Skip to main content
CVE-2023-39344 HIGH POC PATCH This Week

social-media-skeleton is an uncompleted social media project. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE SQLi Social Media Skeleton
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-38702 HIGH POC This Week

Knowage is an open source analytics and business intelligence suite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Knowage
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-4159 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Omeka S
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38487 HIGH POC PATCH This Week

HedgeDoc is software for creating real-time collaborative markdown notes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Hedgedoc
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-38494 HIGH POC PATCH This Week

MeterSphere is an open-source continuous testing platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Metersphere
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-30146 HIGH POC This Week

Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ht Ip211Hdp Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4142 HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

WordPress RCE Code Injection Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
8.0
EPSS
4.6%
CVE-2023-4141 HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

WordPress PHP RCE Code Injection Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
8.0
EPSS
4.6%
CVE-2023-29505 HIGH This Week

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Network Configuration Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38708 HIGH PATCH This Week

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation Path Traversal Denial Of Service Authentication Bypass Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4139 HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38688 HIGH PATCH This Week

twitch-tui provides Twitch chat in a terminal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Twitch Tui
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-37896 HIGH PATCH This Week

Nuclei is a vulnerability scanner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Nuclei
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39379 HIGH This Week

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Software Infrastructure Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-36135 HIGH This Week

User enumeration is found in in PHPJabbers Class Scheduling System v1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Class Scheduling System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0525 HIGH This Week

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt Designer3 Gt Softgot2000 Gt27 Firmware Gt25 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-38497 HIGH PATCH This Week

Cargo downloads the Rust project’s dependencies and compiles the project. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Cargo Fedora
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2023-30297 HIGH This Week

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server. Rated high severity (CVSS 7.0). No vendor patch available.

RCE N Central
NVD
CVSS 3.1
7.0
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy