Skip to main content
CVE-2023-30153 CRITICAL POC Act Now

An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Payplug
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-34155 HIGH POC This Week

Improper Authentication vulnerability in miniOrange OAuth Single Sign On - SSO (OAuth Client) plugin allows Authentication Bypass.23.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oauth Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37897 HIGH POC PATCH This Week

Grav is a file-based Web-platform built in PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-37477 HIGH POC PATCH This Week

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection 1panel
NVD GitHub
CVSS 3.1
8.8
EPSS
5.4%
CVE-2023-22047 HIGH POC PATCH THREAT This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Oracle Authentication Bypass Peoplesoft Enterprise
NVD
CVSS 3.1
7.5
EPSS
74.5%
CVE-2023-37788 HIGH POC PATCH This Week

goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Goproxy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38434 HIGH POC This Week

xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xhttp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-36670 CRITICAL Act Now

A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ngc Indoor Unit Firmware
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-36669 CRITICAL Act Now

Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ngc Indoor Unit Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35189 CRITICAL Act Now

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote code execution vulnerability that could allow an unauthenticated user to upload a malicious payload and execute it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Scrutisweb
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-38429 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 6.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Linux Linux Kernel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38427 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 6.3.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel H300S +3
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37143 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-37142 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-37141 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-37140 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-37139 MEDIUM POC This Month

ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Chakracore
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2023-0160 MEDIUM POC PATCH This Month

A deadlock flaw was found in the Linux kernel’s BPF subsystem. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31441 MEDIUM POC This Month

In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Advisor Network
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-34035 MEDIUM POC PATCH This Month

Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Spring Security
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-38432 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 6.3.10. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Solidfire +5
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2023-38431 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 6.3.8. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Solidfire Hci Management Node +4
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2023-38430 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 6.3.9. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Hci Management Node +4
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2023-38428 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 6.3.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Solidfire Hci Management Node +5
NVD
CVSS 3.1
9.1
EPSS
3.0%
CVE-2023-38426 CRITICAL PATCH Act Now

An issue was discovered in the Linux kernel before 6.3.4. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Linux Linux Kernel Solidfire Hci Management Node +5
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2023-21975 CRITICAL PATCH Act Now

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Application Express
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2023-21974 CRITICAL PATCH Act Now

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Application Express
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2023-3713 HIGH PATCH This Week

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation WordPress Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-22508 HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-22505 HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-34330 HIGH This Week

AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-28019 HIGH This Week

Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bigfix Webui
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-33265 HIGH PATCH This Week

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hazelcast Imdg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37973 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Replace Word
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37892 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Shortcode Imdb
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37889 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aws Cdn
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37387 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Classified Listing
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37386 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Media Library Helper
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25036 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Social Media Icons Widget
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-23660 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mainwp Maintenance Extension
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-25482 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Tiles
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25475 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smart Youtube Pro
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25473 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Flickr Justified Gallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-22062 HIGH PATCH This Week

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Authentication Bypass Hyperion
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2023-22014 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-22018 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-34143 HIGH This Week

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Device Manager
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-34329 HIGH This Week

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Megarac Sp X
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2023-22023 HIGH PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Oracle Solaris
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30906 HIGH PATCH This Week

The vulnerability could be locally exploited to allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intelligent Provisioning
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy