Skip to main content
CVE-2023-2986 CRITICAL POC PATCH THREAT Act Now

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.14.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 91.4%.

Authentication Bypass WordPress Abandoned Cart Lite For Woocommerce
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
91.4%
Threat
6.2
CVE-2023-33443 CRITICAL POC Act Now

Incorrect access control in the administrative functionalities of BES--6024PB-I50H1 VideoPlayTool v2.0.1.0 allow attackers to execute arbitrary administrative commands via a crafted payload sent to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Videoplaytool
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2023-29405 CRITICAL PATCH Act Now

The go command may execute arbitrary code at build time when using cgo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Go Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-29404 CRITICAL PATCH Act Now

The go command may execute arbitrary code at build time when using cgo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Go Fedora
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-29402 CRITICAL PATCH Act Now

The go command may generate unexpected code at build time when using cgo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Go Fedora
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-0954 CRITICAL Act Now

A debug feature in Sensormatic Electronics Illustra Pro Gen 4 Dome and PTZ cameras allows a user to compromise credentials after a long period of sustained attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Illustra Pro Gen 4 Dome Firmware Illustra Pro Gen 4 Ptz Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-34566 CRITICAL Act Now

Tenda AC10 v4 US_AC10V4.0si_V16.03.10.13_cn was discovered to contain a stack overflow via parameter time at /goform/saveParentControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23482 CRITICAL PATCH Act Now

IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 could allow a remote attacker to hijack the clicking action of the victim. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Sterling Partner Engagement Manager
NVD
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-34239 CRITICAL PATCH Act Now

Gradio is an open-source Python library that is used to build machine learning and data science. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Gradio
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy