Skip to main content
CVE-2023-36874 HIGH POC KEV PATCH THREAT Act Now

Windows Error Reporting Service Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
7.8
EPSS
43.1%
CVE-2023-3627 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-3621 HIGH POC This Week

A vulnerability was found in IBOS OA 4.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33148 HIGH POC PATCH This Week

Microsoft Office Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure 365 Apps Office Office Long Term Servicing Channel
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
1.7%
CVE-2023-37597 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service CSRF Pbx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-37596 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service CSRF Pbx
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-31818 HIGH POC This Week

An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Marukyu Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-2078 HIGH POC PATCH This Week

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress Authentication Bypass Buy Me A Coffee
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-2079 HIGH POC PATCH This Week

The "Buy Me a Coffee - Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Buy Me A Coffee
NVD VulDB
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-24492 HIGH This Week

A vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ubuntu RCE Code Injection Citrix Secure Access Client
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-35364 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Microsoft Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-35322 HIGH PATCH This Week

Windows Deployment Services Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Stack Overflow Buffer Overflow RCE Microsoft Windows Server 2008 +4
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-35315 HIGH PATCH This Week

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-35311 HIGH KEV PATCH THREAT This Week

Microsoft Outlook Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
8.8
EPSS
15.5%
CVE-2023-35303 HIGH PATCH This Week

USB Audio Class System Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 Windows 10 21h2 +8
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-35302 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +10
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-35300 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-33160 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2023-33159 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-33157 HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
41.5%
CVE-2023-33134 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-32049 HIGH KEV PATCH THREAT This Week

Windows SmartScreen Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2023-32038 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-36824 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Redis Heap Overflow Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
77.4%
CVE-2023-34116 HIGH This Week

Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Microsoft Zoom
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-2072 HIGH This Week

The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell RCE Memory Corruption XSS +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36690 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wordpress Learning Management System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36522 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Quiz Expert Easy Quiz Maker Exam And Test Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35773 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Template Debugger
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36693 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <= 1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Rss Images
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35913 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oopspam Anti Spam
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35774 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lws Tools
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-34015 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Advanced Free Flat Shipping Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-35781 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lws Cleaner
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25487 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pixtypes
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25468 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Reservation Studio
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25051 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <= 1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Comment Reply Notification
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24421 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Php Compatibility Checker
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23997 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Database Collation Fix
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23731 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wishsuite
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23704 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Comments Rating
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23803 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Justtables
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23791 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ht Menu
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23792 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Swatchly
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36922 HIGH This Week

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Command Injection Netweaver
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-35335 HIGH PATCH This Week

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2023-35297 HIGH PATCH This Week

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-33170 HIGH PATCH This Week

ASP.NET and Visual Studio Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Net Visual Studio 2022 Fedora
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2023-33127 HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Net Visual Studio 2022
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2023-31191 HIGH This Week

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Dronescout Ds230 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy