Skip to main content
CVE-2023-35302 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +10
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-35300 HIGH PATCH This Week

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-33160 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
4.3%
CVE-2023-33159 HIGH PATCH This Week

Microsoft SharePoint Server Spoofing Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-33157 HIGH PATCH This Week

Microsoft SharePoint Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Microsoft Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
41.5%
CVE-2023-33134 HIGH PATCH This Week

Microsoft SharePoint Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Microsoft Deserialization Sharepoint Server
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-32049 HIGH KEV PATCH THREAT This Week

Windows SmartScreen Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Windows 10 1607 Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
8.8
EPSS
4.4%
CVE-2023-32038 HIGH PATCH This Week

Microsoft ODBC Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-36824 HIGH This Week

Redis is an in-memory database that persists on disk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Redis Heap Overflow Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
77.4%
CVE-2023-34116 HIGH This Week

Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Microsoft Zoom
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-2072 HIGH This Week

The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Rockwell RCE Memory Corruption XSS +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36690 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wordpress Learning Management System
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36522 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Quiz Expert Easy Quiz Maker Exam And Test Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35773 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Template Debugger
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36693 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <= 1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Rss Images
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35913 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Oopspam Anti Spam
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35774 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lws Tools
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-34015 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Advanced Free Flat Shipping Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-35781 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Lws Cleaner
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25487 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pixtypes
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25468 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Reservation Studio
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25051 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <= 1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Comment Reply Notification
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24421 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Php Compatibility Checker
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23997 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Database Collation Fix
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23731 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wishsuite
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23704 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Comments Rating
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23803 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Justtables
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23791 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ht Menu
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23792 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Swatchly
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36922 HIGH This Week

Due to programming error in function module and report, IS-OIL component in SAP ECC and SAP S/4HANA allows an authenticated attacker to inject an arbitrary operating system command into an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Command Injection Netweaver
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37190 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pbx
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-37189 MEDIUM POC This Month

A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pbx
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-37191 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pbx
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-35335 HIGH PATCH This Week

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Dynamics 365
NVD
CVSS 3.1
8.2
EPSS
0.8%
CVE-2023-35297 HIGH PATCH This Week

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-33170 HIGH PATCH This Week

ASP.NET and Visual Studio Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Net Visual Studio 2022 Fedora
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2023-33127 HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Net Visual Studio 2022
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2023-31191 HIGH This Week

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an information loss vulnerability through traffic injection. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Code Injection Dronescout Ds230 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-31190 HIGH This Week

DroneScout ds230 Remote ID receiver from BlueMark Innovations is affected by an Improper Authentication vulnerability during the firmware update procedure. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Dronescout Ds230 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-33989 HIGH This Week

An attacker with non-administrative authorizations in SAP NetWeaver (BI CONT ADD ON) - versions 707, 737, 747, 757, can exploit a directory traversal flaw to over-write system files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Bi Content
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-33161 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE 365 Apps Office Office Long Term Servicing Channel
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-33149 HIGH PATCH This Week

Microsoft Office Graphics Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Memory Corruption RCE Microsoft 365 Apps +2
NVD VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-33158 HIGH PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Microsoft RCE 365 Apps Office +1
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-24491 HIGH This Week

A vulnerability has been discovered in the Citrix Secure Access client for Windows which, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36867 HIGH PATCH This Week

Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Pull Requests And Issues
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-36538 HIGH This Week

Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36537 HIGH This Week

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-36536 HIGH This Week

Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35374 HIGH PATCH This Week

Paint 3D Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Paint 3D
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-35363 HIGH PATCH This Week

Windows Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Heap Overflow Windows 10 1809 Windows 10 21h2 +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy