Skip to main content
CVE-2023-29300 CRITICAL POC KEV THREAT Emergency

Adobe ColdFusion 2023, 2021, and 2018 contain a Java deserialization vulnerability allowing unauthenticated remote code execution, part of a series of critical ColdFusion flaws actively exploited in 2023.

NVD
CVSS 3.1
9.8
EPSS
93.7%
Threat
9.8
CVE-2023-33668 CRITICAL POC Act Now

DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Digiexam
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-33274 CRITICAL POC Act Now

The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Snmp Web Pro
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-26564 CRITICAL POC Act Now

The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ej2 Aspcore File Provider
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-26563 CRITICAL POC Act Now

The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Nodejs File System Provider
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-3643 CRITICAL POC THREAT Act Now

A vulnerability was found in Boss Mini 1.4.0 Build 6221. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Boss Mini Firmware
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
75.4%
CVE-2023-37629 CRITICAL POC THREAT Act Now

Online Piggery Management System 1.0 is vulnerable to File Upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Online Piggery Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
23.3%
CVE-2023-37628 CRITICAL POC Act Now

Online Piggery Management System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Online Piggery Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37627 CRITICAL POC Act Now

Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Restaurant Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-37582 CRITICAL POC PATCH THREAT Act Now

The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Rocketmq
NVD
CVSS 3.1
9.8
EPSS
90.4%
CVE-2020-20021 HIGH POC This Week

An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mikrotik Denial Of Service Routeros
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-3635 HIGH POC PATCH This Week

GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Okio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-29298 HIGH POC KEV THREAT This Week

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Coldfusion
NVD
CVSS 3.1
7.5
EPSS
99.8%
CVE-2023-3525 HIGH POC This Week

The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Getnet Argentina Para Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37630 MEDIUM POC This Month

Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Online Piggery Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3644 CRITICAL Act Now

A vulnerability was found in SourceCodester Service Provider Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Service Provider Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3595 CRITICAL Act Now

Where this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Rockwell RCE 1756 En2F Series A Firmware +11
NVD
CVSS 3.1
9.8
EPSS
5.0%
CVE-2023-36266 MEDIUM POC This Month

An issue was discovered in Keeper Password Manager for Desktop version 16.10.2 (fixed in 17.2), and the KeeperFill Browser Extensions version 16.5.4 (fixed in 17.2), allows local attackers to gain. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keeper Keeperfill
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-4417 MEDIUM POC PATCH This Month

The Forminator - Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Forminator
NVD VulDB
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-3105 HIGH This Week

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Learndash
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-37964 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Elasticbox Ci
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37962 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Benchmark Evaluator
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37961 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Assembla
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37958 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Sumologic Publisher
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37957 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Pipeline Restful Api
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-37946 HIGH PATCH This Week

Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Session Fixation Information Disclosure Openshift Login
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3600 HIGH This Week

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-30429 HIGH PATCH This Week

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.10.4, and 2.11.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Authentication Bypass Pulsar
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-32200 HIGH PATCH This Week

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Jena
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-37197 HIGH This Week

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Struxureware Data Center Expert
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37196 HIGH This Week

A CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command ('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Struxureware Data Center Expert
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2021-4426 MEDIUM POC PATCH This Month

The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Absolute Reviews
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4427 MEDIUM POC PATCH This Month

The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP WordPress CSRF Vuukle Comments Reactions Share Bar Revenue
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4425 MEDIUM POC PATCH This Month

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Defender Security
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2020-36761 MEDIUM POC PATCH This Month

The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Top 10
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2020-36760 MEDIUM POC PATCH This Month

The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Ocean Extra
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36752 MEDIUM POC PATCH This Month

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Coming Soon Maintenance Mode Page
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-30428 HIGH PATCH This Week

Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Pulsar
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-29308 HIGH This Week

Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Indesign
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-3106 HIGH PATCH This Week

A NULL pointer dereference vulnerability was found in netlink_dump. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Denial Of Service Null Pointer Dereference Linux Kernel Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-30929 HIGH This Week

In telephony service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30928 HIGH This Week

In telephony service, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30917 HIGH This Week

In DMService, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30916 HIGH This Week

In DMService, there is a possible missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-29414 HIGH PATCH This Week

A CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability exists that could cause user privilege escalation if a local user sends specific string input to a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Privilege Escalation Buffer Overflow Accutech Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-2763 HIGH This Week

Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow 3Dexperience Solidworks
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-2762 HIGH This Week

A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Memory Corruption 3Dexperience Solidworks
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29301 HIGH This Week

Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Coldfusion
NVD
CVSS 3.1
7.5
EPSS
31.8%
CVE-2023-3596 HIGH This Week

Where this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Rockwell Denial Of Service 1756 En4Tr Firmware +2
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2023-3092 HIGH This Week

The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.3.46 due to insufficient input sanitization and output. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Smtp Mail
NVD VulDB
CVSS 3.1
7.2
EPSS
1.4%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy