Skip to main content
CVE-2022-34155 HIGH POC This Week

Improper Authentication vulnerability in miniOrange OAuth Single Sign On - SSO (OAuth Client) plugin allows Authentication Bypass.23.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oauth Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37897 HIGH POC PATCH This Week

Grav is a file-based Web-platform built in PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Grav
NVD GitHub
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-37477 HIGH POC PATCH This Week

1Panel is an open source Linux server operation and maintenance management panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection 1panel
NVD GitHub
CVSS 3.1
8.8
EPSS
5.4%
CVE-2023-22047 HIGH POC PATCH THREAT This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Oracle Authentication Bypass Peoplesoft Enterprise
NVD
CVSS 3.1
7.5
EPSS
74.5%
CVE-2023-37788 HIGH POC PATCH This Week

goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Goproxy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38434 HIGH POC This Week

xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xhttp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3713 HIGH PATCH This Week

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation WordPress Profilegrid
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-22508 HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-22505 HIGH PATCH This Week

This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-34330 HIGH This Week

AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-28019 HIGH This Week

Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bigfix Webui
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-33265 HIGH PATCH This Week

In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hazelcast Imdg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-37973 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Replace Word
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37892 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Shortcode Imdb
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37889 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Aws Cdn
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37387 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Classified Listing
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37386 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Media Library Helper
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25036 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Social Media Icons Widget
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-23660 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mainwp Maintenance Extension
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-25482 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Tiles
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25475 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smart Youtube Pro
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25473 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Flickr Justified Gallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-22062 HIGH PATCH This Week

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Authentication Bypass Hyperion
NVD
CVSS 3.1
8.5
EPSS
0.5%
CVE-2023-22014 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-22018 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Oracle Information Disclosure Vm Virtualbox
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-34143 HIGH This Week

Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Device Manager
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-34329 HIGH This Week

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Megarac Sp X
NVD
CVSS 3.1
8.0
EPSS
1.0%
CVE-2023-22023 HIGH PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Oracle Solaris
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30906 HIGH PATCH This Week

The vulnerability could be locally exploited to allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Intelligent Provisioning
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-30383 HIGH This Week

TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service TP-Link Buffer Overflow Archer C2 V1 Firmware Archer C20 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22060 HIGH PATCH This Week

Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Authentication Bypass Hyperion Workspace
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2023-3714 HIGH PATCH This Week

The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation WordPress Authentication Bypass Profilegrid
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-37758 HIGH This Week

D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow D-Link Dir 815 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-28021 HIGH This Week

The BigFix WebUI uses weak cipher suites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bigfix Webui
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-38257 HIGH This Week

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Scrutisweb
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-33871 HIGH This Week

Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Scrutisweb
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-2263 HIGH This Week

The Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Kinetix 5700 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3743 HIGH This Week

Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ap Page Builder
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34142 HIGH This Week

Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Device Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-31998 HIGH PATCH This Week

A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Edgemax Edgerouter Firmware Aircube Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3459 HIGH PATCH This Week

The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass WordPress Import Export Wordpress Users
NVD
CVSS 3.1
7.2
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy