Skip to main content
CVE-2023-31433 HIGH POC This Week

A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Evasys
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1196 HIGH POC This Week

The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Advanced Custom Fields
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-31435 HIGH POC This Week

Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Evasys
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-30403 HIGH POC THREAT This Week

An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wireless N Repeater Mini Router Firmware
NVD
CVSS 3.1
7.5
EPSS
13.8%
CVE-2023-1809 HIGH POC This Week

The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress Download Manager
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1669 HIGH POC THREAT This Week

The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Seopress
NVD WPScan
CVSS 3.1
7.2
EPSS
18.5%
CVE-2023-0924 HIGH POC This Week

The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Popup
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-26546 HIGH This Week

European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Iuclid
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-32007 HIGH PATCH This Week

** UNSUPPORTED WHEN ASSIGNED ** The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Command Injection Spark
NVD
CVSS 3.1
8.8
EPSS
75.8%
CVE-2023-21666 HIGH PATCH This Week

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Buffer Overflow Wcn3998 Firmware Qca6390 Firmware Wcn685X 5 Firmware Wcn685X 1 Firmware +161
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21665 HIGH PATCH This Week

Memory corruption in Graphics while importing a file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow 315 5g Iot Modem Firmware 9206 Lte Modem Firmware Apq8017 Firmware Apq8052 Firmware +216
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21642 HIGH This Week

Memory corruption in HAB Memory management due to broad system privileges via physical address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Qam8295p Firmware Qca6574au Firmware Qca6696 Firmware +10
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30861 HIGH PATCH This Week

Flask is a lightweight WSGI web application framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Flask
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-30944 HIGH PATCH This Week

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
7.3
EPSS
1.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy