Skip to main content
CVE-2022-31474 HIGH POC THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.5.8.0 through 8.7.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.3%.

Path Traversal Backupbuddy
NVD
CVSS 3.1
7.5
EPSS
92.3%
Threat
5.8
CVE-2023-27052 CRITICAL POC Act Now

E-Commerce System v1.0 ws discovered to contain a SQL injection vulnerability via the id parameter at /admin/delete_user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Moosikay
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25207 CRITICAL POC Act Now

PrestaShop dpdfrance <6.1.3 is vulnerable to SQL Injection via dpdfrance/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dpd France
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25279 CRITICAL POC THREAT Act Now

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
32.0%
CVE-2023-1378 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Friendly Island Pizza Website And Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0037 CRITICAL POC Act Now

The 10Web Map Builder for Google Maps WordPress plugin before 1.0.73 does not properly sanitise and escape some parameters before using them in an SQL statement via an AJAX action available to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google SQLi WordPress Map Builder For Google Maps
NVD WPScan
CVSS 3.1
9.8
EPSS
3.9%
CVE-2023-27063 CRITICAL POC Act Now

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the DNSDomainName parameter in the formModifyDnsForward function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27061 CRITICAL POC Act Now

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the wifiFilterListRemark parameter in the modifyWifiFilterRules function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-1368 CRITICAL POC Act Now

A vulnerability was found in XHCMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Xhcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27581 HIGH POC PATCH This Week

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Github Slug Action
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-0477 HIGH POC This Week

The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Auto Featured Image
NVD WPScan
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-27010 HIGH POC This Week

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dr Fone
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-1372 HIGH POC This Week

The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as wh_homepage, wh_text_short, wh_text_full and in versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wh Testimonials
NVD VulDB
CVSS 3.1
7.2
EPSS
2.8%
CVE-2023-25803 HIGH POC This Week

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Path Traversal Nginx Roxy Wi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-25802 HIGH POC PATCH This Week

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal Nginx Roxy Wi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27065 HIGH POC This Week

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-27064 HIGH POC This Week

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-27062 HIGH POC This Week

Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-25283 HIGH POC This Week

A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Denial Of Service Dir 820L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-1365 HIGH POC This Week

A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1364 HIGH POC This Week

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1366 HIGH POC This Week

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Yoga Class Registration System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-27587 MEDIUM POC PATCH This Month

ReadtoMyShoe, a web app that lets users upload articles and listen to them later, generates an error message containing sensitive information prior to commit 8533b01. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Google Readtomyshoe
NVD GitHub
CVSS 3.1
6.5
EPSS
3.9%
CVE-2023-0772 MEDIUM POC This Month

The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the campaign to be loaded via some shortcodes is actually a campaign, allowing any authenticated users such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Optinmonster
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-0749 MEDIUM POC This Month

The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Ocean Extra
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1361 MEDIUM POC PATCH This Month

SQL Injection in GitHub repository unilogies/bumsys prior to v2.0.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Bumsys
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27093 MEDIUM POC This Month

Cross Site Scripting vulnerability found in My-Blog allows attackers to cause a denial of service via the Post function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XSS My Blog
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1362 MEDIUM POC PATCH This Month

Improper Restriction of Rendered UI Layers or Frames in GitHub repository unilogies/bumsys prior to v2.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Bumsys
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-27582 CRITICAL PATCH Act Now

maddy is a composable, all-in-one mail server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Maddy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27583 CRITICAL PATCH Act Now

PanIndex is a network disk directory index. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Panindex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0353 CRITICAL Act Now

Akuvox E11 uses a weak encryption algorithm for stored passwords and uses a hard-coded password for decryption which could allow the encrypted passwords to be decrypted from the configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-0345 CRITICAL Act Now

The Akuvox E11 secure shell (SSH) server is enabled by default and can be accessed by the root user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26076 CRITICAL Act Now

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos 1280 Firmware Exynos 2200 Firmware Exynos Modem 5123 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26073 CRITICAL Act Now

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 850 Firmware Exynos 980 Firmware +7
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24762 CRITICAL Act Now

OS Command injection vulnerability in D-Link DIR-867 DIR_867_FW1.30B07 allows attackers to execute arbitrary commands via a crafted LocalIPAddress parameter for the SetVirtualServerSettings to HNAP1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Command Injection Dir 867 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-26074 CRITICAL Act Now

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 850 Firmware Exynos 980 Firmware +7
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-26072 CRITICAL Act Now

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 850 Firmware Exynos 980 Firmware +7
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24033 CRITICAL Act Now

The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service Exynos Modem 5300 Firmware Exynos Modem 5123 Firmware Exynos 980 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
34.5%
CVE-2023-28154 CRITICAL PATCH Act Now

Webpack 5 before 5.76.0 does not avoid cross-realm object access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Webpack
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-0538 MEDIUM POC This Month

The Campaign URL Builder WordPress plugin before 1.8.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Campaign Url Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0219 MEDIUM POC This Month

The FluentSMTP WordPress plugin before 2.2.3 does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks (XSS) when an administrator views the email logs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fluentsmtp
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0172 MEDIUM POC This Month

The Juicer WordPress plugin before 1.11 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Juicer
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0073 MEDIUM POC This Month

The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Client Logo Carousel
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0066 MEDIUM POC This Month

The Companion Sitemap Generator WordPress plugin through 4.5.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Companion Sitemap Generator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1363 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Computer Parts Sales And Inventory System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0354 CRITICAL Act Now

The Akuvox E11 web server can be accessed without any user authentication, and this could allow an attacker to access sensitive information, as well as create and download packet captures with known. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-0352 CRITICAL Act Now

The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-0349 CRITICAL Act Now

The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image and video. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-0351 HIGH This Week

The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection E11 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-25170 HIGH PATCH This Week

PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Prestashop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy