

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Ashish Ajani WordPress Simple HTML Sitemap plugin = 2.1 versions...