Skip to main content
CVE-2019-25152 HIGH POC PATCH THREAT Act Now

The Abandoned Cart Lite for WooCommerce and Abandoned Cart Pro for WooCommerce plugins for WordPress are vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 27.1%.

XSS WordPress Abandoned Cart Lite For Woocommerce Abandoned Cart Pro For Woocommerce
NVD WPScan
CVSS 3.1
7.2
EPSS
27.1%
CVE-2023-36239 HIGH POC This Week

libming listswf 0.4.7 was discovered to contain a buffer overflow in the parseSWF_DEFINEFONTINFO() function at parser.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libming
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34923 HIGH POC This Week

XML Signature Wrapping (XSW) in SAML-based Single Sign-on feature in TOPdesk v12.10.12 allows bad actors with credentials to authenticate with the Identity Provider (IP) to impersonate any TOPdesk. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Topdesk
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-36243 HIGH POC This Week

FLVMeta v1.2.1 was discovered to contain a buffer overflow via the xml_on_metadata_tag_only function at dump_xml.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Flvmeta
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-36358 HIGH POC This Week

TP-Link TL-WR940N V2/V3/V4, TL-WR941ND V5/V6, TL-WR743ND V1 and TL-WR841N V8 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlAccessTargetsRpm. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +2
NVD GitHub
CVSS 3.1
7.7
EPSS
0.7%
CVE-2023-36357 HIGH POC This Week

An issue in the /userRpm/LocalManageControlRpm component of TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8/V10, and TL-WR941ND V5 allows attackers to cause a Denial of Service (DoS) via a crafted GET. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr940n Firmware Tl Wr841n Firmware Tl Wr941Nd Firmware
NVD GitHub
CVSS 3.1
7.7
EPSS
0.8%
CVE-2023-36356 HIGH POC This Week

TP-Link TL-WR940N V2/V4/V6, TL-WR841N V8, TL-WR941ND V5, and TL-WR740N V1/V2 were discovered to contain a buffer read out-of-bounds via the component /userRpm/VirtualServerRpm. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service TP-Link Tl Wr940n Firmware +3
NVD GitHub
CVSS 3.1
7.7
EPSS
0.7%
CVE-2023-36359 HIGH POC This Week

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR940N V2/V3 and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/QoSRuleListRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-36354 HIGH POC This Week

TP-Link TL-WR940N V4, TL-WR841N V8/V10, TL-WR740N V1/V2, TL-WR940N V2/V3, and TL-WR941ND V5/V6 were discovered to contain a buffer overflow in the component /userRpm/AccessCtrlTimeSchedRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940n Firmware Tl Wr841n Firmware +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-2990 HIGH POC This Week

Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Eft Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-36371 HIGH POC This Week

An issue in the GDKfree component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36370 HIGH POC This Week

An issue in the gc_col component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36369 HIGH POC This Week

An issue in the list_append component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36368 HIGH POC This Week

An issue in the cs_bind_ubat component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36367 HIGH POC This Week

An issue in the BLOBcmp component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36366 HIGH POC This Week

An issue in the log_create_delta component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36365 HIGH POC This Week

An issue in the sql_trans_copy_key component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-36364 HIGH POC This Week

An issue in the rel_deps component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-36363 HIGH POC This Week

An issue in the __nss_database_lookup component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-36362 HIGH POC This Week

An issue in the rel_sequences component of MonetDB Server v11.45.17 and v11.46.0 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Monetdb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29709 HIGH POC This Week

An issue was discovered in /cgi-bin/login_rj.cgi in Wildix WSG24POE version 103SP7D190822, allows attackers to bypass authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wsg24Poe Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29708 HIGH POC THREAT This Week

An issue was discovered in /cgi-bin/adm.cgi in WavLink WavRouter version RPT70HA1.x, allows attackers to force a factory reset via crafted payload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wavrouter App
NVD GitHub
CVSS 3.1
7.5
EPSS
14.2%
CVE-2023-26115 HIGH POC PATCH This Week

All versions of the package word-wrap are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression within the result variable. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Word Wrap
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-34241 HIGH POC PATCH This Week

OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Cups Fedora +2
NVD GitHub
CVSS 3.1
7.1
EPSS
1.4%
CVE-2023-34028 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wolf Wordpress Posts Bulk Editor And Manager Professional
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35917 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Paypal Payments
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23795 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Form Builder plugin <= 1.9.9.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Form Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-47593 HIGH This Week

Auth. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Rapidload Power Up For Autoptimize
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-3256 HIGH This Week

Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure R Seenet
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-28006 HIGH This Week

The OSD Bare Metal Server uses a cryptographic algorithm that is no longer considered sufficiently secure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bigfix Osd Bare Metal Server
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32449 HIGH PATCH This Week

Dell PowerStore versions prior to 3.5 contain an improper verification of cryptographic signature vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Jwt Attack Dell Powerstoret Os
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28956 HIGH PATCH This Week

IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation IBM Spectrum Protect Backup Archive Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3114 HIGH This Week

Terraform Enterprise since v202207-1 did not properly implement authorization rules for agent pools, allowing the workspace to be targeted by unauthorized agents. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Terraform Enterprise
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2023-35133 HIGH PATCH This Week

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Moodle
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-32320 HIGH PATCH This Week

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-20896 HIGH PATCH This Week

The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Information Disclosure VMware Vcenter Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31867 HIGH This Week

Sage X3 version 12.14.0.50-0 is vulnerable to CSV Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection X3
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-27083 HIGH This Week

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP Pluck
NVD
CVSS 3.1
7.2
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy