Skip to main content
CVE-2023-33012 HIGH POC THREAT Act Now

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +19
NVD GitHub
CVSS 3.1
8.8
EPSS
10.1%
CVE-2023-37266 CRITICAL POC PATCH Act Now

CasaOS is an open-source Personal Cloud system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Casaos
NVD GitHub
CVSS 3.1
9.8
EPSS
5.9%
CVE-2023-37265 CRITICAL POC PATCH Act Now

CasaOS is an open-source Personal Cloud system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Casaos Casaos Gateway
NVD GitHub
CVSS 3.1
9.8
EPSS
6.4%
CVE-2023-37461 CRITICAL POC Act Now

Metersphere is an opensource testing framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-37791 CRITICAL POC THREAT Act Now

D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
11.5%
CVE-2023-3186 CRITICAL POC Act Now

The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Popup
NVD WPScan
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-3696 CRITICAL POC PATCH Act Now

Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Prototype Pollution Mongoose
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3179 HIGH POC This Week

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Post Smtp
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-2636 HIGH POC This Week

The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi An Gradebook
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
4.6%
CVE-2023-2330 HIGH POC This Week

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress Caldera Forms Google Sheets Connector
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-2329 HIGH POC This Week

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress Woocommerce Google Sheet Connector
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-37475 HIGH POC PATCH This Week

Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Avro
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34669 HIGH POC This Week

TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cp300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-37781 MEDIUM POC This Month

An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Emqx
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-37769 MEDIUM POC This Month

stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pixman
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-31853 MEDIUM POC This Month

Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lt400 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-31851 MEDIUM POC This Month

Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lt400 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3182 MEDIUM POC This Month

The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Restrict Content
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3041 MEDIUM POC This Month

The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Automatic Conversation
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31852 MEDIUM POC This Month

Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lt400 Firmware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2701 MEDIUM POC This Month

The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gravity Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1893 MEDIUM POC This Month

The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Login Configurator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-3376 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2963 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2958 CRITICAL Act Now

Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ats Pro
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-26512 CRITICAL Act Now

7.0\V1.8.0 on windows\linux\mac os e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Microsoft Deserialization Eventmesh Connector Rabbitmq
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3695 CRITICAL Act Now

A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-37770 MEDIUM POC This Month

faust commit ee39a19 was discovered to contain a stack overflow via the component boxppShared::print() at /boxes/ppbox.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Faust
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-36656 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Jaeger Ui
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-2579 MEDIUM POC This Month

The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Inventorypress
NVD GitHub WPScan
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-3694 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi House Rental And Property Listing
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.7%
CVE-2023-3724 HIGH PATCH This Week

If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-38404 HIGH This Week

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Infoscale Operations Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-34139 HIGH This Week

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33011 HIGH This Week

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28767 HIGH This Week

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-37985 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Five Star Restaurant Menu
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37974 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Social Autoconnect
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37968 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Falang
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-36514 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Shipping Multiple Addresses
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36513 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Automatewoo
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-36511 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce Order Barcodes
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-34005 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Front End Users
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-3245 MEDIUM POC This Month

The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Chaty
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-35880 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Brands
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-35089 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Recipe Maker For Your Food Blog From Zip Recipes
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35038 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Pdf Generator
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-31216 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ultimate Member
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27424 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Inactive User Deleter
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27606 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Reroute Email
NVD
CVSS 3.1
8.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy