Skip to main content
CVE-2023-2888 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in PHPOK 6.4.100. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Phpok
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-31594 HIGH POC This Week

IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via an exposed HTTP channel using VLC network. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icip P2012T Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-2900 HIGH POC This Week

A vulnerability was found in NFine Rapid Development Platform 20230511. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Nfine Rapid Development Platform
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-33355 HIGH POC This Week

IceCMS v1.0.0 has Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icecms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31861 HIGH POC This Week

ZLMediaKit 4.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Zlmediakit
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-2500 HIGH This Week

The Go Pricing - WordPress Responsive Pricing Tables plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.3.19 via deserialization of untrusted input from. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Go Pricing
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2883 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass.0.3.4 Panel: v4.0.3.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cbot Core Cbot Panel
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-30484 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in uPress Enable Accessibility plugin <= 1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Enable Accessibility
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2885 HIGH This Week

Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).0.3.4 Panel: v4.0.3.7. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Cbot Core Cbot Panel
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2023-0950 HIGH This Week

Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a spreadsheet document that will cause an array index. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Libreoffice Debian Linux
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-2480 HIGH This Week

Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Files
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27529 HIGH This Week

Wacom Tablet Driver installer prior to 6.4.2-1 (for macOS) contains an improper link resolution before file access vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Tablet Driver Installer
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32067 HIGH This Week

c-ares is an asynchronous resolver library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service C Ares Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-33263 HIGH This Week

In WFTPD 3.25, usernames and password hashes are stored in an openly viewable wftpd.ini configuration file within the WFTPD directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wftpd
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2798 HIGH PATCH This Week

Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Htmlunit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26216 HIGH This Week

The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an exploitable vulnerability that allows an attacker to upload files to a directory accessible by the web server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ebx Add Ons
NVD
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy