Skip to main content
CVE-2023-2745 MEDIUM POC PATCH THREAT This Month

WordPress Core is vulnerable to Directory Traversal in versions up to, and including, 6.2, via the ‘wp_lang’ parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 79.5%.

XSS WordPress Path Traversal
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
79.5%
Threat
5.0
CVE-2023-31902 CRITICAL POC Emergency

RPA Technology Mobile Mouse 3.6.0.4 is vulnerable to Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mobile Mouse
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
8.7%
CVE-2023-2780 CRITICAL POC PATCH Act Now

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
9.8
EPSS
6.3%
CVE-2023-30191 CRITICAL POC Act Now

PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cdesigner
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2774 CRITICAL POC Act Now

A vulnerability was found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bus Dispatch And Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-31903 CRITICAL POC Act Now

GuppY CMS 6.00.10 is vulnerable to Unrestricted File Upload which allows remote attackers to execute arbitrary code by uploading a php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Guppy
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-31703 CRITICAL POC Act Now

Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub Exploit-DB
CVSS 3.1
9.0
EPSS
4.5%
CVE-2023-2775 HIGH POC This Week

A vulnerability was found in code-projects Bus Dispatch and Information System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bus Dispatch And Information System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-27233 HIGH POC This Week

Piwigo before 13.6.0 was discovered to contain a SQL injection vulnerability via the order[0][dir] parameter at user_list_backend.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Piwigo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2772 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Budget and Expense Tracker System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Budget And Expense Tracker System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2771 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Online Exam System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Exam System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2770 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester Online Exam System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Exam System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2769 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Service Provider Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Service Provider Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-24805 HIGH POC PATCH This Week

cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Apple Command Injection Cups Filters Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2023-31701 HIGH POC This Week

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceRemove. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa4530 Kit Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-31700 HIGH POC This Week

TP-Link TL-WPA4530 KIT V2 (EU)_170406 and V2 (EU)_161115 is vulnerable to Command Injection via _httpRpmPlcDeviceAdd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Wpa4530 Kit Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-31724 HIGH POC This Week

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function do_directive at /nasm/nasm-pp.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yasm
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31722 HIGH POC This Week

There exists a heap buffer overflow in nasm 2.16.02rc1 (GitHub commit: b952891). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Netwide Assembler
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-32767 HIGH POC This Week

The web interface of Symcon IP-Symcon before 6.3 (i.e., before 2023-05-12) allows a remote attacker to read sensitive files via .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ip Symcon
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-2766 HIGH POC THREAT This Week

A vulnerability was found in Weaver OA 9.5 and classified as problematic.ini. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure E Office
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
54.2%
CVE-2023-2765 HIGH POC This Week

A vulnerability has been found in Weaver OA up to 9.5 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP E Office
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-31904 HIGH POC This Week

savysoda Wifi HD Wireless Disk Drive 11 is vulnerable to Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Wifi Hd Wireless Disk Drive
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-31702 HIGH POC This Week

SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft SQLi Escan Management Console
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
4.3%
CVE-2023-2756 HIGH POC PATCH This Week

SQL Injection in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Customer Management Framework
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-25394 HIGH POC This Week

Videostream macOS app 0.5.0 and 0.4.3 has a Race Condition. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure Apple Videostream
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-31847 MEDIUM POC This Month

In davinci 0.3.0-rc after logging in, the user can connect to the mysql malicious server by controlling the data source to read arbitrary files on the client side. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Davinci
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2319 CRITICAL Act Now

It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Pcs Enterprise Linux High Availability Enterprise Linux High Availability Eus
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2776 CRITICAL Act Now

A vulnerability was found in code-projects Simple Photo Gallery 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Simple Photo Gallery
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2731 MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in Libtiff's LZWDecode() function in the libtiff/tif_lzw.c file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31725 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a heap-use-after-free via the function expand_mmac_params at yasm/modules/preprocs/nasm/nasm-pp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31723 MEDIUM POC This Month

yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function expand_mmac_params at /nasm/nasm-pp.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Yasm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2768 MEDIUM POC This Month

A vulnerability was found in Sucms 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sucms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-31698 MEDIUM POC This Month

Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.6%
CVE-2023-2203 HIGH This Week

A flaw was found in the WebKitGTK package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Use After Free RCE Memory Corruption Red Hat +5
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2773 HIGH This Week

A vulnerability has been found in code-projects Bus Dispatch and Information System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Bus Dispatch And Information System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-31699 MEDIUM POC This Month

ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.5%
CVE-2023-30438 HIGH This Week

An internally discovered vulnerability in PowerVM on IBM Power9 and Power10 systems could allow an attacker with privileged user access to a logical partition to perform an undetected violation of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE IBM Powervm Hypervisor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-31208 HIGH This Week

Improper neutralization of livestatus command delimiters in the RestAPI in Checkmk < 2.0.0p36, < 2.1.0p28, and < 2.2.0b8 (beta) allows arbitrary livestatus command execution for authorized users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Checkmk
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0863 HIGH This Week

Improper Authentication vulnerability in ABB Terra AC wallbox (UL40/80A), ABB Terra AC wallbox (UL32A), ABB Terra AC wallbox (CE) (Terra AC MID), ABB Terra AC wallbox (CE) Terra AC Juno CE, ABB Terra. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Abb Authentication Bypass Terra Ac Wallbox Ul40 Firmware Terra Ac Wallbox 80A Firmware Terra Ac Wallbox Ul32A Firmware +5
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-31848 HIGH This Week

davinci 0.3.0-rc is vulnerable to Server-side request forgery (SSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Davinci
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-2706 HIGH PATCH This Week

The OTP Login Woocommerce & Gravity Forms plugin for WordPress is vulnerable to authentication bypass. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

WordPress Authentication Bypass Otp Login Woocommerce Gravity Forms
NVD VulDB
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-2491 HIGH This Week

A flaw was found in the Emacs text editor. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Command Injection Emacs Enterprise Linux Enterprise Linux Eus +2
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-2295 HIGH This Week

A vulnerability was found in the libreswan library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat RCE Denial Of Service Libreswan Enterprise Linux +3
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-1972 MEDIUM PATCH This Month

A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Binutils
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1764 MEDIUM This Month

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ij Network Tool
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-1763 MEDIUM This Month

Canon IJ Network Tool/Ver.4.7.5 and earlier (supported OS: OS X 10.9.5-macOS 13),IJ Network Tool/Ver.4.7.3 and earlier (supported OS: OS X 10.7.5-OS X 10.8) allows an attacker to acquire sensitive. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ij Network Tool
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-29837 MEDIUM This Month

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solution (EUCS) v.1.0 allows a remote attacker to gain privileges via the URL path of the eucsAdmin login web page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Exelysis Unified Communications Solution
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2509 MEDIUM This Month

A Cross-Site Scripting(XSS) vulnerability was found on ADM, LooksGood and SoundsGood Apps. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adm Looksgood Soundsgood
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-31135 MEDIUM PATCH This Month

Dgraph is an open source distributed GraphQL database. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Dgraph
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-2528 MEDIUM This Month

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Contact Form
NVD
CVSS 3.1
5.4
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy