Skip to main content
CVE-2023-35166 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
63.1%
CVE-2023-2533 HIGH POC KEV THREAT This Week

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Papercut Mf Papercut Ng
NVD
CVSS 3.1
8.8
EPSS
29.2%
CVE-2023-3320 HIGH POC PATCH This Week

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress PHP CSRF Wp Sticky Social
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-26436 HIGH This Week

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java RCE Code Injection Deserialization Open Xchange Appsuite Backend
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-3325 HIGH PATCH This Week

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation WordPress Cms Commander
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2023-32274 HIGH This Week

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Installer Toolkit
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1999 HIGH This Week

There exists a use after free/double free in libwebp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Libwebp
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1862 HIGH This Week

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Warp
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy