Skip to main content
CVE-2023-33012 HIGH POC THREAT Act Now

A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +19
NVD GitHub
CVSS 3.1
8.8
EPSS
10.1%
CVE-2023-3179 HIGH POC This Week

The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Post Smtp
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-2636 HIGH POC This Week

The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi An Gradebook
NVD WPScan Exploit-DB
CVSS 3.1
8.8
EPSS
4.6%
CVE-2023-2330 HIGH POC This Week

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress Caldera Forms Google Sheets Connector
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-2329 HIGH POC This Week

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google CSRF WordPress Woocommerce Google Sheet Connector
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-37475 HIGH POC PATCH This Week

Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Avro
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34669 HIGH POC This Week

TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cp300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3724 HIGH PATCH This Week

If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Wolfssl
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-38404 HIGH This Week

The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Infoscale Operations Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-34139 HIGH This Week

A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +12
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33011 HIGH This Week

A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28767 HIGH This Week

The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 2200 Vpn Firmware Usg Flex 100 Firmware Usg Flex 100W Firmware +19
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-37985 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Five Star Restaurant Menu
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37974 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Social Autoconnect
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37968 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Falang
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-36514 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Shipping Multiple Addresses
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36513 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Automatewoo
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-36511 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce Order Barcodes
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-34005 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Front End Users
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35880 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Brands
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-35089 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Recipe Maker For Your Food Blog From Zip Recipes
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35038 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Pdf Generator
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-31216 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ultimate Member
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27424 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Inactive User Deleter
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27606 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Reroute Email
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-23719 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Premmerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-23646 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery - WordPress Gallery plugin <= 1.4.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Album Gallery
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22672 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Vslider
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2759 HIGH This Week

A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Core Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3591 HIGH This Week

Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-3615 HIGH This Week

Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mattermost Information Disclosure Apple
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-3581 HIGH This Week

Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-34141 HIGH This Week

A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +21
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-34138 HIGH This Week

A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2,. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg 20W Vpn Firmware Usg 2200 Vpn Firmware Usg Flex 100 Firmware +19
NVD
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-37476 HIGH PATCH This Week

OpenRefine is a free, open source tool for data processing. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

RCE Path Traversal Openrefine
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-2760 HIGH This Week

An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Core Firmware
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-2959 HIGH This Week

Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-37479 HIGH PATCH This Week

Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Intel Openenclave
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38405 HIGH This Week

On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cp3N 6505417 Firmware Cp3 6504877 Firmware Cp3 Gv 6506034 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-38403 HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-3590 HIGH This Week

Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2912 HIGH This Week

Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Sitemanager Embedded
NVD
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy