Skip to main content
CVE-2023-22741 CRITICAL POC PATCH Act Now

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Sofia Sip
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-0126 HIGH POC THREAT This Week

Pre-authentication path traversal vulnerability in SMA1000 firmware version 12.4.2, which allows an unauthenticated attacker to access arbitrary files and directories stored outside the web root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Sma1000 Firmware
NVD
CVSS 3.1
7.5
EPSS
72.7%
CVE-2023-0398 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Modoboa
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0397 MEDIUM POC This Month

A malicious / defect bluetooth controller can cause a Denial of Service due to unchecked input in le_read_buffer_size_complete. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22745 MEDIUM POC PATCH This Month

tpm2-tss is an open source software implementation of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2 Software Stack (TSS2). Rated medium severity (CVSS 6.4). Public exploit code available.

Buffer Overflow RCE Tpm2 Software Stack
NVD GitHub
CVSS 3.1
6.4
EPSS
0.5%
CVE-2023-0402 MEDIUM POC PATCH This Month

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Social Warfare
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0403 MEDIUM POC This Month

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Social Warfare
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0406 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Modoboa
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-23690 HIGH This Week

Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Cloud Mobility For Dell Emc Storage
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-0404 MEDIUM PATCH This Month

The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Events Made Easy
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy