Skip to main content
CVE-2023-26068 CRITICAL POC THREAT Emergency

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD GitHub
CVSS 3.1
9.8
EPSS
11.6%
CVE-2023-27076 CRITICAL POC THREAT Act Now

Command injection vulnerability found in Tenda G103 v.1.0.0.5 allows attacker to execute arbitrary code via a the language parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Tenda G103 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
22.9%
CVE-2023-27650 CRITICAL POC Act Now

An issue found in APUS Group Launcher v.3.10.73 and v.3.10.88 allows a remote attacker to execute arbitrary code via the FONT_FILE parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Launcher
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-1969 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Eyewear Shop 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Eyewear Shop
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1478 CRITICAL POC Act Now

The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page cache files before writing them, leading to a path traversal vulnerability in the page cache module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Hummingbird
NVD WPScan
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-1381 HIGH POC This Week

The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Deserialization Wp Meta Seo
NVD WPScan
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-1406 HIGH POC This Week

The JetEngine WordPress plugin before 3.1.3.1 includes uploaded files without adequately ensuring that they are not executable, leading to a remote code execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload WordPress Jetengine For Elementor
NVD WPScan
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-26860 HIGH POC This Week

SQL injection vulnerability found in PrestaShop Igbudget v.1.0.3 and before allow a remote attacker to gain privileges via the LgBudgetBudgetModuleFrontController::displayAjaxGenerateBudget component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Save Your Carts And Buy Later Or Send It
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28206 HIGH POC KEV THREAT This Week

An out-of-bounds write issue was addressed with improved input validation. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +2
NVD
CVSS 3.1
8.6
EPSS
24.5%
CVE-2023-26067 HIGH POC THREAT This Week

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD GitHub
CVSS 3.1
8.1
EPSS
37.8%
CVE-2023-26986 HIGH POC This Week

An issue in China Mobile OA Mailbox PC v2.9.23 allows remote attackers to execute arbitrary commands on a victim host via user interaction with a crafted EML file sent to their OA mailbox. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oa Mailbox Pc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-26919 HIGH POC This Week

delight-nashorn-sandbox 0.2.4 and 0.2.5 is vulnerable to sandbox escape. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Information Disclosure Nashorn Sandbox
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-1970 HIGH POC This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been found in yuan1994 tpAdmin 1.3.12.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tpadmin
NVD VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-1425 HIGH POC This Week

The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner - Groundhogg WordPress plugin before 2.7.9.4 does not properly sanitise and escape a parameter before using it in a SQL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Groundhogg
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-1426 MEDIUM POC This Month

The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wp Tiles
NVD WPScan
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-1916 MEDIUM POC This Month

A flaw was found in tiffcrop, a program distributed by the libtiff package. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Libtiff
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26773 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Sales Tracker Management System v.1.0 allows a remote attacker to gain privileges via the product list function in the Master.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sales Tracker Management System
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-0983 MEDIUM POC This Month

The stylish-cost-calculator-premium WordPress plugin before 7.9.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Stored Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stylish Cost Calculator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26788 MEDIUM POC This Month

Veritas Appliance v4.1.0.1 is affected by Host Header Injection attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbackup Appliance Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26120 MEDIUM POC This Month

This affects all versions of the package com.xuxueli:xxl-job. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xxl Job
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25392 MEDIUM POC PATCH This Month

Allegro Tech BigFlow <1.6 is vulnerable to Missing SSL Certificate Validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Bigflow
NVD GitHub
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-27178 CRITICAL Act Now

An arbitrary file upload vulnerability in the upload function of GDidees CMS 3.9.1 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gdidees Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-26070 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26069 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26066 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware Mxtpm Firmware +22
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26065 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 have an Integer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Cxtpc Firmware Cstpc Firmware Mxtct Firmware +23
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26064 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Cxtpc Firmware Cstpc Firmware Mxtct Firmware +23
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26063 CRITICAL Act Now

Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Cxtpc Firmware Cstpc Firmware Mxtct Firmware +23
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29375 CRITICAL Act Now

An issue was discovered in Progress Sitefinity 13.3 before 13.3.7647, 14.0 before 14.0.7736, 14.1 before 14.1.7826, 14.2 before 14.2.7930, and 14.3 before 14.3.8025. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft Sitefinity
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29216 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Linkis
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-29215 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in JDBC EengineConn Module will trigger a deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Linkis
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-27603 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal Linkis
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-27602 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, The PublicService module uploads files without restrictions on the path to the uploaded files, and file types. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache File Upload Linkis
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-24721 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in LiveAction LiveSP v21.1.2 allows attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Livesp
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24181 MEDIUM POC PATCH This Month

LuCI openwrt-22.03 branch git-22.361.69894-438c598 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /openvpn/pageswitch.htm. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Luci
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0546 MEDIUM POC This Month

The Contact Form Plugin WordPress plugin before 4.3.25 does not properly sanitize and escape the srcdoc attribute in iframes in it's custom HTML field type, allowing a logged in user with roles as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Contact Form
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0363 MEDIUM POC This Month

The Scheduled Announcements Widget WordPress plugin before 1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Scheduled Announcements Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27987 CRITICAL PATCH Act Now

In Apache Linkis <=1.3.1, due to the default token generated by Linkis Gateway deployment being too simple, it is easy for attackers to obtain the default token for the attack. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Linkis
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-1971 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in yuan1994 tpAdmin 1.3.12. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Tpadmin
NVD VulDB
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-0156 MEDIUM POC THREAT This Month

The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not limit what log files to display in it's settings pages, allowing an authorized user (admin+) to view the contents of arbitrary. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress All In One Security
NVD WPScan
CVSS 3.1
4.9
EPSS
19.9%
CVE-2023-28205 HIGH KEV THREAT This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Apple RCE Memory Corruption +4
NVD
CVSS 3.1
8.8
EPSS
27.1%
CVE-2023-1122 MEDIUM POC This Month

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its Giveaways options, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Giveaways
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1121 MEDIUM POC This Month

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Giveaways
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1120 MEDIUM POC This Month

The Simple Giveaways WordPress plugin before 2.45.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Giveaways
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0893 MEDIUM POC This Month

The Time Sheets WordPress plugin before 1.29.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Time Sheets
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0874 MEDIUM POC This Month

The Klaviyo WordPress plugin before 3.0.10 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Klavio
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0605 MEDIUM POC This Month

The Auto Rename Media On Upload WordPress plugin before 1.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Auto Rename Media On Upload
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0423 MEDIUM POC This Month

The WordPress Amazon S3 Plugin WordPress plugin before 1.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Amazon S3
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0422 MEDIUM POC This Month

The Article Directory WordPress plugin through 1.3 does not properly sanitize the `publish_terms_text` setting before displaying it in the administration panel, which may enable administrators to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Article Directory
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-0157 MEDIUM POC THREAT This Month

The All-In-One Security (AIOS) WordPress plugin before 5.1.5 does not escape the content of log files before outputting it to the plugin admin page, allowing an authorized user (admin+) to plant. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS All In One Security
NVD WPScan
CVSS 3.1
4.8
EPSS
32.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy