Skip to main content
CVE-2020-36720 HIGH POC This Week

The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Kali Forms
NVD VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2021-4382 HIGH Act Now

The Recently plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the fetch_external_image() function in versions up to, and including, 3.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 10.6% and no vendor patch available.

RCE WordPress File Upload Recently
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
10.6%
CVE-2022-4950 HIGH PATCH This Week

Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

RCE WordPress Authentication Bypass Cool Timeline Cryptocurrency Widgets +9
NVD VulDB
CVSS 3.1
8.8
EPSS
5.4%
CVE-2020-36707 HIGH This Week

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress CSRF Nifty Coming Soon Maintenance Mode Page
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-33284 HIGH This Week

Marval MSM through 14.19.0.12476 and 15.0 has a Remote Code Execution vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Msm
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-34108 HIGH PATCH This Week

mailcow is a mail server suite based on Dovecot, Postfix and other open source software, that provides a modern web UI for user/server administration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Authentication Bypass Mailcow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-33498 HIGH This Week

alist <=3.16.3 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Alist
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29152 HIGH This Week

By changing the filename parameter in the request, an attacker could delete any file with the permissions of the Vuforia server account. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Vuforia Studio
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-30576 HIGH This Week

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Apache RCE Memory Corruption Guacamole
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-1388 HIGH This Week

A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Agent
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-31200 HIGH This Week

PTC Vuforia Studio does not require a token; this could allow an attacker with local access to perform a cross-site request forgery attack or a replay attack. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Vuforia Studio
NVD
CVSS 3.1
8.0
EPSS
0.2%
CVE-2023-2866 HIGH This Week

If an attacker can trick an authenticated user into loading a maliciously crafted .zip file onto Advantech WebAccess version 8.4.5, a web shell could be used to give the attacker full control of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Webaccess
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25177 HIGH PATCH This Week

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow RCE Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-24014 HIGH PATCH This Week

Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to heap-based buffer overflow, which could allow an attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Cncsoft B
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-1709 HIGH This Week

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Jt2Go Teamcenter Visualization
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0976 HIGH This Week

A command Injection Vulnerability in TA for mac-OS prior to version 5.7.9 allows local users to place an arbitrary file into the /Library/Trellix/Agent/bin/ folder. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Agent
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-29168 HIGH This Week

The local Vuforia web application does not support HTTPS, and federated credentials are passed via basic authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vuforia Studio
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31115 HIGH This Week

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 5123 Firmware Exynos 5300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1864 HIGH This Week

FANUC ROBOGUIDE-HandlingPRO Versions 9 Rev.ZD and prior is vulnerable to a path traversal, which could allow an attacker to remotely read files on the system running the affected software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Roboguide Handlingpro Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34109 HIGH PATCH This Week

zxcvbn-ts is an open source password strength estimator written in typescript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Zxcvbn Ts
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2199 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-2198 HIGH This Week

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-0121 HIGH This Week

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-30575 HIGH This Week

Apache Guacamole 1.5.1 and older may incorrectly calculate the lengths of instruction elements sent during the Guacamole protocol handshake, potentially allowing an attacker to inject Guacamole. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Code Injection Guacamole
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-2904 HIGH This Week

The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface (API). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Safe
NVD
CVSS 3.1
7.3
EPSS
0.6%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy