Skip to main content
CVE-2023-0512 HIGH POC PATCH This Week

Divide By Zero in GitHub repository vim/vim prior to 9.0.1247. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-0266 HIGH POC KEV PATCH THREAT This Week

A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. Rated high severity (CVSS 7.0). Public exploit code available.

Use After Free Denial Of Service Linux Memory Corruption Debian Linux +1
NVD GitHub
CVSS 3.1
7.0
EPSS
3.7%
CVE-2022-23334 CRITICAL Act Now

The Robot application in Ip-label Newtest before v8.5R0 was discovered to use weak signature checks on executed binaries, allowing attackers to have write access and escalate privileges via replacing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Newtest
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-23582 CRITICAL Act Now

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior are vulnerable to a heap-based buffer overflow, which could allow an attacker to execute arbitrary code or crash the device remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow Wattbox Wb 300 Ip 3 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24020 CRITICAL Act Now

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior could bypass the brute force protection, allowing multiple attempts to force a login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wattbox Wb 300 Ip 3 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-24612 CRITICAL PATCH Act Now

The PdfBook extension through 2.0.5 before b07b6a64 for MediaWiki allows command injection via an option. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Pdfbook
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-0097 MEDIUM POC This Month

The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smart Post Show
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0074 MEDIUM POC This Month

The WP Social Widget WordPress plugin before 2.2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Social Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0071 MEDIUM POC This Month

The WP Tabs WordPress plugin before 2.1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Tabs
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0033 MEDIUM POC This Month

The PDF Viewer WordPress plugin before 1.0.0 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pdf Viewer
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24622 MEDIUM POC PATCH This Month

isInList in the safeurl-python package before 1.2 for Python has an insufficiently restrictive regular expression for external domains, leading to SSRF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Python Safeurl Python
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-0474 HIGH This Week

Use after free in GuestView in Google Chrome prior to 109.0.5414.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a Chrome web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-0473 HIGH This Week

Type Confusion in ServiceWorker API in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0472 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0471 HIGH This Week

Use after free in WebTransport in Google Chrome prior to 109.0.5414.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22315 HIGH This Week

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network (LAN) protocol that does not verify updates to the device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Wattbox Wb 300 Ip 3 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-0240 HIGH PATCH This Week

There is a logic error in io_uring's implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-24830 HIGH PATCH This Week

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.13.0 before 0.13.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Iotdb
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-24623 HIGH PATCH This Week

Paranoidhttp before 0.3.0 allows SSRF because [::] is equivalent to the 127.0.0.1 address, but does not match the filter for private addresses. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Paranoidhttp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22389 MEDIUM This Month

Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior store passwords in a plaintext file when the device configuration is exported via Save/Restore->Backup Settings, which could be read by any. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wattbox Wb 300 Ip 3 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-22332 MEDIUM This Month

Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Pgpool Ii
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22324 MEDIUM PATCH This Month

SQL injection vulnerability in the CONPROSYS HMI System (CHS) Ver.3.5.0 and earlier allows a remote authenticated attacker to execute an arbitrary SQL command. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

SQLi Conprosys Hmi System
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-22333 MEDIUM This Month

Cross-site scripting vulnerability in EasyMail 2.00.130 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easymail
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22322 MEDIUM This Month

Improper restriction of XML external entity reference (XXE) vulnerability exists in OMRON CX-Motion Pro 1.4.6.013 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Cx Motion Pro
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-0581 MEDIUM This Month

The PrivateContent plugin for WordPress is vulnerable to protection mechanism bypass due to the use of client side validation in versions up to, and including, 8.4.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privatecontent
NVD VulDB
CVSS 3.1
5.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy