Skip to main content
CVE-2023-0820 HIGH POC This Week

The User Role by BestWebSoft WordPress plugin before 1.6.7 does not protect against CSRF in requests to update role capabilities, leading to arbitrary privilege escalation of any role. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress CSRF User Role
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-1579 HIGH POC This Week

Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-1124 HIGH POC This Week

The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests, allowing authenticated users with admin privileges to perform LFI attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Wp Easycart
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-28854 HIGH PATCH This Week

nophp is a PHP web framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

PHP Command Injection Nophp
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-0975 HIGH This Week

A vulnerability exists in Trellix Agent for Windows version 5.7.8 and earlier, that allows local users, during install/upgrade workflow, to replace one of the Agent’s executables before it can be. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Agent
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26269 HIGH PATCH This Week

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apache Authentication Bypass James
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-29218 HIGH This Week

The Twitter Recommendation Algorithm through ec83d01 allows attackers to cause a denial of service (reduction of reputation score) by arranging for multiple Twitter accounts to coordinate negative. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Recommendation Algorithm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-28625 HIGH PATCH This Week

mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Apache Mod Auth Openidc
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy