Skip to main content
CVE-2023-2950 HIGH POC PATCH This Week

Improper Authorization in GitHub repository openemr/openemr prior to 7.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-31873 HIGH POC This Week

Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process'). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gin
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-33926 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Easy Google Maps plugin <= 1.11.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Easy Google Maps
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-33316 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Automatewoo
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-33313 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wip Custom Login
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33931 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtube Playlist Player
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33315 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Stephen Darlington, Wandle Software Limited Smart App Banner plugin <= 1.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smart App Banner
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33212 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Crocoblock JetFormBuilder - Dynamic Blocks Form Builder plugin <= 3.0.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Jetformbuilder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32763 HIGH PATCH This Week

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qt
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-33291 HIGH This Week

In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Ebankit
NVD
CVSS 3.1
7.4
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy