Skip to main content
CVE-2023-37287 CRITICAL Act Now

SmartBPM.NET has a vulnerability of using hard-coded authentication key. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smartbpm Net
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-36940 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Fire Reporting System
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3225 MEDIUM POC This Month

The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Float Menu
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3175 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-3129 MEDIUM POC This Month

The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Url Shortify
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37392 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Dummy Content Generator
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36691 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Webwinkelkeur
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36376 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hostel Management System
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-35912 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Potent Donations For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2967 MEDIUM POC This Month

The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tinymce Custom Styles
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2709 MEDIUM POC This Month

The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS An Gradebook
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2635 MEDIUM POC This Month

The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Call Now Accessibility Button
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2578 MEDIUM POC This Month

The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Buy Me A Coffee
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2234 HIGH This Week

Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2029 MEDIUM POC This Month

The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Prepost Seo
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2028 MEDIUM POC This Month

The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Call Now Accessibility Button
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2026 MEDIUM POC This Month

The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Image Protector
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-28995 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Configurable Tag Cloud
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28989 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Happy Addons For Elementor
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28986 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Affiliates Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27869 HIGH PATCH This Week

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft IBM Db2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-27868 HIGH PATCH This Week

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft IBM Db2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-27867 HIGH PATCH This Week

IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft IBM Db2
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-25478 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Weather Station
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24405 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 - PayPal & Stripe Add-on plugin <= 1.9.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Paypal Stripe Add On
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24395 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contact Form 7 Redirect Thank You Page
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23993 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <= 11.1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ip Blocker Lite
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23869 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Google Xml Sitemap For Mobile
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23804 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ht Feed
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23787 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Redirect Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22695 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Custom Field Template
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22694 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bigcontact Contact Page
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22673 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <= 1.0.29.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Website Monetization
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-3580 MEDIUM POC PATCH This Month

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Squidex
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-3131 MEDIUM POC This Month

The MStore API WordPress plugin before 3.9.7 does not secure most of its AJAX actions by implementing privilege checks, nonce checks, or a combination of both. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Mstore Api
NVD WPScan
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-2495 MEDIUM POC This Month

The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Greeklish Permalink
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-3271 HIGH This Week

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to gather information about the system and download data via the REST API by accessing unauthenticated. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Icr890 4 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-32254 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Linux Linux Kernel Hci Management Node +4
NVD
CVSS 3.1
8.1
EPSS
2.9%
CVE-2023-32250 HIGH PATCH This Week

A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Information Disclosure Linux Linux Kernel Hci +5
NVD
CVSS 3.1
8.1
EPSS
2.6%
CVE-2023-1902 HIGH This Week

The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Zephyr
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-1901 HIGH This Week

The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-34318 HIGH This Week

A heap buffer overflow vulnerability was found in sox, in the startread function at sox/src/hcom.c:160:41. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow RCE Information Disclosure +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-30431 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow RCE Microsoft IBM Db2
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28958 HIGH PATCH This Week

IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection IBM Watson Knowledge Catalog On Cloud Pak For Data
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-27558 HIGH PATCH This Week

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft IBM Db2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22835 HIGH This Week

A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Foundry Frontend Foundry Issues
NVD
CVSS 3.1
7.7
EPSS
0.7%
CVE-2023-3273 HIGH This Week

Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Icr890 4 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-35696 HIGH This Week

Unauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the device via HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icr890 4 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-3272 HIGH This Week

Cleartext Transmission of Sensitive Information in the SICK ICR890-4 could allow a remote attacker to gather sensitive information by intercepting network traffic that is not encrypted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icr890 4 Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-24487 HIGH This Week

Arbitrary file read in Citrix ADC and Citrix Gateway. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Citrix Application Delivery Controller Gateway
NVD
CVSS 3.1
7.5
EPSS
1.1%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy