Skip to main content
CVE-2023-25194 HIGH POC PATCH THREAT Act Now

A possible security vulnerability has been identified in Apache Kafka Connect API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Apache Deserialization Kafka Connect
NVD
CVSS 3.1
8.8
EPSS
95.3%
CVE-2023-24813 CRITICAL POC PATCH Act Now

Dompdf is an HTML to PDF converter written in php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization Dompdf
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-22643 HIGH POC This Week

An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in libzypp-plugin-appdata of SUSE Linux Enterprise Server for SAP 15-SP3; openSUSE Leap. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SAP Command Injection Libzypp Plugin Appdata
NVD
CVSS 3.1
7.8
EPSS
2.4%
CVE-2021-37491 HIGH POC PATCH This Week

An issue discovered in src/wallet/wallet.cpp in Dogecoin Project Dogecoin Core 1.14.3 and earlier allows attackers to view sensitive information via CWallet::CreateTransaction() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dogecoin
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2021-37492 HIGH POC This Week

An issue discovered in src/wallet/wallet.cpp in Ravencoin Core 4.3.2.1 and earlier allows attackers to view sensitive information via CWallet::CreateTransactionAll() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ravencoin
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-24827 HIGH POC PATCH This Week

syft is a a CLI tool and Go library for generating a Software Bill of Materials (SBOM) from container images and filesystems. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Syft
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0735 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.5.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Wallabag
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-23931 MEDIUM POC PATCH This Month

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Information Disclosure Cryptography
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-24808 MEDIUM POC PATCH This Month

PDFio is a C library for reading and writing PDF files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Pdfio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-23026 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Simple Sales Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23011 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in InvoicePlane 1.6 via filter_product input to file modal_product_lookups.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Invoiceplane
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-24814 MEDIUM POC PATCH This Month

TYPO3 is a free and open source Content Management Framework released under the GNU General Public License. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache XSS Nginx Typo3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-0707 CRITICAL Act Now

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Medical Certificate Generator App
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-0736 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository wallabag/wallabag prior to 2.5.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Wallabag
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0703 HIGH This Week

Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0702 HIGH This Week

Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0701 HIGH This Week

Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0699 HIGH This Week

Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0698 HIGH This Week

Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0696 HIGH This Week

Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0706 HIGH This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Medical Certificate Generator App 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Medical Certificate Generator App
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23696 HIGH PATCH This Week

Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Intel Authentication Bypass Command Intel Vpro Out Of Band
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-0705 HIGH This Week

Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Integer Overflow Buffer Overflow Google Chrome
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-0704 MEDIUM This Month

Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-0700 MEDIUM This Month

Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0697 MEDIUM This Month

Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Chrome
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0731 MEDIUM PATCH This Month

The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the action content parameter in versions up to, and including, 1.5.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Interactive Geo Maps
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-0732 MEDIUM This Month

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Online Eyewear Shop
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0719 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0712 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0713 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-0730 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0727 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0723 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0728 MEDIUM This Month

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wicked Folders
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-22735 MEDIUM PATCH This Month

Zulip is an open-source team collaboration tool. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zulip Server
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy