Skip to main content
CVE-2023-35856 CRITICAL POC Act Now

A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Mario Kart Wii
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35855 CRITICAL POC Act Now

A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Counter Strike
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-35839 CRITICAL POC PATCH Act Now

A bypass in the component sofa-hessian of Solon before v2.3.3 allows attackers to execute arbitrary code via providing crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Solon
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2719 HIGH POC This Week

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Supportcandy
NVD WPScan
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-2359 HIGH POC This Week

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Code Injection WordPress Slider Revolution
NVD WPScan
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-35843 HIGH POC This Week

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nocodb
NVD GitHub
CVSS 3.1
7.5
EPSS
8.9%
CVE-2023-34603 HIGH POC PATCH This Week

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecgboot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34602 HIGH POC PATCH This Week

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecgboot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35844 HIGH POC PATCH This Week

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Lightdash
NVD GitHub
CVSS 3.1
7.5
EPSS
6.3%
CVE-2023-2805 HIGH POC This Week

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Supportcandy
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-2492 HIGH POC This Week

The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Querywall Plug N Play Firewall
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-2221 HIGH POC This Week

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Custom Cursors
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-3316 MEDIUM POC PATCH This Month

A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libtiff
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-35862 MEDIUM POC PATCH This Month

libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcoap
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-35840 MEDIUM POC PATCH This Month

_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Elfinder
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-2779 MEDIUM POC This Month

The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Social Share Social Login And Social Comments
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
6.0%
CVE-2023-2654 MEDIUM POC This Month

The Conditional Menus WordPress plugin before 1.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Conditional Menus
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2399 MEDIUM POC This Month

The QuBot WordPress plugin before 1.1.6 doesn't filter user input on chat, leading to bad code inserted on it be reflected on the user dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Qubot
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2907 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marksoft allows SQL Injection.7.1.7 ; Login:1.4 ; API:20230605. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Marksoft
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-34159 CRITICAL Act Now

Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-31411 CRITICAL Act Now

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sick Eventcam App
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27992 CRITICAL KEV PATCH THREAT Act Now

The pre-authentication command injection vulnerability in the Zyxel NAS326 firmware versions prior to V5.21(AAZF.14)C0, NAS540 firmware versions prior to V5.21(AATB.11)C0, and NAS542 firmware. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nas326 Firmware Nas540 Firmware Nas542 Firmware
NVD
CVSS 3.1
9.8
EPSS
84.2%
CVE-2023-34417 CRITICAL Act Now

Memory safety bugs present in Firefox 113. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34416 CRITICAL Act Now

Memory safety bugs present in Firefox 113, Firefox ESR 102.11, and Thunderbird 102.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29542 CRITICAL Act Now

A newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mozilla Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25736 CRITICAL Act Now

An invalid downcast from `nsHTMLDocument` to `nsIContent` could have lead to undefined behavior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32216 CRITICAL Act Now

Mozilla developers and community members Ronald Crane, Andrew McCreight, Randell Jesup and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 112. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29531 CRITICAL Act Now

An attacker could have caused an out of bounds memory access using WebGL APIs, leading to memory corruption and a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Apple Firefox +2
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27396 CRITICAL Act Now

FINS (Factory Interface Network Service) is a message communication protocol, which is designed to be used in closed FA (Factory Automation) networks, and is used in FA networks composed of OMRON. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cs1W Eip21 Firmware Cs1W Spu01 V2 Firmware Cs1W Spu02 V2 Firmware Cs1W Etn21 Firmware +267
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-35857 CRITICAL Act Now

In Siren Investigate before 13.2.2, session keys remain active even after logging out. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Investigate
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-35853 CRITICAL PATCH Act Now

In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Suricata
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3318 MEDIUM POC This Month

A vulnerability was found in SourceCodester Resort Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Resort Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2899 MEDIUM POC This Month

The Google Map Shortcode WordPress plugin through 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Google Map Shortcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0489 MEDIUM POC This Month

The SlideOnline WordPress plugin through 1.2.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Sideonline
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0368 MEDIUM POC This Month

The Responsive Tabs For WPBakery Page Builder (formerly Visual Composer) WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Responsive Tabs For Wpbakery Page Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2751 MEDIUM POC This Month

The Upload Resume WordPress plugin through 1.2.0 does not validate the captcha parameter when uploading a resume via the resume_upload_form shortcode, allowing unauthenticated visitors to upload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Upload Resume
NVD WPScan
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-29158 CRITICAL Act Now

SUBNET PowerSYSTEM Center versions 2020 U10 and prior are vulnerable to replay attacks which may result in a denial-of-service condition or a loss of data integrity. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Powersystem Center
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-29534 CRITICAL Act Now

Different techniques existed to obscure the fullscreen notification in Firefox and Focus for Android. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Google Information Disclosure Firefox Firefox Focus
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-34373 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zephyr Project Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-2812 MEDIUM POC This Month

The Ultimate Dashboard WordPress plugin before 3.7.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Dashboard
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2811 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.5.6 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2742 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.5.5 does not sanitize and escape its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2684 MEDIUM POC This Month

The File Renaming on Upload WordPress plugin before 2.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS File Renaming On Upload
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2600 MEDIUM POC This Month

The Custom Base Terms WordPress plugin before 1.0.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Custom Base Terms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2527 MEDIUM POC This Month

The Integration for Contact Form 7 and Zoho CRM, Bigin WordPress plugin before 1.2.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress XSS Zoho Integration For Contact Form 7 And Zoho Crm Bigin
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2401 MEDIUM POC This Month

The QuBot WordPress plugin before 1.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Qubot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-34657 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2022-46850 HIGH This Week

Auth. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easy Media Replace
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2023-34642 HIGH This Week

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Microsoft Kioware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34641 HIGH This Week

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Kioware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy