Skip to main content
CVE-2023-1143 HIGH This Week

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could use Lua scripts, which could allow an attacker to remotely execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1141 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a command injection vulnerability that could allow an attacker to inject arbitrary commands, which could result in remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-1139 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-gateway service, which could allow deserialization of requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-1137 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain a vulnerability in which a low-level user could extract files and plaintext credentials of administrator users, resulting in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-1134 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a path traversal vulnerability, which could allow an attacker to read local files, disclose plaintext credentials,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-24837 HIGH This Week

HGiga PowerStation remote management function has insufficient filtering for user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Powerstation Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0326 MEDIUM POC This Month

An issue has been discovered in GitLab DAST API scanner affecting all versions starting from 1.6.50 before 2.11.0, where Authorization headers was leaked in vulnerability report evidence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gitlab Dynamic Application Security Testing Analyzer
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-1089 MEDIUM POC This Month

The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Coupon Zen
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-1088 MEDIUM POC This Month

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Plugin Manager
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-1087 MEDIUM POC This Month

The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wc Sales Notification
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-1086 MEDIUM POC This Month

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Preview Link Generator
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0505 MEDIUM POC This Month

The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ever Compare
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0504 MEDIUM POC This Month

The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ht Politic
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0503 MEDIUM POC This Month

The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Free Woocommerce Theme 99Fy Extension
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0499 MEDIUM POC This Month

The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Quickswish
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0498 MEDIUM POC This Month

The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Education
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0497 MEDIUM POC This Month

The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ht Portfolio
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0496 MEDIUM POC This Month

The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ht Event
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0495 MEDIUM POC This Month

The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Ht Slider For Elementor
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0484 MEDIUM POC This Month

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Contact Form 7 Widget For Elementor Page Builder Gutenberg Blocks
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-0467 MEDIUM POC This Month

The WP Dark Mode WordPress plugin before 4.0.8 does not properly sanitize the style parameter in shortcodes before using it to load a PHP template. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress PHP Wp Dark Mode
NVD WPScan
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-25817 HIGH PATCH This Week

Nextcloud server is an open source, personal cloud implementation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-25017 HIGH This Week

RIFARTEK IOT Wall has a vulnerability of incorrect authorization. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Iot Wall
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-26547 HIGH This Week

The InputMethod module has a vulnerability of serialization/deserialization mismatch. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28596 HIGH This Week

Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meetings
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25908 HIGH PATCH This Week

Adobe Photoshop versions 23.5.3 (and earlier) and 24.1.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-25874 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25873 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25872 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25871 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25870 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25869 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25868 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25867 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25866 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25865 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25864 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25863 HIGH PATCH This Week

Adobe Substance 3D Stager versions 2.0.0 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Substance 3d Stager
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1078 HIGH PATCH This Week

A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0494 HIGH PATCH This Week

A vulnerability was found in X.Org. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption X Server Fedora +16
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-1654 HIGH PATCH This Week

Denial of Service in GitHub repository gpac/gpac prior to 2.4.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1145 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 are affected by a deserialization vulnerability targeting the Device-DataCollect service, which could allow deserialization of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Deserialization Infrasuite Device Master
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1135 HIGH This Week

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an attacker could set incorrect directory permissions, which could result in local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Infrasuite Device Master
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26549 HIGH This Week

The SystemUI module has a vulnerability of repeated app restart due to improper parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-26548 HIGH This Week

The pgmng module has a vulnerability in serialization/deserialization. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-20860 HIGH PATCH This Week

Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Authentication Bypass Spring Framework
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2023-28597 HIGH This Week

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

RCE Rooms Zoom Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-22247 HIGH PATCH This Week

Adobe Commerce versions 2.4.4-p2 (and earlier) and 2.4.5-p1 (and earlier) are affected by an XML Injection vulnerability that could lead to arbitrary file system read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Code Injection Commerce Magento Open Source
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-1138 HIGH This Week

Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1136 HIGH This Week

In Delta Electronics InfraSuite Device Master versions prior to 1.0.5, an unauthenticated attacker could generate a valid token, which would lead to authentication bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
0.7%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy