Skip to main content
CVE-2023-31742 HIGH POC THREAT Act Now

There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Command Injection Linksys Wrt54Gl Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
10.6%
CVE-2023-31923 HIGH POC This Week

Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Biostar 2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-29838 HIGH POC This Week

Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Allwaysync
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27067 HIGH POC This Week

Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Experience Platform
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-2839 HIGH POC PATCH This Week

Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2832 HIGH POC PATCH This Week

SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Bumsys
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-2505 HIGH This Week

The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF A300 Firmware Mini Firmware 4K Quad Firmware Studio R3 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32350 HIGH This Week

Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rut200 Firmware Rut240 Firmware Rut241 Firmware Rut300 Firmware +14
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-32349 HIGH This Week

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rut200 Firmware Rut240 Firmware Rut241 Firmware Rut300 Firmware +14
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-2588 HIGH This Week

Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Remote Management System
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-25448 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist - Custom Archive Templates plugin <= 1.7.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Archivist
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25447 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Colorway
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23797 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Auto Youtube Importer
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23813 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF My Calendar
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23712 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF User Meta Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23680 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Topbar
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22714 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Coming Soon
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22709 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Srs Simple Hits Counter
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22692 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Name Directory
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22688 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Tabs Slides
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33235 HIGH PATCH This Week

MXsecurity version 1.0 is vulnearble to command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Command Injection Mxsecurity
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-2587 HIGH This Week

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE XSS Remote Management System
NVD
CVSS 3.1
8.3
EPSS
0.9%
CVE-2023-25537 HIGH This Week

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation RCE Memory Corruption Dell +30
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31193 HIGH This Week

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28649 HIGH This Week

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31103 HIGH PATCH This Week

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-31064 HIGH PATCH This Week

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31454 HIGH PATCH This Week

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31453 HIGH PATCH This Week

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31206 HIGH PATCH This Week

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31058 HIGH PATCH This Week

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-28709 HIGH PATCH This Week

The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Denial Of Service Debian Linux 7 Mode Transition Tool
NVD
CVSS 3.1
7.5
EPSS
51.5%
CVE-2023-33297 HIGH PATCH This Week

Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Bitcoin Core
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-25183 HIGH This Week

In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
7.2
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy