Skip to main content
CVE-2023-2704 CRITICAL POC PATCH Act Now

The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Bp Social Connect
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-2815 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Jewelry Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Jewelry Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-31707 CRITICAL POC Act Now

SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2806 HIGH POC This Week

A vulnerability classified as problematic was found in Weaver e-cology up to 9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XXE E Cology
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-32679 HIGH POC PATCH This Week

Craft CMS is an open source content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Craft Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.8%
CVE-2023-31756 MEDIUM POC This Month

A command injection vulnerability exists in the administrative web portal in TP-Link Archer VR1600V devices running firmware Versions <= 0.1.0. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Archer Vr1600V Firmware
NVD
CVSS 3.1
6.7
EPSS
1.8%
CVE-2023-2814 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Class Scheduling System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Class Scheduling System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-26818 MEDIUM POC This Month

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLD_INSERT_LIBRARIES flag. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Telegram
NVD VulDB
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-30774 MEDIUM POC This Month

A vulnerability was found in the libtiff library. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libtiff macOS
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-31757 MEDIUM POC This Month

DedeCMS up to v5.7.108 is vulnerable to XSS in sys_info.php via parameters 'edit___cfg_powerby' and 'edit___cfg_beian'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31862 MEDIUM POC This Month

jizhicms v2.4.6 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jizhicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-32675 MEDIUM POC PATCH This Month

Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-1618 HIGH This Week

Active Debug Code vulnerability in Mitsubishi Electric Corporation MELSEC WS Series WS0-GETH00200 Serial number 2310 **** and prior allows a remote unauthenticated attacker to bypass authentication. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Melsec Ws0 Geth00200 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.1%
CVE-2023-20881 HIGH This Week

Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Capi Release Cf Deployment Loggregator Agent
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-33240 HIGH This Week

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30199 HIGH PATCH This Week

Prestashop customexporter <= 1.7.20 is vulnerable to Incorrect Access Control via modules/customexporter/downloads/download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Customexporter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-28045 HIGH PATCH This Week

Dell CloudIQ Collector version 1.10.2 contains a missing encryption of sensitive data vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Dell Cloudiq Collector
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-1996 MEDIUM This Month

A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS 3Dexperience
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28950 MEDIUM PATCH This Month

IBM MQ 8.0, 9.0, 9.1, 9.2, and 9.3 could disclose sensitive user information from a trace file if that functionality has been enabled. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22878 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-30775 MEDIUM This Month

A vulnerability was found in the libtiff library. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-28514 MEDIUM PATCH This Month

IBM MQ 8.0, 9.0, and 9.1 could allow a local user to obtain sensitive credential information when a detailed technical error message is returned in a stack trace. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure IBM Mq
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28529 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28623 LOW PATCH Monitor

Zulip is an open-source team collaboration tool with unique topic-based threading. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Authentication Bypass Zulip
NVD GitHub
CVSS 3.1
3.7
EPSS
0.5%
CVE-2023-32677 LOW PATCH Monitor

Zulip is an open-source team collaboration tool with unique topic-based threading. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Zulip
NVD GitHub
CVSS 3.1
3.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy