Skip to main content
CVE-2023-2986 CRITICAL POC PATCH THREAT Act Now

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 91.4%.

Authentication Bypass WordPress Abandoned Cart Lite For Woocommerce
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
91.4%
Threat
6.2
CVE-2023-33443 CRITICAL POC Act Now

Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Videoplaytool
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2023-32749 HIGH POC THREAT This Week

Pydio Cells allows users by default to create so-called external users in order to share files with them. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cells
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
14.2%
CVE-2023-34096 HIGH POC PATCH THREAT This Week

Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Thruk
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
62.7%
CVE-2023-3163 HIGH POC This Week

A vulnerability was found in y_project RuoYi up to 4.7.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ruoyi
NVD VulDB
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-33657 HIGH POC PATCH This Week

A use-after-free vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-33660 HIGH POC PATCH This Week

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-33658 HIGH POC PATCH This Week

A heap buffer overflow vulnerability exists in NanoMQ 0.17.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-32750 MEDIUM POC This Month

Pydio Cells through 4.1.2 allows SSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Cells
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
3.8%
CVE-2023-34969 MEDIUM POC This Month

D-Bus before 1.15.6 sometimes allows unprivileged users to crash dbus-daemon. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Dbus Fedora Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-3165 MEDIUM POC This Month

A vulnerability was found in SourceCodester Life Insurance Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Life Insurance Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29405 CRITICAL PATCH Act Now

The go command may execute arbitrary code at build time when using cgo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Go Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-29404 CRITICAL PATCH Act Now

The go command may execute arbitrary code at build time when using cgo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Go Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-29402 CRITICAL PATCH Act Now

The go command may generate unexpected code at build time when using cgo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Go Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-0954 CRITICAL Act Now

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Illustra Pro Gen 4 Dome Firmware Illustra Pro Gen 4 Ptz Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-34566 CRITICAL Act Now

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23482 CRITICAL PATCH Act Now

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-32751 MEDIUM POC This Month

Pydio Cells through 4.1.2 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cells
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2023-34238 MEDIUM POC PATCH This Month

Gatsby is a free and open source framework based on React. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Gatsby
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-34239 CRITICAL PATCH Act Now

Gradio is an open-source Python library that is used to build machine learning and data science. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Gradio
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-34233 HIGH PATCH This Week

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Python Command Injection Snowflake Connector
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-34232 HIGH PATCH This Week

snowflake-connector-nodejs, a NodeJS driver for Snowflake, is vulnerable to command injection via single sign on (SSO) browser URL authentication in versions prior to 1.6.21. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Command Injection Snowflake Connector
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-34230 HIGH PATCH This Week

snowflake-connector-net, the Snowflake Connector for .NET, is vulnerable to command injection prior to version 2.0.18 via SSO URL authentication. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Command Injection Snowflake Connector
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-34231 HIGH PATCH This Week

gosnowflake is th Snowflake Golang driver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Gosnowflake
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-29401 MEDIUM POC PATCH This Month

The filename parameter of the Context.FileAttachment function is not properly sanitized. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gin
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-34962 HIGH PATCH This Week

Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Chamilo Lms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-29403 HIGH PATCH This Week

On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Go Fedora
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-24535 HIGH PATCH This Week

Parsing invalid messages can panic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Protobuf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-34571 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter shareSpeed at /goform/WifiGuestSet. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34570 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter devName at /goform/SetOnlineDevName. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34569 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetNetControlList. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34568 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/PowerSaveSet. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34567 MEDIUM This Month

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter list at /goform/SetVirtualServerCfg. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-34961 MEDIUM PATCH This Month

Chamilo v1.11.x up to v1.11.18 was discovered to contain a cross-site scripting (XSS) vulnerability via the /feedback/comment field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Chamilo Lms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23481 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23480 MEDIUM PATCH This Month

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33846 MEDIUM PATCH This Month

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Txseries For Multiplatform Cics Tx
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-34243 MEDIUM PATCH This Month

TGstation is a toolset to manage production BYOND servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Microsoft Tgstation Server
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-34959 MEDIUM PATCH This Month

An issue in Chamilo v1.11.* up to v1.11.18 allows attackers to execute a Server-Side Request Forgery (SSRF) and obtain information on the services running on the server via crafted requests in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Chamilo Lms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-34958 MEDIUM PATCH This Month

Incorrect access control in Chamilo 1.11.* up to 1.11.18 allows a student subscribed to a given course to download documents belonging to another student if they know the document's ID. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Chamilo Lms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-33847 LOW PATCH Monitor

IBM TXSeries for Multiplatforms 8.1, 8.2, 9.1, CICS TX Standard, 11.1, CICS TX Advanced 10.1, and 11.1 does not set the secure attribute on authorization tokens or session cookies. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Txseries For Multiplatform Cics Tx
NVD
CVSS 3.1
3.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy