Skip to main content
CVE-2023-2833 HIGH POC THREAT Act Now

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.8%.

WordPress Privilege Escalation Reviewx
NVD VulDB
CVSS 3.1
8.8
EPSS
26.8%
Threat
4.1
CVE-2023-33532 CRITICAL POC THREAT Emergency

There is a command injection vulnerability in the Netgear R6250 router with Firmware Version 1.0.4.48. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.4%.

Command Injection Netgear R6250 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
19.4%
Threat
4.0
CVE-2023-33381 HIGH POC THREAT Act Now

A command injection vulnerability was found in the ping functionality of the MitraStar GPT-2741GNAC router (firmware version AR_g5.8_110WVN0b7_2). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 27.1%.

Command Injection Gpt 2741Gnac Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
27.1%
CVE-2023-31569 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain a command injection via the setWanCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-34111 CRITICAL POC Act Now

The `Release PR Merged` workflow in the github repo taosdata/grafanaplugin is subject to a command injection vulnerability which allows for arbitrary code execution within the github action context. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Grafana
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2023-33653 HIGH POC This Week

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Experience Platform
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-33652 HIGH POC This Week

Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Experience Platform
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-33533 HIGH POC This Week

Netgear D6220 with Firmware Version 1.0.0.80, D8500 with Firmware Version 1.0.3.60, R6700 with Firmware Version 1.0.2.26, and R6900 with Firmware Version 1.0.2.26 are vulnerable to Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection D6220 Firmware D8500 Firmware R6700 Firmware +1
NVD GitHub
CVSS 3.1
8.8
EPSS
3.1%
CVE-2023-33457 HIGH POC This Week

In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow C Workflow
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3119 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Service Provider Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2603 HIGH POC This Week

A vulnerability was found in libcap. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Libcap Enterprise Linux Fedora +1
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-33747 HIGH POC This Week

CloudPanel v2.2.2 allows attackers to execute a path traversal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Cloudpanel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-33651 HIGH POC This Week

An issue in the MVC Device Simulator of Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) v9.0 Initial Release to v13.0 Initial Release allows attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Experience Commerce Experience Manager Experience Platform Managed Cloud
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-31606 HIGH POC PATCH This Week

A Regular Expression Denial of Service (ReDoS) issue was discovered in the sanitize_html function of redcloth gem v4.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Redcloth
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-32549 HIGH POC This Week

Landscape cryptographic keys were insecurely generated with a weak pseudo-random generator. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Landscape
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33659 HIGH POC PATCH This Week

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-33569 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via ip/eval/ajax.php?action=update_user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-3120 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Service Provider Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-33460 MEDIUM POC This Month

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Yajl Fedora Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-2183 MEDIUM POC PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Grafana Authentication Bypass
NVD GitHub
CVSS 3.1
6.4
EPSS
1.0%
CVE-2023-34409 CRITICAL Act Now

In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in auth_server.go does not properly formalize and sanitize URL paths to reject path traversal attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Monitoring And Management
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-29632 CRITICAL PATCH Act Now

PrestaShop jmspagebuilder 3.x is vulnerable to SQL Injection via ajax_jmspagebuilder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Jmspagebuilder
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32628 CRITICAL Act Now

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file upload vulnerability that could allow an attacker to modify the file extension of a certificate file to ASP when uploading it,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Webaccess Scada
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32540 CRITICAL Act Now

In Advantech WebAccss/SCADA v9.1.3 and prior, there is an arbitrary file overwrite vulnerability, which could allow an attacker to overwrite any file in the operating system (including system files),. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Webaccess Scada
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33613 MEDIUM POC This Month

axTLS v2.1.5 was discovered to contain a heap buffer overflow in the bi_import function in axtls-code/crypto/bigint.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Axtls
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-33977 MEDIUM POC PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nginx Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-2546 HIGH PATCH This Week

The WP User Switch plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Wp User Switch
NVD VulDB
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-33530 HIGH This Week

There is a command injection vulnerability in the Tenda G103 Gigabit GPON Terminal with firmware version V1.0.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Tenda G103 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-33959 HIGH PATCH This Week

notation is a CLI tool to sign and verify OCI artifacts and container images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Notation Go
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-0985 HIGH This Week

An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Mbconnect24 Mymbconnect24
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27126 MEDIUM POC This Month

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 (EU) on firmware version 1.1.22 Build 220725 is reused across all cameras. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure TP-Link Tapo C200 Firmware
NVD VulDB
CVSS 3.1
4.6
EPSS
0.4%
CVE-2023-3121 MEDIUM POC This Month

A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Dahua SSRF Smart Parking Management
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-32550 HIGH This Week

Landscape's server-status page exposed sensitive system information. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Landscape
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-32203 HIGH This Week

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31278 HIGH This Week

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31244 HIGH This Week

The affected product does not properly validate user-supplied data. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29503 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28653 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27916 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing font files (e.g., FNT). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32539 HIGH This Week

Horner Automation Cscape lacks proper validation of user-supplied data when parsing project files (e.g., HMI). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32289 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g.., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32281 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32545 HIGH This Week

The affected application lacks proper validation of user-supplied data when parsing project files (e.g., CSP). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Cscape Envisionrv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21670 HIGH PATCH This Week

Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Authentication Bypass 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +179
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21657 HIGH PATCH This Week

Memoru corruption in Audio when ADSP sends input during record use case. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Csra6620 Firmware Csra6640 Firmware Wcn3991 Firmware Wcn3998 Firmware +122
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21656 HIGH PATCH This Week

Memory corruption in WLAN HOST while receiving an WMI event from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Csrb31024 Firmware +124
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21632 HIGH This Week

Memory corruption in Automotive GPU while querying a gsl memory node. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Apq8064au Firmware Msm8996au Firmware Qam8295p Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21628 HIGH This Week

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +279
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30864 HIGH This Week

In Connectivity Service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30863 HIGH This Week

In Connectivity Service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy