Skip to main content
CVE-2022-31474 HIGH POC THREAT Act Now

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in iThemes BackupBuddy allows Path Traversal.5.8.0 through 8.7.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.3%.

Path Traversal Backupbuddy
NVD
CVSS 3.1
7.5
EPSS
92.3%
Threat
5.8
CVE-2023-27581 HIGH POC PATCH This Week

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Github Slug Action
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-0477 HIGH POC This Week

The Auto Featured Image (Auto Post Thumbnail) WordPress plugin before 3.9.16 includes an AJAX endpoint that allows any user with at least Author privileges to upload arbitrary files, such as PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Auto Featured Image
NVD WPScan
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-27010 HIGH POC This Week

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dr Fone
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-1372 HIGH POC This Week

The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as wh_homepage, wh_text_short, wh_text_full and in versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wh Testimonials
NVD VulDB
CVSS 3.1
7.2
EPSS
2.8%
CVE-2023-25803 HIGH POC This Week

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Path Traversal Nginx Roxy Wi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-25802 HIGH POC PATCH This Week

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Path Traversal Nginx Roxy Wi
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27065 HIGH POC This Week

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-27064 HIGH POC This Week

Tenda V15V1.0 V15.11.0.14(1521_3190_1058) was discovered to contain a buffer overflow vulnerability via the index parameter in the formDelDnsForward function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-27062 HIGH POC This Week

Tenda V15V1.0 was discovered to contain a buffer overflow vulnerability via the gotoUrl parameter in the formPortalAuth function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda W15e Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-25283 HIGH POC This Week

A stack overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the reserveDHCP_HostName_1.1.1.0 parameter to lan.asp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Denial Of Service Dir 820L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-1365 HIGH POC This Week

A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1364 HIGH POC This Week

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1366 HIGH POC This Week

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Yoga Class Registration System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-0351 HIGH This Week

The Akuvox E11 web server backend library allows command injection in the device phone-book contacts functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection E11 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-25170 HIGH PATCH This Week

PrestaShop is an open source e-commerce web application that, prior to version 8.0.1, is vulnerable to cross-site request forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Prestashop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25973 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3.0.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Auto Affiliate Links
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25991 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in RegistrationMagic plugin <= 5.1.9.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Registrationmagic
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0628 HIGH This Week

Docker Desktop before 4.17.0 allows an attacker to execute an arbitrary command inside a Dev Environments container during initialization by tricking a user to open a crafted malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Docker Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0348 HIGH This Week

Akuvox E11 allows direct SIP calls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0346 HIGH This Week

Akuvox E11 cloud login is performed through an unencrypted HTTP connection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0355 HIGH This Week

Akuvox E11 uses a hard-coded cryptographic key, which could allow an attacker to decrypt sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2022-38074 HIGH This Week

SQL Injection vulnerability in VeronaLabs WP Statistics plugin <= 13.2.10 versions. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Statistics
NVD
CVSS 3.1
7.1
EPSS
1.0%
CVE-2023-0888 HIGH This Week

An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Code Injection Battery Pack Sp With Wifi Firmware
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-0629 HIGH This Week

Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Docker Docker Desktop
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy