Skip to main content
CVE-2023-2981 MEDIUM POC PATCH This Month

A vulnerability, which was classified as problematic, has been found in Abstrium Pydio Cells 4.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pydio Cells
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0443 MEDIUM POC This Month

The AnyWhere Elementor WordPress plugin before 1.2.8 discloses a Freemius Secret Key which could be used by an attacker to purchase the pro subscription using test credit card numbers without. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Anywhere Elementor
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34205 CRITICAL PATCH Act Now

In Moov signedxml through 1.0.0, parsing the raw XML (as received) can result in different output than parsing the canonicalized XML. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Authentication Bypass Signedxml
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-2111 MEDIUM POC This Month

The Fast & Effective Popups & Lead-Generation for WordPress plugin before 2.1.4 concatenates user input into an SQL query without escaping it first in the plugin's report API endpoint, which could. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Hollerbox
NVD WPScan
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-2936 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
23.0%
CVE-2023-2935 HIGH This Week

Type Confusion in V8 in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome
NVD
CVSS 3.1
8.8
EPSS
23.9%
CVE-2023-2934 HIGH This Week

Out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-2933 HIGH This Week

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2932 HIGH This Week

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2931 HIGH This Week

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2930 HIGH This Week

Use after free in Extensions in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2929 HIGH This Week

Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-32696 HIGH PATCH This Week

CKAN is an open-source data management system for powering data hubs and data portals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation RCE Docker Ckan
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2470 MEDIUM POC This Month

The Add to Feedly WordPress plugin through 1.2.11 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Add To Feedly
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2223 MEDIUM POC This Month

The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Login Rebuilder
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2113 MEDIUM POC This Month

The Autoptimize WordPress plugin before 3.1.7 does not sanitise and escape the settings imported from a previous export, allowing high privileged users (such as an administrator) to inject arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Autoptimize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-33191 HIGH PATCH This Week

Kyverno is a policy engine designed for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Kyverno
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-33245 HIGH This Week

Minecraft through 1.19 and 1.20 pre-releases before 7 (Java) allow arbitrary file overwrite, and possibly code execution, via crafted world data that contains a symlink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Minecraft
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-26130 HIGH PATCH This Week

Versions of the package yhirose/cpp-httplib before 0.12.4 are vulnerable to CRLF Injection when untrusted user input is used to set the content-type header in the HTTP .Patch, .Post, .Put and .Delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Cpp Httplib
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2978 MEDIUM POC PATCH This Month

A vulnerability was found in Abstrium Pydio Cells 4.2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pydio Cells
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-2287 MEDIUM POC This Month

The Orbit Fox by ThemeIsle WordPress plugin before 2.10.24 does not limit URLs which may be used for the stock photo import feature, allowing the user to specify arbitrary URLs. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Orbitfox
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2939 HIGH This Week

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Microsoft Chrome
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-31184 HIGH This Week

ROZCOM client CWE-798: Use of Hard-coded Credentials. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Rozcom Client
NVD
CVSS 3.1
7.8
EPSS
2.3%
CVE-2023-28079 HIGH PATCH This Week

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains Insecure File and Folder Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation RCE Microsoft Powerpath
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30601 HIGH PATCH This Week

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra0.0 through 4.0.9, from 4.1.0 through 4.1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apache Cassandra
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0779 HIGH This Week

At the most basic level, an invalid pointer can be input that crashes the device, but with more knowledge of the device’s memory layout, further exploitation is possible. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Denial Of Service Zephyr
NVD GitHub
CVSS 3.1
7.7
EPSS
0.5%
CVE-2023-33234 HIGH PATCH This Week

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Apache Kubernetes Apache Airflow Providers Cncf Kubernetes
NVD VulDB
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-32342 HIGH This Week

IBM GSKit could allow a remote attacker to obtain sensitive information, caused by a timing-based side channel in the RSA Decryption implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Http Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2953 HIGH This Week

A vulnerability was found in openldap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Openldap Enterprise Linux macOS +8
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-31185 HIGH This Week

ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rozcom Client
NVD
CVSS 3.1
7.5
EPSS
13.8%
CVE-2023-33973 HIGH PATCH This Week

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-24826 HIGH PATCH This Week

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23755 HIGH This Week

An issue was discovered in Joomla!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Joomla
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24825 HIGH PATCH This Week

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-24817 HIGH PATCH This Week

RIOT-OS, an operating system for Internet of Things (IoT) devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30196 HIGH PATCH This Week

Prestashop salesbooster <= 1.10.4 is vulnerable to Incorrect Access Control via modules/salesbooster/downloads/download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP Salesbooster
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33198 HIGH PATCH This Week

tgstation-server is a production scale tool for BYOND server management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Tgstation Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-33175 HIGH PATCH This Week

ToUI is a Python package for creating user interfaces (websites and desktop apps) from HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Toui
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-28080 HIGH PATCH This Week

PowerPath for Windows, versions 7.0, 7.1 & 7.2 contains DLL Hijacking Vulnerabilities. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Microsoft Powerpath
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-27988 HIGH PATCH This Week

The post-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.13)C0 could allow an authenticated attacker with administrator privileges to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nas326 Firmware Nas540 Firmware Nas542 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.4%
CVE-2023-2117 LOW POC Monitor

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitize the dir parameter when handling the get_subdirs ajax action, allowing a high privileged users such as admins to inspect. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Image Optimizer
NVD WPScan
CVSS 3.1
2.7
EPSS
0.7%
CVE-2023-2940 MEDIUM This Month

Inappropriate implementation in Downloads in Google Chrome prior to 114.0.5735.90 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-33180 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33179 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33178 MEDIUM This Month

Xibo is a content management system (CMS). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Xibo
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-31187 MEDIUM This Month

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-522: Insufficiently Protected Credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ix Workforce Engagement
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-32689 MEDIUM PATCH This Month

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Node.js File Upload Parse Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2650 MEDIUM PATCH This Month

Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

OpenSSL Canonical Denial Of Service Debian Linux
NVD
CVSS 3.1
6.5
EPSS
75.1%
CVE-2023-2970 MEDIUM This Month

A vulnerability classified as problematic was found in MindSpore 2.0.0-alpha/2.0.0-rc1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Mindspore
NVD VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-32218 MEDIUM This Month

Avaya IX Workforce Engagement v15.2.7.1195 - CWE-601: URL Redirection to Untrusted Site ('Open Redirect'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Ix Workforce Engagement
NVD
CVSS 3.1
6.1
EPSS
0.3%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy