Skip to main content
CVE-2023-2845 HIGH POC PATCH This Week

Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cloudexplorer Lite
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-31747 HIGH POC This Week

Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filmora
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-31826 HIGH POC This Week

Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nevado Jms
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31741 HIGH POC This Week

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E2000 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.7%
CVE-2023-31740 HIGH POC This Week

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E2000 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.7%
CVE-2023-23299 HIGH POC This Week

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Connect Iq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31670 HIGH POC This Week

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Binary Toolkit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-33617 HIGH POC This Week

An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fiberlink 210 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
5.2%
CVE-2023-2702 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Competition Management System
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-1837 HIGH This Week

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.0 (with enabled Legacy APIs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hypr Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25474 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF About Me 3000 Widget
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26014 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin <= 2.1.7 vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Minify Html
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26011 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Read More Excerpt Link
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25056 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Feed Them Social
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23713 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Theme Tweaker
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23705 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Books Gallery
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25707 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Vikbooking Hotel Booking Engine Pms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25481 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Podlove Subscribe Button
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25472 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Podcast Publisher plugin <= 3.8.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Podlove Podcast Publisher
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23724 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Email Capture
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23706 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin <= 7.5.14 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF WordPress Wordpress Social Login And Register Discord Google Twitter Linkedin
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28394 HIGH This Week

Beekeeper Studio versions prior to 3.9.9 allows a remote authenticated attacker to execute arbitrary JavaScript code with the privilege of the application on the PC where the affected product is. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Beekeeper Studio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-27521 HIGH This Week

OS command injection vulnerability in the mail setting page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows remote authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-27518 HIGH This Week

Buffer overflow vulnerability in the multiple setting pages of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-27514 HIGH This Week

OS command injection vulnerability in the download page of SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10 and SV-CPT-MC310F versions prior to Ver.8.10 allows a remote authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-27387 HIGH This Week

Cross-site request forgery (CSRF) in T&D Corporation and ESPEC MIC CORP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tr 71W Firmware Tr 72W Firmware Rtr 5W Firmware Wdr 7 Firmware +6
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25946 HIGH This Week

Authentication bypass vulnerability in Qrio Lock (Q-SL2) firmware version 2.0.9 and earlier allows a network-adjacent attacker to analyze the product's communication data and conduct an arbitrary. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Q Sl2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-31996 HIGH This Week

Hanwha IP Camera ANE-L7012R 1.41.01 is vulnerable to Command Injection due to improper sanitization of special characters for the NAS storage test function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ane L6012R Firmware Ane L7012R Firmware Ano L6012R Firmware Ano L6022R Firmware +114
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-23693 HIGH This Week

Dell VxRail, versions prior to 7.0.450, contains an OS command injection Vulnerability in DCManager command-line utility. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Vxrail Hyperconverged Infrastructure
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-30440 HIGH This Week

IBM PowerVM Hypervisor FW860.00 through FW860.B3, FW950.00 through FW950.70, FW1010.00 through FW1010.50, FW1020.00 through FW1020.30, and FW1030.00 through FW1030.10 could allow a local attacker. Rated high severity (CVSS 7.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service IBM Powervm Hypervisor
NVD
CVSS 3.1
7.9
EPSS
0.2%
CVE-2023-23694 HIGH This Week

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Vxrail Hyperconverged Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-31517 HIGH This Week

A memory leak in the component CConsole::Chain of Teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via opening a crafted file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Teeworlds
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2703 HIGH This Week

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Competition Management System
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-31726 HIGH This Week

AList 3.15.1 is vulnerable to Incorrect Access Control, which can be exploited by attackers to obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alist
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-30382 HIGH This Week

A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Half Life
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-28392 HIGH This Week

Wi-Fi AP UNIT AC-PD-WAPU v1.05_B04 and earlier, AC-PD-WAPUM v1.05_B04 and earlier, AC-PD-WAPU-P v1.05_B04P and earlier, AC-PD-WAPUM-P v1.05_B04P and earlier, AC-WAPU-300 v1.00_B07 and earlier,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ac Wapu 300 Firmware Ac Wapu 300 P Firmware Ac Wapum 300 Firmware Ac Wapum 300 P Firmware
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-27512 HIGH This Week

Use of hard-coded credentials exists in SolarView Compact SV-CPT-MC310 versions prior to Ver.8.10, and SV-CPT-MC310F versions prior to Ver.8.10, which may allow a remote authenticated attacker to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Sv Cpt Mc310F Firmware Sv Cpt Mc310 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy