Skip to main content
CVE-2023-2823 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Class Scheduling System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Class Scheduling System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2824 MEDIUM POC This Month

A vulnerability was found in SourceCodester Dental Clinic Appointment Reservation System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dental Clinic Appointment Reservation System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2822 MEDIUM POC This Month

A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ethos Identity
NVD VulDB
CVSS 3.1
6.1
EPSS
3.3%
CVE-2023-2712 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Command Injection Rental Module
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-2276 CRITICAL PATCH Act Now

The WCFM Membership - WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass WordPress Wcfm Membership
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-2713 CRITICAL Act Now

Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.05.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rental Module
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-32589 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dyslexiefont Free
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24414 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.11 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Robogallery
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23890 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Airbnb Review Slider
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33244 HIGH This Week

Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Obsidian
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-32700 HIGH PATCH This Week

LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Luatex Miktex Tex Live
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-2736 HIGH This Week

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress CSRF Groundhogg
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-1696 HIGH This Week

The multimedia video module has a vulnerability in data processing.Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1694 HIGH This Week

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1693 HIGH This Week

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-1692 HIGH This Week

The window management module lacks permission verification.Successful exploitation of this vulnerability may affect confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2716 MEDIUM This Month

The Groundhogg plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'ajax_upload_file' function in versions up to, and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Groundhogg
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2717 MEDIUM This Month

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Groundhogg
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-2735 MEDIUM This Month

The Groundhogg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gh_form' shortcode in versions up to, and including, 2.7.9.8 due to insufficient input sanitization and. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress Groundhogg
NVD
CVSS 3.1
4.9
EPSS
0.2%
CVE-2023-22689 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Lucian Apostol Auto Affiliate Links plugin <= 6.3 versions. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Auto Affiliate Links
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2023-2715 MEDIUM This Month

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_ticket' function in versions up to, and including, 2.7.9.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Groundhogg
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2714 MEDIUM This Month

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'check_license' functions in versions up to, and including, 2.7.9.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Groundhogg
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy