Skip to main content
CVE-2023-1133 CRITICAL POC THREAT Emergency

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which the Device-status service listens on port 10100/ UDP by default. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Infrasuite Device Master
NVD GitHub
CVSS 3.1
9.8
EPSS
50.0%
CVE-2023-1665 CRITICAL POC PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Twake
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1666 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automatic Question Paper Generator System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27847 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaShop xipblog v.2.0.1 and before allow a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xipblog
NVD GitHub
CVSS 3.1
9.8
EPSS
4.7%
CVE-2023-28102 CRITICAL POC PATCH Act Now

discordrb is an implementation of the Discord API using Ruby. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Discordrb
NVD GitHub
CVSS 3.1
9.6
EPSS
2.5%
CVE-2023-26493 HIGH POC PATCH This Week

Cocos Engine is an open-source framework for building 2D & 3D real-time rendering and interactive content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Cocos Engine
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-28627 HIGH POC PATCH This Week

pymedusa is an automatic video library manager for TV Shows. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Medusa
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0955 HIGH POC This Week

The WP Statistics WordPress plugin before 14.0 does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Statistics
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1647 HIGH POC PATCH This Week

Improper Access Control in GitHub repository calcom/cal.com prior to 2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cal Com
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28430 HIGH POC PATCH This Week

OneSignal is an email, sms, push notification, and in-app message service for mobile apps.The Zapier.yml workflow is triggered on issues (types: [closed]) (i.e., when an Issue is closed). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection React Native Onesignal
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-0441 HIGH POC This Week

The Gallery Blocks with Lightbox WordPress plugin before 3.0.8 has an AJAX endpoint that can be accessed by any authenticated users, such as subscriber. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Simply Gallery Blocks With Lightbox
NVD WPScan
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-0179 HIGH POC This Week

A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Privilege Escalation Linux Integer Overflow RCE +13
NVD
CVSS 3.1
7.8
EPSS
1.9%
CVE-2023-1655 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.4.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-24094 HIGH POC This Week

An issue in the bridge2 component of MikroTik RouterOS v6.40.5 allows attackers to cause a Denial of Service (DoS) via crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Memory Corruption Buffer Overflow Routeros
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-0210 HIGH POC PATCH THREAT This Week

A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Linux Heap Overflow Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
71.7%
CVE-2023-24366 MEDIUM POC This Month

An arbitrary file download vulnerability in rConfig v6.8.0 allows attackers to download sensitive files via a crafted HTTP request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rconfig
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-25661 MEDIUM POC PATCH This Month

TensorFlow is an Open Source Machine Learning Framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Tensorflow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1093 MEDIUM POC This Month

The OAuth Single Sign On WordPress plugin before 6.24.2 does not have CSRF checks when discarding Identify providers (IdP), which could allow attackers to make logged in admins delete all IdP via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Oauth Single Sign On
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1092 MEDIUM POC This Month

The OAuth Single Sign On Free WordPress plugin before 6.24.2, OAuth Single Sign On Standard WordPress plugin before 28.4.9, OAuth Single Sign On Premium WordPress plugin before 38.4.9 and OAuth. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Oauth Single Sign On
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-0816 MEDIUM POC This Month

The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Formidable Form Builder
NVD WPScan
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-0502 MEDIUM POC This Month

The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp News
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0501 MEDIUM POC This Month

The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Insurance
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0500 MEDIUM POC This Month

The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Film Studio
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-0336 MEDIUM POC This Month

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ooohboi Steroids For Elementor
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-0335 MEDIUM POC This Month

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Shamsi
NVD WPScan
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-27096 MEDIUM POC This Month

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hippo4J
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25261 CRITICAL Act Now

Certain Stimulsoft GmbH products are affected by: Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Designer Viewer
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-28628 MEDIUM POC PATCH This Month

lambdaisland/uri is a pure Clojure/ClojureScript URI library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Uri
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27245 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in File Management Project 1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field under the Edit. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS File Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27241 MEDIUM POC This Month

SourceCodester Water Billing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the lastname text box under the Add Client module. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Water Billing System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1399 CRITICAL Act Now

N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization N6854A Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1142 CRITICAL Act Now

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use URL decoding to retrieve system files, credentials, and bypass authentication resulting in privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-1140 CRITICAL Act Now

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability that could allow an attacker to achieve unauthenticated remote code execution in the context of an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-26959 CRITICAL Act Now

Phpgurukul Park Ticketing Management System 1.0 is vulnerable to SQL Injection via the User Name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Park Ticketing Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25909 CRITICAL Act Now

HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Oaklouds Portal
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24838 CRITICAL Act Now

HGiga PowerStation has a vulnerability of Information Leakage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Powerstation Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-28883 CRITICAL PATCH Act Now

In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Cerebrate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-25263 MEDIUM POC This Month

In Stimulsoft Designer (Desktop) 2023.1.5, and 2023.1.4, once an attacker decompiles the Stimulsoft.report.dll the attacker is able to decrypt any connectionstring stored in .mrt files since a static. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Designer
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26924 MEDIUM POC This Month

LLVM a0dab4950 has a segmentation fault in mlir::outlineSingleBlockRegion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Llvm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1069 MEDIUM POC PATCH This Month

The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Complianz
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0823 MEDIUM POC This Month

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.4.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cookie Notice Compliance For Gdpr Ccpa
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0660 MEDIUM POC This Month

The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smart Slider 3
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0589 MEDIUM POC This Month

The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Image Carousel
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0491 MEDIUM POC This Month

The Schedulicity WordPress plugin through 2.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Schedulicity
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0395 MEDIUM POC This Month

The menu shortcode WordPress plugin through 1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Menu Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0272 MEDIUM POC This Month

The NEX-Forms WordPress plugin before 8.3.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Nex Forms
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1400 MEDIUM POC This Month

The Modern Events Calendar Lite WordPress plugin before 6.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Modern Events Calendar Lite
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1025 MEDIUM POC This Month

The Simple File List WordPress plugin before 6.0.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple File List
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27296 HIGH PATCH This Week

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Deserialization Inlong
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-1144 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contains an improper access control vulnerability in which an attacker can use the Device-Gateway service and bypass authorization,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy