Skip to main content
CVE-2023-23333 CRITICAL POC THREAT Emergency

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Solarview Compact Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
99.3%
CVE-2023-0669 HIGH POC KEV PATCH THREAT Act Now

Fortra (formerly, HelpSystems) GoAnywhere MFT suffers from a pre-authentication command injection vulnerability in the License Response Servlet due to deserializing an arbitrary attacker-controlled. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Deserialization Goanywhere Managed File Transfer
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
100.0%
CVE-2023-24276 CRITICAL POC Act Now

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the country parameter at setting/delStaticDhcpRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24202 CRITICAL POC Act Now

Raffle Draw System v1.0 was discovered to contain a local file inclusion vulnerability via the page parameter in index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Raffle Draw System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24201 CRITICAL POC Act Now

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at get_ticket.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Raffle Draw System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24200 CRITICAL POC Act Now

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at save_ticket.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Raffle Draw System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24199 CRITICAL POC Act Now

Raffle Draw System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at delete_ticket.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Raffle Draw System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24198 CRITICAL POC Act Now

Raffle Draw System v1.0 was discovered to contain multiple SQL injection vulnerabilities at save_winner.php via the ticket_id and draw parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Raffle Draw System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0234 HIGH POC THREAT This Week

The SiteGround Security WordPress plugin before 1.3.1 does not properly sanitize user input before using it in an SQL query, leading to an authenticated SQL injection issue. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Siteground Security
NVD GitHub WPScan
CVSS 3.1
8.8
EPSS
18.0%
CVE-2023-24195 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-24197 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-24194 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the page parameter in navbar.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-24192 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-24191 MEDIUM POC This Month

Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-0236 MEDIUM POC This Month

The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tutor Lms
NVD WPScan
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-0686 CRITICAL Act Now

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Eyewear Shop
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-0687 CRITICAL PATCH Act Now

A vulnerability was found in GNU C Library 2.38. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Glibc
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-48085 MEDIUM POC This Month

Softr v2.0 was discovered to contain a HTML injection vulnerability via the Work Space Name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Softr
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2933 MEDIUM POC This Month

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF 0Mk Shortener
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0282 MEDIUM POC This Month

The YourChannel WordPress plugin before 1.2.2 does not sanitize and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yourchannel
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0252 MEDIUM POC This Month

The Contextual Related Posts WordPress plugin before 3.3.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contextual Related Posts
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0178 MEDIUM POC This Month

The Annual Archive WordPress plugin before 1.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Annual Archive
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0176 MEDIUM POC This Month

The Giveaways and Contests by RafflePress WordPress plugin before 1.11.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Giveaways And Contests By Rafflepress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0174 MEDIUM POC This Month

The WP VR WordPress plugin before 8.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Vr
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0173 MEDIUM POC This Month

The Drag & Drop Sales Funnel Builder for WordPress plugin before 2.6.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Drag Drop Sales Funnel Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0171 MEDIUM POC This Month

The jQuery T(-) Countdown Widget WordPress plugin before 2.3.24 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jquery T Countdown Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0170 MEDIUM POC This Month

The Html5 Audio Player WordPress plugin before 2.1.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Html5 Audio Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0154 MEDIUM POC This Month

The GamiPress WordPress plugin before 1.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gamipress
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0153 MEDIUM POC This Month

The Vimeo Video Autoplay Automute WordPress plugin through 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Vimeo Video Autoplay Automute
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0150 MEDIUM POC This Month

The Cloak Front End Email WordPress plugin before 1.9.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cloak Front End Email
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0149 MEDIUM POC This Month

The WordPrezi WordPress plugin before 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordprezi
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0148 MEDIUM POC This Month

The Gallery Factory Lite WordPress plugin through 2.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gallery Factory Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0147 MEDIUM POC This Month

The Flexible Captcha WordPress plugin through 4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Flexible Captcha
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0146 MEDIUM POC This Month

The Naver Map WordPress plugin through 1.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Naver Map
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0144 MEDIUM POC This Month

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Event Manager And Tickets Selling For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0143 MEDIUM POC This Month

The Send PDF for Contact Form 7 WordPress plugin before 0.9.9.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Send Pdf For Contact Form 7
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0096 MEDIUM POC This Month

The Happyforms WordPress plugin before 1.22.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Happyforms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0095 MEDIUM POC This Month

The Page View Count WordPress plugin before 2.6.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Page View Count
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0082 MEDIUM POC This Month

The ExactMetrics WordPress plugin before 7.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Exactmetrics
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0081 MEDIUM POC This Month

The MonsterInsights WordPress plugin before 8.12.1 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Monsterinsights
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0072 MEDIUM POC This Month

The WC Vendors Marketplace WordPress plugin before 2.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wc Vendors Marketplace
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0070 MEDIUM POC This Month

The ResponsiveVoice Text To Speech WordPress plugin before 1.7.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsivevoice Text To Speech
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0062 MEDIUM POC This Month

The EAN for WooCommerce WordPress plugin before 4.4.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ean For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-23943 MEDIUM POC PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-0679 HIGH This Week

A vulnerability was found in SourceCodester Canteen Management System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP SQLi Canteen Management System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-25016 HIGH This Week

Couchbase Server before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2 exposes Sensitive Information to an Unauthorized Actor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Couchbase Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-45589 HIGH This Week

All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Esb Runtime
NVD VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-20619 MEDIUM This Month

In vcu, there is a possible memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20618 MEDIUM This Month

In vcu, there is a possible memory corruption due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20616 MEDIUM This Month

In ion, there is a possible out of bounds read due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy