Skip to main content
CVE-2023-35813 CRITICAL POC PATCH THREAT Act Now

Multiple Sitecore products allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Experience Commerce Experience Manager Experience Platform +1
NVD
CVSS 3.1
9.8
EPSS
86.7%
CVE-2023-35811 HIGH This Week

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-35809 HIGH This Week

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-35808 HIGH This Week

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-3295 HIGH This Week

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) for WordPress is vulnerable to arbitrary file uploads due to missing file type validation of files in the file manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload WordPress Unlimited Elements For Elementor
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-28295 HIGH PATCH This Week

Microsoft Publisher Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft 365 Apps Office +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-28287 HIGH PATCH This Week

Microsoft Publisher Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft 365 Apps +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-35810 HIGH This Week

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection PHP Sugarcrm
NVD
CVSS 3.1
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy