Skip to main content
CVE-2022-4940 HIGH POC PATCH THREAT Act Now

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.

Authentication Bypass WordPress Wcfm Membership
NVD
CVSS 3.1
7.3
EPSS
14.1%
CVE-2023-24720 CRITICAL POC Act Now

An arbitrary file upload vulnerability in readium-js v0.32.0 allows attackers to execute arbitrary code via uploading a crafted EPUB file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Readium Js
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-1886 CRITICAL POC PATCH Act Now

Authentication Bypass by Capture-replay in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1877 CRITICAL POC PATCH Act Now

Command Injection in GitHub repository microweber/microweber prior to 1.3.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Microweber
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-20073 CRITICAL POC THREAT Act Now

A vulnerability in the web-based management interface of Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to upload arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cisco Rv340 Firmware Rv340W Firmware Rv345 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
88.9%
CVE-2023-25330 CRITICAL POC PATCH Act Now

A SQL injection vulnerability in Mybatis plus below 3.5.3.1 allows remote attackers to execute arbitrary SQL commands via the tenant ID valuer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mybatis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1856 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Air Cargo Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1854 CRITICAL POC Act Now

A vulnerability, which was classified as problematic, was found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Online Graduate Tracer System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1850 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Payroll System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1849 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Payroll System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1848 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Payroll System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1847 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Payroll System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1846 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Payroll System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1845 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Payroll System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Payroll System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29374 CRITICAL POC PATCH THREAT Act Now

In LangChain through 0.0.131, the LLMMathChain chain allows prompt injection attacks that can execute arbitrary code via the Python exec method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
39.7%
CVE-2023-22660 HIGH POC This Week

A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Ichitaro 2022
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-22291 HIGH POC This Week

An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ichitaro 2022
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-4939 CRITICAL PATCH Act Now

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including 2.10.0, due to a missing capability check on the wp_ajax_nopriv_wcfm_ajax_controller. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Privilege Escalation Wcfm Membership
NVD VulDB
CVSS 3.1
9.8
EPSS
7.3%
CVE-2023-26857 HIGH POC This Week

An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Dynamic Transaction Queuing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-26856 HIGH POC This Week

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dynamic Transaction Queuing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-29389 MEDIUM POC This Month

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Rav4 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.7%
CVE-2023-0967 MEDIUM POC This Month

Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Bhima
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0959 MEDIUM POC This Month

Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation CSRF Bhima
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-1880 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-1857 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1853 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Payroll System 1.0.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Payroll System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1852 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Payroll System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Payroll System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1851 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Online Payroll System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Payroll System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1708 CRITICAL Act Now

An issue was identified in GitLab CE/EE affecting all versions from 1.0 prior to 15.8.5, 15.9 prior to 15.9.4, and 15.10 prior to 15.10.1 where non-printable characters gets copied from clipboard,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Command Injection
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-1782 CRITICAL PATCH Act Now

HashiCorp Nomad and Nomad Enterprise versions 1.5.0 up to 1.5.2 allow unauthenticated users to bypass intended ACL authorizations for clusters where mTLS is not enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Nomad
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1788 CRITICAL PATCH Act Now

Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii prior to 6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Firefly Iii
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-1885 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1883 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1882 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1881 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1879 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1878 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1758 MEDIUM POC PATCH This Month

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1757 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1756 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0842 MEDIUM POC PATCH This Month

xml2js version 0.4.23 allows an external attacker to edit or add new properties to an object. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Xml2Js
NVD GitHub
CVSS 3.1
5.3
EPSS
1.4%
CVE-2022-4935 HIGH PATCH This Week

The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi WordPress Privilege Escalation Wcfm Marketplace
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-20102 HIGH This Week

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Deserialization Secure Network Analytics Stealthwatch Management Console 2200 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1522 HIGH PATCH This Week

SQL Injection in the Hardware Inventory report of Security Center 5.11.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Security Center
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-29006 HIGH PATCH This Week

The Order GLPI plugin allows users to manage order management within GLPI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Order
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28634 HIGH PATCH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0944 MEDIUM POC This Month

Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bhima
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-1887 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-28838 HIGH PATCH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-28632 HIGH PATCH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Information Disclosure Glpi
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy