Skip to main content
CVE-2023-0084 HIGH POC PATCH THREAT Act Now

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via text areas on forms in versions up to, and including, 3.1.2 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.4%.

WordPress XSS Metform Elementor Contact Form Builder Elementor
NVD Exploit-DB VulDB
CVSS 3.1
7.2
EPSS
58.4%
Threat
4.7
CVE-2023-26475 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
64.5%
CVE-2023-26474 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-26472 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-26471 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-26478 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-26476 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26470 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-1101 HIGH This Week

SonicOS SSLVPN improper restriction of excessive MFA attempts vulnerability allows an authenticated attacker to use excessive MFA codes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonicos
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22381 HIGH This Week

A code injection vulnerability was identified in GitHub Enterprise Server that allowed setting arbitrary environment variables from a single environment variable value in GitHub Actions when using a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Microsoft Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-25363 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::updateDescendantDependentFlags in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25362 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::repaintBlockSelectionGaps in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25361 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::setNextSibling in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25360 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::renderer in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25358 HIGH This Week

A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Webkitgtk Fedora
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-0228 HIGH This Week

Improper Authentication vulnerability in ABB Symphony Plus S+ Operations.X through 2.1 SP2, 2.2, from 3.X through 3.3 SP1, 3.3 SP2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Symphony Plus S Operations
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1118 HIGH PATCH This Week

A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0656 HIGH POC THREAT This Week

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Denial Of Service Sonicos
NVD
CVSS 3.1
7.5
EPSS
41.3%
CVE-2023-0053 HIGH This Week

SAUTER Controls Nova 200-220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior have only FTP and Telnet available for device management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nova 220 Eyk220F001 Firmware Nova 230 Eyk230F001 Firmware Nova 106 Eyk300F001 Firmware Modunet300 Ey Am300F001 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy