Skip to main content
CVE-2023-2996 HIGH POC This Week

The Jetpack WordPress plugin before 12.1.1 does not validate uploaded files, allowing users with author roles or above to manipulate existing files on the site, deleting arbitrary files, and in rare. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Deserialization Jetpack
NVD WPScan
CVSS 3.1
8.8
EPSS
4.8%
CVE-2023-2877 HIGH POC THREAT This Week

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Formidable Forms
NVD WPScan
CVSS 3.1
8.8
EPSS
22.5%
CVE-2023-2628 HIGH POC This Week

The KiviCare WordPress plugin before 3.2.1 does not have CSRF checks (either flawed or missing completely) in various AJAX actions, which could allow attackers to make logged in users perform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Kivicare
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-3423 HIGH POC PATCH This Week

Weak Password Requirements in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v 1.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Cloudexplorer Lite
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2842 HIGH POC This Week

The WP Inventory Manager WordPress plugin before 2.1.0.14 does not have CSRF checks, which could allow attackers to make logged-in admins delete Inventory Items via a CSRF attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Inventory Manager
NVD WPScan
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-2744 HIGH POC This Week

The ERP WordPress plugin before 1.12.4 does not properly sanitise and escape the `type` parameter in the `erp/v1/accounting/v1/people` REST API endpoint before using it in a SQL statement, leading to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Erp
NVD WPScan
CVSS 3.1
7.2
EPSS
2.6%
CVE-2023-2592 HIGH POC This Week

The FormCraft WordPress plugin before 3.9.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Formcraft
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-2482 HIGH POC This Week

The Responsive CSS EDITOR WordPress plugin through 1.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Responsive Css Editor
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-25002 HIGH This Week

A maliciously crafted SKP file in Autodesk products is used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption 3ds Max Navisworks +2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25001 HIGH This Week

A maliciously crafted SKP file in Autodesk Navisworks 2023 and 2022 be used to trigger use-after-free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption Navisworks
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29068 HIGH This Week

A maliciously crafted file consumed through pskernel.dll file could lead to memory corruption vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Alias Autocad +15
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25004 HIGH This Week

A maliciously crafted pskernel.dll file in Autodesk products is used to trigger integer overflow vulnerabilities. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Alias Autocad Autocad Advance Steel +14
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22593 HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Redis Authentication Bypass IBM Robotic Process Automation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34395 HIGH PATCH This Week

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Privilege Escalation Apache Apache Airflow Providers Odbc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-30993 HIGH PATCH This Week

IBM Cloud Pak for Security (CP4S) 1.9.0.0 through 1.9.2.0 could allow an attacker with a valid API key for one tenant to access data from another tenant's account. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure IBM Cloud Pak For Security
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28857 HIGH PATCH This Week

Apereo CAS is an open source multilingual single sign-on solution for the web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Central Authentication Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26276 HIGH PATCH This Week

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3405 HIGH This Week

Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
7.5
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy