Skip to main content
CVE-2022-4940 HIGH POC PATCH THREAT Act Now

The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.

Authentication Bypass WordPress Wcfm Membership
NVD
CVSS 3.1
7.3
EPSS
14.1%
CVE-2023-22660 HIGH POC This Week

A heap-based buffer overflow vulnerability exists in the way Ichitaro version 2022 1.0.1.57600 processes certain LayoutBox stream record types. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Ichitaro 2022
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-22291 HIGH POC This Week

An invalid free vulnerability exists in the Frame stream parser functionality of Ichitaro 2022 1.0.1.57600. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Ichitaro 2022
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-26857 HIGH POC This Week

An arbitrary file upload vulnerability in /admin/ajax.php?action=save_uploads of Dynamic Transaction Queuing System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Dynamic Transaction Queuing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-26856 HIGH POC This Week

Dynamic Transaction Queuing System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/ajax.php?action=login. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dynamic Transaction Queuing System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-4935 HIGH PATCH This Week

The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi WordPress Privilege Escalation Wcfm Marketplace
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-20102 HIGH This Week

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Deserialization Secure Network Analytics Stealthwatch Management Console 2200 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1522 HIGH PATCH This Week

SQL Injection in the Hardware Inventory report of Security Center 5.11.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Security Center
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-29006 HIGH PATCH This Week

The Order GLPI plugin allows users to manage order management within GLPI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Order
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28634 HIGH PATCH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation Authentication Bypass Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28838 HIGH PATCH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-28632 HIGH PATCH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Information Disclosure Glpi
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-20122 HIGH This Week

Multiple vulnerabilities in the restricted shell of Cisco Evolved Programmable Network Manager (EPNM), Cisco Identity Services Engine (ISE), and Cisco Prime Infrastructure could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-1412 HIGH This Week

An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Warp
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-1733 HIGH This Week

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-28342 HIGH This Week

Zoho ManageEngine ADSelfService Plus before 6218 allows anyone to conduct a Denial-of-Service attack via the Mobile App Authentication API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zoho Manageengine Adselfservice Plus
NVD
CVSS 3.1
7.5
EPSS
79.7%
CVE-2023-20051 HIGH This Week

A vulnerability in the Vector Packet Processor (VPP) of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to stop ICMP traffic from being processed over an IPsec. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Packet Data Network Gateway
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-1858 HIGH This Week

A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Earnings And Expense Tracker App
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20117 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Code Injection Rv320 Firmware Rv325 Firmware
NVD
CVSS 3.1
7.2
EPSS
28.3%
CVE-2023-20103 HIGH This Week

A vulnerability in Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code as a root user on an affected device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Secure Network Analytics
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-0670 HIGH This Week

Ulearn version a5a7ca20de859051ea0470542844980a66dfc05d allows an attacker with administrator permissions to obtain remote code execution on the server through the image upload functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Ulearn
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-20128 HIGH This Week

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker to inject and execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Code Injection Rv320 Firmware Rv325 Firmware
NVD
CVSS 3.1
7.2
EPSS
30.4%
CVE-2023-20124 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +3
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-1838 HIGH This Week

A use-after-free flaw was found in vhost_net_set_backend in drivers/vhost/net.c in virtio network subcomponent in the Linux kernel due to a double fget. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy