Skip to main content
CVE-2023-2916 HIGH POC PATCH THREAT Act Now

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.5%.

Information Disclosure WordPress Infinitewp Client
NVD VulDB
CVSS 3.1
7.5
EPSS
29.5%
CVE-2023-39851 CRITICAL POC Act Now

webchess v1.0 was discovered to contain a SQL injection vulnerability via the $playerID parameter at mainmenu.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Webchess
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39850 CRITICAL POC Act Now

Schoolmate v1.3 was discovered to contain multiple SQL injection vulnerabilities via the $courseid and $teacherid parameters at DeleteFunctions.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Schoolmate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39852 CRITICAL POC Act Now

Doctormms v1.0 was discovered to contain a SQL injection vulnerability via the $userid parameter at myAppoinment.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctor Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38866 CRITICAL POC Act Now

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_415588. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-38864 CRITICAL POC Act Now

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protal_delete_picname parameter in the sub_41171C function at bin/webmgnt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38865 CRITICAL POC Act Now

COMFAST CF-XR11 V2.7.2 has a command injection vulnerability detected at function sub_4143F0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-38863 CRITICAL POC Act Now

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the ifname and mac parameters in the sub_410074 function at bin/webmgnt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38862 CRITICAL POC Act Now

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the destination parameter of sub_431F64 function in bin/webmgnt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Cf Xr11 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38861 CRITICAL POC Act Now

An issue in Wavlink WL_WNJ575A3 v.R75A3_V1410_220513 allows a remote attacker to execute arbitrary code via username parameter of the set_sys_adm function in adm.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wl Wn575A3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-39662 CRITICAL POC PATCH Act Now

An issue in llama_index v.0.7.13 and before allows a remote attacker to execute arbitrary code via the `exec` parameter in PandasQueryEngine function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Llamaindex
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-39661 CRITICAL POC Act Now

An issue in pandas-ai v.0.9.1 and before allows a remote attacker to execute arbitrary code via the _is_jailbreak function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pandasai
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-39659 CRITICAL POC PATCH Act Now

An issue in langchain langchain-ai v.0.0.232 and before allows a remote attacker to execute arbitrary code via a crafted script to the PythonAstREPLTool._run component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-38915 CRITICAL POC Act Now

File Upload vulnerability in Wolf-leo EasyAdmin8 v.1.0 allows a remote attacker to execute arbtirary code via the upload type function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Easyadmin8
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38896 CRITICAL POC PATCH Act Now

An issue in Harrison Chase langchain v.0.0.194 and before allows a remote attacker to execute arbitrary code via the from_math_prompt and from_colored_object_prompt functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-38889 CRITICAL POC Act Now

An issue in Alluxio v.2.9.3 and before allows an attacker to execute arbitrary code via a crafted script to the username parameter of lluxio.util.CommonUtils.getUnixGroups(java.lang.String). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Alluxio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-38860 CRITICAL POC PATCH Act Now

An issue in LangChain v.0.0.231 allows a remote attacker to execute arbitrary code via the prompt parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-35082 CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-38916 HIGH POC This Week

SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Evotingsystem Php
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28479 HIGH POC This Week

An issue was discovered in Tigergraph Enterprise 3.7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tigergraph
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-40028 MEDIUM POC PATCH THREAT This Month

Ghost is an open source content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Ghost
NVD GitHub Exploit-DB
CVSS 3.1
6.5
EPSS
57.6%
CVE-2023-38858 MEDIUM POC This Month

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Faad2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-38856 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:411. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38855 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the get_string function in xlstool.c:395. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38854 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the transcode_latin1_to_utf8 function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38853 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1015. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38852 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-38851 MEDIUM POC This Month

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the xls_parseWorkBook function in xls.c:1018. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Libxls
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-4344 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable to insufficient randomness due to improper use of ssl.rnd to setup CIM connection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4342 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP strict-transport-security policy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4341 CRITICAL Act Now

Broadcom RAID Controller is vulnerable to Privilege escalation to root due to creation of insecure folders by Web GUI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4340 CRITICAL Act Now

Broadcom RAID Controller is vulnerable to Privilege escalation by taking advantage of the Session prints in the log file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4338 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not provide X-Content-Type-Options Headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4337 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable to improper session handling of managed servers on Gateway installation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4336 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard cookies with Secure attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4329 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure default of HTTP configuration that does not safeguard SESSIONID cookie with SameSite attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4325 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to usage of Libcurl with LSA has known vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4324 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable due to insecure defaults of lacking HTTP Content-Security-Policy headers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4323 CRITICAL Act Now

Broadcom RAID Controller web interface is vulnerable to improper session management of active sessions on Gateway setup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38857 MEDIUM POC This Month

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Faad2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-38850 MEDIUM POC This Month

Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Codedoc
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4347 MEDIUM POC PATCH THREAT This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.8.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
66.9%
CVE-2023-38898 MEDIUM POC This Month

An issue in Python cpython v.3.7 allows an attacker to obtain sensitive information via the _asyncio._swap_current_task component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2023-4369 HIGH This Week

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-4368 HIGH This Week

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4366 HIGH This Week

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4362 HIGH This Week

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
18.5%
CVE-2023-4358 HIGH This Week

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4357 HIGH This Week

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
45.9%
CVE-2023-4356 HIGH This Week

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy