Skip to main content
CVE-2023-26119 CRITICAL POC PATCH Act Now

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution (RCE) via XSTL, when browsing the attacker’s webpage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Htmlunit
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-0820 HIGH POC This Week

The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress CSRF User Role
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-1579 HIGH POC This Week

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-1124 HIGH POC This Week

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Wp Easycart
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-1330 MEDIUM POC This Month

The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Redirection
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1377 MEDIUM POC This Month

The Solidres WordPress plugin through 0.9.4 does not sanitise and escape numerous parameter before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Solidres
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26112 MEDIUM POC PATCH This Month

All versions of the package configobj are vulnerable to Regular Expression Denial of Service (ReDoS) via the validate function, using (.+?)\((.*)\). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Configobj
NVD GitHub
CVSS 3.1
5.9
EPSS
1.3%
CVE-2023-1765 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akbim Computer Panon allows SQL Injection.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Panon
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-28850 MEDIUM POC PATCH This Month

Pimcore Perspective Editor provides an editor for Pimcore that allows users to add/remove/edit custom views and perspectives. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Authentication Bypass Perspective Editor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0399 MEDIUM POC This Month

The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Image Over Image For Wpbakery Page Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28854 HIGH PATCH This Week

nophp is a PHP web framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

PHP Command Injection Nophp
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-28834 MEDIUM POC PATCH This Month

Nextcloud Server is an open source personal cloud server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-0975 HIGH This Week

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26269 HIGH PATCH This Week

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apache Authentication Bypass James
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-29218 HIGH This Week

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recommendation Algorithm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-28625 HIGH PATCH This Week

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Apache Mod Auth Openidc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-0614 MEDIUM This Month

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0977 MEDIUM This Month

A heap-based overflow vulnerability in Trellix Agent (Windows and Linux) version 5.7.8 and earlier, allows a remote user to alter the page heap in the macmnsvc process memory block resulting in the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Microsoft Agent
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1611 MEDIUM PATCH This Month

A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea. Rated medium severity (CVSS 6.3). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Fedora +1
NVD GitHub
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-1766 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Akbim Computer Panon allows Reflected XSS.0.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Panon
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-0922 MEDIUM This Month

The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-24724 MEDIUM This Month

A stored cross site scripting (XSS) vulnerability was discovered in the user management module of the SAS 9.4 Admin Console, due to insufficient validation and sanitization of data input into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Web Administration Interface
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28851 MEDIUM PATCH This Month

Silverstripe Form Capture provides a method to capture simple silverstripe forms and an admin interface for users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Silverstripe Form Capture
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28836 MEDIUM PATCH This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Wagtail
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-26916 MEDIUM This Month

libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libyang Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-28837 MEDIUM PATCH This Month

Wagtail is an open source content management system built on Django. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Wagtail
NVD GitHub
CVSS 3.1
4.9
EPSS
1.1%
CVE-2023-26529 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Dupeoff
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0225 MEDIUM This Month

A flaw was found in Samba. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Samba
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy