Skip to main content
CVE-2023-3460 CRITICAL POC THREAT Act Now

The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Ultimate Member
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
72.3%
CVE-2023-31999 HIGH POC PATCH This Week

All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Oauth2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3503 HIGH POC This Week

A vulnerability has been found in SourceCodester Shopping Website 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Shopping Website
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1273 HIGH POC This Week

The ND Shortcodes WordPress plugin before 7.0 does not validate some shortcode attributes before using them to generate paths passed to include function/s, allowing any authenticated users such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Nd Shortcodes
NVD WPScan
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22906 HIGH POC This Week

Hero Qubo HCD01_02_V1.38_20220125 devices allow TELNET access with root privileges by default, without a password. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Qubo Hcd01 Firmware Qubo Hcd02 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3502 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Shopping Website 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3133 HIGH POC This Week

The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Tutor Lms
NVD WPScan
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-3139 MEDIUM POC This Month

The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Protect Wp Admin
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-2333 MEDIUM POC This Month

The Ninja Forms Google Sheet Connector WordPress plugin before 1.2.7, gsheetconnector-ninja-forms-pro WordPress plugin through 1.2.7 does not escape a parameter before outputting it back in an. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Ninja Forms Google Sheet Connector
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-2324 MEDIUM POC This Month

The Elementor Forms Google Sheet Connector WordPress plugin before 1.0.7, gsheetconnector-for-elementor-forms-pro WordPress plugin through 1.0.7 does not escape some parameters before outputting them. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Elementor Forms Google Sheet Connector
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2321 MEDIUM POC This Month

The WPForms Google Sheet Connector WordPress plugin before 3.4.6, gsheetconnector-wpforms-pro WordPress plugin through 3.4.6 does not escape a parameter before outputting it back in an attribute,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Wpforms Google Sheet Connector
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2320 MEDIUM POC This Month

The CF7 Google Sheets Connector WordPress plugin before 5.0.2, cf7-google-sheets-connector-pro WordPress plugin through 5.0.2 does not escape a parameter before outputting it back in an attribute,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS WordPress Cf7 Google Sheets Connector
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3504 CRITICAL Act Now

A vulnerability was found in SmartWeb Infotech Job Board 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Smartweb Infotech Job Board
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-21631 CRITICAL Act Now

Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5G Firmware 9205 Firmware Apq8017 Firmware Apq8037 Firmware +151
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-30990 CRITICAL PATCH Act Now

IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2974 HIGH PATCH This Week

A vulnerability was found in quarkus-core. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Build Of Quarkus
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-28542 HIGH PATCH This Week

Memory Corruption in WLAN HOST while fetching TX status information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow 315 5g Iot Firmware Apq8064au Firmware Aqt1000 Firmware Ar8031 Firmware +179
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28541 HIGH PATCH This Week

Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Aqt1000 Firmware Ar8031 Firmware Ar9380 Firmware C V2x 9150 Firmware +194
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24854 HIGH PATCH This Week

Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response message. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Stack Overflow Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware +155
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24851 HIGH PATCH This Week

Memory Corruption in WLAN HOST while parsing QMI response message from firmware. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Csra6620 Firmware Csra6640 Firmware +182
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22667 HIGH This Week

Memory Corruption in Audio while allocating the ion buffer during the music playback. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow 315 5g Iot Firmware Apq8017 Firmware Aqt1000 Firmware +197
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22387 HIGH PATCH This Week

Arbitrary memory overwrite when VM gets compromised in TX write leading to Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow 315 5g Iot Firmware Apq8017 Firmware Aqt1000 Firmware +263
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22386 HIGH PATCH This Week

Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Csra6620 Firmware Csra6640 Firmware +192
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21672 HIGH PATCH This Week

Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording sessions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Fastconnect 6700 Firmware Fastconnect 6900 Firmware +54
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21641 HIGH PATCH This Week

An app with non-privileged access can change global system brightness and cause undesired system behavior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6574au Firmware Qca6696 Firmware +11
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21640 HIGH This Week

Memory corruption in Linux when the file upload API is called with parameters having large buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow File Upload Fastconnect 6900 Firmware Fastconnect 7800 Firmware Snapdragon 8 Gen 1 Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21639 HIGH This Week

Memory corruption in Audio while processing sva_model_serializer using memory size passed by HIDL client. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Qca6420 Firmware Qca6430 Firmware +18
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21638 HIGH This Week

Memory corruption in Video while calling APIs with different instance ID than the one received in initialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +31
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21637 HIGH This Week

Memory corruption in Linux while calling system configuration APIs. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware Fastconnect 6900 Firmware +50
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21635 HIGH This Week

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Csrb31024 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +44
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21633 HIGH This Week

Memory Corruption in Linux while processing QcRilRequestImsRegisterMultiIdentityMessage request. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8064au Firmware Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware +92
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20773 HIGH This Week

In vow, there is a possible escalation of privilege due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-25522 HIGH This Week

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause improper input validation by providing configuration information in an unexpected format. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Denial Of Service Dgx A100 Firmware Dgx A800 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25521 HIGH This Week

NVIDIA DGX A100/A800 contains a vulnerability in SBIOS where an attacker may cause execution with unnecessary privileges by leveraging a weakness whereby proper input parameter validation is not. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Denial Of Service Nvidia Dgx A100 Firmware +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20693 HIGH This Week

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20692 HIGH This Week

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20691 HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20690 HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20689 HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2010 LOW POC Monitor

The Forminator WordPress plugin before 1.24.1 does not use an atomic operation to check whether a user has already voted, and then update that information. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure WordPress Forminator
NVD WPScan
CVSS 3.1
3.1
EPSS
0.4%
CVE-2023-25517 HIGH This Week

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Authentication Bypass Gpu Display Driver
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-25516 HIGH This Week

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause an integer overflow, which may lead to information disclosure and denial of. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Linux Integer Overflow Information Disclosure +1
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-21629 MEDIUM This Month

Memory Corruption in Modem due to double free while parsing the PKCS15 sim files. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5G Firmware Apq8017 Firmware Apq8037 Firmware Aqt1000 Firmware +203
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-20775 MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20774 MEDIUM This Month

In display, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20772 MEDIUM This Month

In vow, there is a possible escalation of privilege due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20768 MEDIUM This Month

In ion, there is a possible out of bounds read due to type confusion. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20767 MEDIUM This Month

In pqframework, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20766 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20761 MEDIUM This Month

In ril, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy