Skip to main content
CVE-2023-2719 HIGH POC This Week

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the `id` parameter for an Agent in the REST API before using it in an SQL statement, leading to an SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Supportcandy
NVD WPScan
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-2359 HIGH POC This Week

The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Code Injection WordPress Slider Revolution
NVD WPScan
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-35843 HIGH POC This Week

NocoDB through 0.106.0 (or 0.109.1) has a path traversal vulnerability that allows an unauthenticated attacker to access arbitrary files on the server by manipulating the path parameter of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nocodb
NVD GitHub
CVSS 3.1
7.5
EPSS
8.9%
CVE-2023-34603 HIGH POC PATCH This Week

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryFilterTableDictInfo at org.jeecg.modules.api.controller.SystemApiController. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecgboot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34602 HIGH POC PATCH This Week

JeecgBoot up to v 3.5.1 was discovered to contain a SQL injection vulnerability via the component queryTableDictItemsByCode at org.jeecg.modules.api.controller.SystemApiController. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecgboot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35844 HIGH POC PATCH This Week

packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Lightdash
NVD GitHub
CVSS 3.1
7.5
EPSS
6.3%
CVE-2023-2805 HIGH POC This Week

The SupportCandy WordPress plugin before 3.1.7 does not properly sanitise and escape the agents[] parameter in the set_add_agent_leaves AJAX function before using it in a SQL statement, leading to a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Supportcandy
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-2492 HIGH POC This Week

The QueryWall: Plug'n Play Firewall WordPress plugin through 1.1.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Querywall Plug N Play Firewall
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-2221 HIGH POC This Week

The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Custom Cursors
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-34373 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Zephyr Project Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2022-46850 HIGH This Week

Auth. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easy Media Replace
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2023-34642 HIGH This Week

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Microsoft Kioware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34641 HIGH This Week

KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Kioware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32542 HIGH This Week

Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32538 HIGH This Week

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Tellus +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32288 HIGH This Week

Out-of-bounds read vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32276 HIGH This Week

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Tellus +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32273 HIGH This Week

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Tellus +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32270 HIGH This Week

Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Information Disclosure Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32201 HIGH This Week

Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Tellus +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31239 HIGH This Week

Stack-based buffer overflow vulnerability in V-Server v4.0.15.0 and V-Server Lite v4.0.15.0 and earlier allows an attacker to execute arbitrary code by having user open a specially crafted VPR file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure V Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-30759 HIGH This Week

The driver installation package created by Printer Driver Packager NX v1.0.02 to v1.1.25 fails to detect its modification and may spawn an unexpected process with the administrative privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Printer Driver Packager Nx
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-3312 HIGH This Week

A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34166 HIGH This Week

Vulnerability of system restart triggered by abnormal callbacks passed to APIs.Successful exploitation of this vulnerability may cause the system to restart. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34163 HIGH This Week

Permission control vulnerability in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34162 HIGH This Week

Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34161 HIGH This Week

nappropriate authorization vulnerability in the SettingsProvider module.Successful exploitation of this vulnerability may cause features to perform abnormally. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34155 HIGH This Week

Vulnerability of unauthorized calling on HUAWEI phones and tablets.Successful exploitation of this vulnerability may affect availability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Huawei Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-25747 HIGH This Week

A potential use-after-free in libaudio was fixed by disabling the AAudio backend when running on Android API below version 30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Use After Free Mozilla Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25733 HIGH This Week

The return value from `gfx::SourceSurfaceSkia::Map()` wasn't being verified which could have potentially lead to a null pointer dereference. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Firefox
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-32214 HIGH This Week

Protocol handlers `ms-cxh` and `ms-cxh-full` could have been leveraged to trigger a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Denial Of Service Microsoft Firefox Firefox Esr +1
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-32209 HIGH This Week

A maliciously crafted favicon could have led to an out of memory crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla Firefox
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-35852 HIGH PATCH This Week

In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Suricata
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-35849 HIGH PATCH This Week

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-35848 HIGH PATCH This Week

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35847 HIGH PATCH This Week

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35846 HIGH PATCH This Week

VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Picotcp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-31410 HIGH This Week

A remote unprivileged attacker can intercept the communication via e.g. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Sick Eventcam App
NVD
CVSS 3.1
7.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy