Skip to main content
CVE-2022-45725 HIGH POC This Week

Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cf Wr610N Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
8.8%
CVE-2023-25240 HIGH POC PATCH This Week

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25719 HIGH POC This Week

ConnectWise Control before 22.9.10032 (formerly known as ScreenConnect) fails to validate user-supplied parameters such as the Bin/ConnectWiseControl.Client.exe h parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Control
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-0263 HIGH POC This Week

The WP Yelp Review Slider WordPress plugin before 7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Yelp Review Slider
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0262 HIGH POC This Week

The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Airbnb Review Slider
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0261 HIGH POC This Week

The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Tripadvisor Review Slider
NVD WPScan
CVSS 3.1
8.8
EPSS
4.4%
CVE-2023-0260 HIGH POC This Week

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Review Slider
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0259 HIGH POC This Week

The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google SQLi WordPress Wp Google Review Slider
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0255 HIGH POC This Week

The Enable Media Replace WordPress plugin before 4.0.2 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Enable Media Replace
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-0220 HIGH POC This Week

The Pinpoint Booking System WordPress plugin before 2.9.9.2.9 does not validate and escape one of its shortcode attributes before using it in a SQL statement, which could allow any authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Pinpoint Booking System
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0098 HIGH POC This Week

The Simple URLs WordPress plugin before 115 does not escape some parameters before using them in various SQL statements used by AJAX actions available by any authenticated users, leading to a SQL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Simple Urls
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0080 HIGH POC This Week

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Customer Reviews For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-0819 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to v2.3.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-0817 HIGH POC PATCH This Week

Buffer Over-read in GitHub repository gpac/gpac prior to v2.3.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-24647 HIGH POC This Week

Food Ordering System v2.0 was discovered to contain a SQL injection vulnerability via the email parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-0159 HIGH POC THREAT This Week

The Extensive VC Addons for WPBakery page builder WordPress plugin before 1.9.1 does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress PHP Extensive Vc Addons For Wpbakery Page Builder
NVD WPScan Exploit-DB
CVSS 3.1
7.5
EPSS
55.7%
CVE-2023-22360 HIGH PATCH This Week

Use-after free vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process even when an error was detected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Information Disclosure Memory Corruption Screen Creator Advance 2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22353 HIGH PATCH This Week

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing control management information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Screen Creator Advance 2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22350 HIGH PATCH This Week

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing parts management information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Screen Creator Advance 2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22349 HIGH PATCH This Week

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing screen management information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Screen Creator Advance 2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22347 HIGH PATCH This Week

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing file structure information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Screen Creator Advance 2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22346 HIGH PATCH This Week

Out-of-bound read vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier because the end of data cannot be verified when processing template information. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Screen Creator Advance 2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22345 HIGH PATCH This Week

Out-of-bound write vulnerability exists in Screen Creator Advance 2 Ver.0.1.1.4 Build01 and earlier due to lack of error handling process when out of specification errors are detected. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Information Disclosure Screen Creator Advance 2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0518 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-22854 HIGH This Week

The ccmweb component of Mitel MiContact Center Business server 9.2.2.0 through 9.4.1.0 could allow an unauthenticated attacker to download arbitrary files, due to insufficient restriction of URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Micontact Center Business
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22362 HIGH This Week

SUSHIRO App for Android outputs sensitive information to the log file, which may result in an attacker obtaining a credential information from the log file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Hong Kong Sushiro Singapore Sushiro Sushiro +2
NVD
CVSS 3.1
7.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy