Skip to main content
CVE-2023-2982 CRITICAL POC THREAT Emergency

The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 7.6.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%.

Google WordPress Authentication Bypass Wordpress Social Login And Register Discord Google Twitter Linkedin
NVD VulDB
CVSS 3.1
9.8
EPSS
70.1%
Threat
5.6
CVE-2023-26616 CRITICAL POC Act Now

D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the URL field in SetParentsControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-26613 CRITICAL POC THREAT Act Now

An OS command injection vulnerability in D-Link DIR-823G firmware version 1.02B05 allows unauthorized attackers to execute arbitrary operating system commands via a crafted GET request to EXCU_SHELL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
31.4%
CVE-2023-26612 CRITICAL POC Act Now

D-Link DIR-823G firmware version 1.02B05 has a buffer overflow vulnerability, which originates from the HostName field in SetParentsControlInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-34849 CRITICAL POC Act Now

An unauthorized command injection vulnerability exists in the ActionLogin function of the webman.lua file in Ikuai router OS through 3.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ikuaios
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-34844 CRITICAL POC Act Now

Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker container to escape. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Docker Play With Docker
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34598 CRITICAL POC THREAT Act Now

Gibbon v25.0.0 is vulnerable to a Local File Inclusion (LFI) where it's possible to include the content of several files present in the installation folder in the server's response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gibbon
NVD GitHub
CVSS 3.1
9.8
EPSS
47.2%
CVE-2023-3458 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Shopping Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3457 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Shopping Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34735 CRITICAL POC Act Now

Property Cloud Platform Management Center 1.0 is vulnerable to error-based SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Property Cloud Platform Management Center
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-34487 CRITICAL POC Act Now

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Hotel Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34738 CRITICAL POC Act Now

Chemex through 3.7.1 is vulnerable to arbitrary file upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Chemex
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36470 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-36469 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
82.4%
CVE-2023-36468 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-34656 HIGH POC This Week

An issue was discovered with the JSESSION IDs in Xiamen Si Xin Communication Technology Video management system 3.1 thru 4.1 allows attackers to gain escalated privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Session Fixation Video Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33277 HIGH POC This Week

The web interface of Gira Giersiepen Gira KNX/IP-Router 3.1.3683.0 and 3.3.8.0 allows a remote attacker to read sensitive files via directory-traversal sequences in the URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Knx Ip Router Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-34843 HIGH POC This Week

Traggo Server 0.3.0 is vulnerable to directory traversal via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Traggo
NVD GitHub
CVSS 3.1
7.5
EPSS
7.2%
CVE-2023-37256 MEDIUM POC This Month

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37255 MEDIUM POC This Month

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37254 MEDIUM POC This Month

An issue was discovered in the Cargo extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34599 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gibbon
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-34486 MEDIUM POC This Month

itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Hotel Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-33661 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities were discovered in Church CRM v4.5.3 in GroupReports.php via GroupRole, ReportModel, and OnlyCart parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33190 CRITICAL PATCH Act Now

Sealos is an open source cloud operating system distribution based on the Kubernetes kernel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Kubernetes Authentication Bypass Sealos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36487 CRITICAL Act Now

The password reset function in ILIAS 7.0_beta1 through 7.20 and 8.0_beta1 through 8.1 allows remote attackers to take over the account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ilias
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-35830 CRITICAL Act Now

STW (aka Sensor-Technik Wiedemann) TCG-4 Connectivity Module DeploymentPackage_v3.03r0-Impala and DeploymentPackage_v3.04r2-Jellyfish and TCG-4lite Connectivity Module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Tcg 4 Firmware Tcg 4Lite Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-26966 MEDIUM POC PATCH This Month

libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-25433 MEDIUM POC PATCH This Month

libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-36476 MEDIUM POC PATCH This Month

calamares-nixos-extensions provides Calamares branding and modules for NixOS, a distribution of GNU/Linux. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Calamares Nixos Extensions
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-36471 MEDIUM POC PATCH This Month

Xwiki commons is the common modules used by other XWiki top level projects. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Commons
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-34831 MEDIUM POC This Month

The "Submission Web Form" of Turnitin LTI tool/plugin version 1.3 is affected by HTML Injection attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ithacalabs Turnitin Lti
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34834 MEDIUM POC This Month

A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file". Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Mcl Net Firmware
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
4.0%
CVE-2023-31222 HIGH This Week

Deserialization of untrusted data in Microsoft Messaging Queuing Service in Medtronic's Paceart Optima versions 1.11 and earlier on Windows allows an unauthorized user to impact a healthcare delivery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Deserialization Paceart Optima
NVD
CVSS 3.1
8.8
EPSS
28.3%
CVE-2023-33466 HIGH This Week

Orthanc before 1.12.0 allows authenticated users with access to the Orthanc API to overwrite arbitrary files on the file system, and in specific deployment scenarios allows the attacker to overwrite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Orthanc
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2023-22886 HIGH PATCH This Week

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow JDBC Provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Jdbc
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-34734 MEDIUM POC This Month

Annet AC Centralized Management Platform 1.02.040 is vulnerable to Stored Cross-Site Scripting (XSS) . Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Annet Ac Centralized Management Platform
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26085 HIGH This Week

A possible out-of-bounds read and write (due to an improper length check of shared memory) was discovered in Arm NN Android-NN-Driver before 23.02. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Google Nn Android Neural Networks Driver
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3447 HIGH PATCH This Week

The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Injection in versions up to, and including, 4.1.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure WordPress LDAP Code Injection Active Directory Integration Ldap Integration
NVD VulDB
CVSS 3.1
7.6
EPSS
0.6%
CVE-2023-32610 HIGH This Week

Mailform Pro CGI 4.3.1.2 and earlier allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mailform Pro Cgi
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-35938 HIGH PATCH This Week

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Tuleap
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-37237 HIGH This Week

In Veritas NetBackup Appliance before 4.1.0.1 MR3, insecure permissions may allow an authenticated Admin to bypass shell restrictions and execute arbitrary operating system commands via SSH. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Netbackup Appliance
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-3465 MEDIUM This Month

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Classified Ads Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3464 MEDIUM This Month

A vulnerability was found in SimplePHPscripts Classified Ads Script 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Classified Ads Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36484 MEDIUM This Month

ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to reflected Cross-Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ilias
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37251 MEDIUM This Month

An issue was discovered in the GoogleAnalyticsMetrics extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34648 MEDIUM This Month

A Cross Site Scripting vulnerability in PHPgurukl User Registration Login and User Management System with admin panel v.1.0 allows a local attacker to execute arbitrary code via a crafted script to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE XSS User Registration Login And User Management System With Admin Panel
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30955 MEDIUM This Month

A security defect was identified in Foundry workspace-server that enabled a user to bypass an authorization check and view settings related to 'Developer Mode'. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Foundry Workspace Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36488 MEDIUM This Month

ILIAS 7.21 and 8.0_beta1 through 8.2 is vulnerable to stored Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ilias
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36607 MEDIUM This Month

The affected TBox RTUs are missing authorization for running some API commands. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tbox Ms Cpu32 Firmware Tbox Ms Cpu32 S2 Firmware Tbox Lt2 Firmware Tbox Tg2 Firmware +1
NVD
CVSS 3.1
5.3
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy