Skip to main content
CVE-2023-2732 CRITICAL POC PATCH THREAT Act Now

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 90.0%.

WordPress Authentication Bypass Mstore Api
NVD VulDB
CVSS 3.1
9.8
EPSS
90.0%
Threat
6.2
CVE-2023-2734 CRITICAL POC PATCH THREAT Act Now

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.3%.

Authentication Bypass WordPress Mstore Api
NVD VulDB
CVSS 3.1
9.8
EPSS
60.3%
Threat
5.3
CVE-2023-2888 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-31594 HIGH POC This Week

IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icip P2012T Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-2900 HIGH POC This Week

A vulnerability was found in NFine Rapid Development Platform 20230511. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nfine Rapid Development Platform
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-33355 HIGH POC This Week

IceCMS v1.0.0 has Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31861 HIGH POC This Week

ZLMediaKit 4.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zlmediakit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-2903 MEDIUM POC This Month

A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nfine Rapid Development Platform
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2902 MEDIUM POC This Month

A vulnerability was found in NFine Rapid Development Platform 20230511. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nfine Rapid Development Platform
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2901 MEDIUM POC This Month

A vulnerability was found in NFine Rapid Development Platform 20230511. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nfine Rapid Development Platform
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2804 MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was discovered in libjpeg-turbo in h2v2_merged_upsample_internal() function of jdmrgext.c file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Libjpeg Turbo
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-25439 MEDIUM POC This Month

Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Fusioninvoice
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
2.2%
CVE-2023-2733 CRITICAL PATCH Act Now

The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Mstore Api
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-2851 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AGT Tech Ceppatron allows Command Line Execution through SQL Injection, SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ceppatron
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2884 CRITICAL Act Now

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.0.3.4 Panel:. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2882 CRITICAL Act Now

Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.0.3.4 Panel: v4.0.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2887 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.0.3.4 Panel: v4.0.3.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cbot Core Cbot Panel
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-32074 CRITICAL PATCH Act Now

user_oidc app is an OpenID Connect user backend for Nextcloud. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud User Oidc
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33280 CRITICAL Act Now

In the Store Commander scquickaccounting module for PrestaShop through 3.7.3, multiple sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Quickaccounting
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-33279 CRITICAL Act Now

In the Store Commander scfixmyprestashop module through 2023-05-09 for PrestaShop, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Scfixmyprestashop
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-33278 CRITICAL Act Now

In the Store Commander scexportcustomers module for PrestaShop through 3.6.1, sensitive SQL calls can be executed with a trivial HTTP request and exploited to forge a blind SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Customers Export
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-33751 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mipjz
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33750 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in mipjz v5.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description parameter at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mipjz
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33356 MEDIUM POC This Month

IceCMS v1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2500 HIGH This Week

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Go Pricing
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2883 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.0.3.4 Panel: v4.0.3.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cbot Core Cbot Panel
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-30484 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enable Accessibility
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2885 HIGH This Week

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).0.3.4 Panel: v4.0.3.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2023-0950 HIGH This Week

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Libreoffice Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-2480 HIGH This Week

Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Files
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27529 HIGH This Week

Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Tablet Driver Installer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32067 HIGH This Week

c-ares is an asynchronous resolver library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Ares Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-33263 HIGH This Week

In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wftpd
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2798 HIGH PATCH This Week

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Htmlunit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26216 HIGH This Week

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ebx Add Ons
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-31147 MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure C Ares Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-26215 MEDIUM This Month

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ebx Add Ons
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22504 MEDIUM This Month

Affected versions of Atlassian Confluence Server allow remote attackers who have read permissions to a page, but not write permissions, to upload attachments via a Broken Access Control vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Atlassian Confluence Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-31130 MEDIUM This Month

c-ares is an asynchronous resolver library. Rated medium severity (CVSS 6.4). No vendor patch available.

Information Disclosure C Ares Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-28370 MEDIUM PATCH This Month

Open redirect vulnerability in Tornado versions 6.3.1 and earlier allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Tornado
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-0459 MEDIUM PATCH This Month

Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the "access_ok" check and pass a kernel pointer to copy_from_user(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-30615 MEDIUM This Month

Iris is a web collaborative platform aiming to help incident responders sharing technical details during investigations. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Authentication Bypass Iris
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32694 MEDIUM PATCH This Month

Saleor Core is a composable, headless commerce API. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Saleor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-2255 MEDIUM This Month

Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external links to be loaded without prompt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Libreoffice Debian Linux
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2023-30851 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-2881 MEDIUM PATCH This Month

Storing Passwords in a Recoverable Format in GitHub repository pimcore/customer-data-framework prior to 3.3.10. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Customer Management Framework
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2022-47177 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Easy Pay WP EasyPay - Square for WordPress plugin <= 4.1 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Easypay
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-2886 MEDIUM This Month

Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.0.3.4 Panel: v4.0.3.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-47165 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in CoSchedule plugin <= 3.3.8 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Coschedule
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2022-47149 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Pretty Links plugin <= 3.4.0 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enable Accessibility
NVD
CVSS 3.1
4.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy