Skip to main content
CVE-2023-2249 HIGH PATCH Act Now

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request Forgery, and PHAR Deserialization in versions up to, and including, 2.1.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 48.2%.

Deserialization WordPress PHP SSRF RCE +2
NVD VulDB
CVSS 3.1
8.8
EPSS
48.2%
CVE-2023-0992 HIGH PATCH Act Now

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 38.8%.

WordPress XSS Shield Security
NVD VulDB
CVSS 3.1
7.2
EPSS
38.8%
CVE-2023-33557 HIGH POC This Week

Fuel CMS v1.5.2 was discovered to contain a SQL injection vulnerability via the id parameter at /controllers/Blocks.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Fuel Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3177 HIGH POC This Week

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3176 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34112 HIGH POC This Week

JavaCPP Presets is a project providing Java distributions of native C++ libraries. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Code Injection Command Injection Javacpp Presets
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-29766 HIGH POC This Week

An issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Crossx
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29757 HIGH POC This Week

An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Blue Light Filter
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29755 HIGH POC This Week

An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Twilight
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29752 HIGH POC This Week

An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Authentication Bypass Facemoji Emoji Keyboard
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29749 HIGH POC This Week

An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Navigator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-3172 HIGH POC PATCH This Week

Path Traversal in GitHub repository froxlor/froxlor prior to 2.0.20. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Froxlor
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-27706 HIGH POC This Week

Bitwarden Windows desktop application versions prior to v2023.4.0 store biometric keys in Windows Credential Manager, accessible to other local unprivileged processes. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Bitwarden
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-1888 HIGH This Week

The Directorist plugin for WordPress is vulnerable to an arbitrary user password reset in versions up to, and including, 7.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure PHP Directorist
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2237 HIGH PATCH This Week

The WP Replicate Post plugin for WordPress is vulnerable to SQL Injection via the post_id parameter in versions up to, and including, 4.0.2 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Replicate Post
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-30262 HIGH PATCH This Week

An issue found in MIM software Inc MIM License Server and MIMpacs services v.6.9 thru v.7.0 fixed in v.7.0.10 allows a remote unauthenticated attacker to execute arbitrary code via the RMI Registry. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Mim Concurrent License Server Mim Local Concurrent License Server
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1895 HIGH This Week

The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to Server Side Request Forgery via the get_remote_content REST API endpoint in versions up to, and including, 1.8.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF WordPress Getwid
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-0721 HIGH PATCH This Week

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

RCE WordPress Metform Elementor Contact Form Builder Elementor
NVD
CVSS 3.1
8.3
EPSS
0.8%
CVE-2023-32731 HIGH PATCH This Week

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Grpc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1428 HIGH PATCH This Week

There exists an vulnerability causing an abort() to be called in gRPC. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Grpc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2607 HIGH PATCH This Week

The Multiple Page Generator Plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 3.3.17 due to insufficient escaping. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Multiple Page Generator
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-2484 HIGH PATCH This Week

The Active Directory Integration plugin for WordPress is vulnerable to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-0291 HIGH PATCH This Week

The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Quiz And Survey Master
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2023-2454 HIGH This Week

schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PostgreSQL Software Collections Enterprise Linux Fedora
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-3141 HIGH This Week

A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy