Skip to main content
CVE-2023-32315 HIGH POC KEV PATCH THREAT Act Now

Openfire is an XMPP server licensed under the Open Source Apache License. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Path Traversal Openfire
NVD GitHub
CVSS 3.1
7.5
EPSS
100.0%
CVE-2023-33779 HIGH POC This Week

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Xxl Job
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-31128 HIGH POC PATCH This Week

NextCloud Cookbook is a recipe library app. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Nextcloud Cookbook
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2023-2879 HIGH POC This Week

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-2825 HIGH POC THREAT This Week

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gitlab
NVD GitHub
CVSS 3.1
7.5
EPSS
71.6%
CVE-2023-28319 HIGH POC This Week

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Curl macOS +6
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-33440 HIGH POC THREAT This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Faculty Evaluation System
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
14.5%
CVE-2023-33439 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
3.3%
CVE-2023-21515 HIGH This Week

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-21514 HIGH This Week

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-32964 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Better Notifications For Wp
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25467 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Resize At Upload Plus
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25058 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema - All In One Schema Rich Snippets plugin <= 1.6.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Schema
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25034 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Clean Up
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25470 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Rus To Lat
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25029 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Social Bookmarking Light
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25038 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF For The Visually Impaired
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24008 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik - Spam Blacklist plugin <= 0.7.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Maspik
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22693 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Wp Google Tag Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25976 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Integration For Contact Form 7 And Zoho Crm Bigin
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25971 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Educare
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24007 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Admin Block Country
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23714 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Uncanny Toolkit For Learndash
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28382 HIGH This Week

Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP Ess Rec
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-22970 HIGH This Week

Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Bottles Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-32307 HIGH This Week

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sofia Sip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-33247 HIGH This Week

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Catalog
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31227 HIGH This Week

The hwPartsDFR module has a vulnerability in API calling verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-31226 HIGH This Week

The SDK for the MediaPlaybackController module has improper permission verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20883 HIGH PATCH This Week

In Spring Boot versions 3.0.0 - 3.0.6, 2.7.0 - 2.7.11, 2.6.0 - 2.6.14, 2.5.0 - 2.5.14 and older unsupported versions, there is potential for a denial-of-service (DoS) attack if Spring MVC is used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Denial Of Service Spring Boot
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-0116 HIGH This Week

The reminder module lacks an authentication mechanism for broadcasts received. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32676 HIGH PATCH This Week

Autolab is a course management service that enables auto-graded programming assignments. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Autolab
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-32317 HIGH PATCH This Week

Autolab is a course management service that enables auto-graded programming assignments. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Autolab
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy