Skip to main content
CVE-2023-2916 HIGH POC PATCH THREAT Act Now

The InfiniteWP Client plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.11.1 via the 'admin_notice' function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 29.5%.

Information Disclosure WordPress Infinitewp Client
NVD VulDB
CVSS 3.1
7.5
EPSS
29.5%
CVE-2023-38916 HIGH POC This Week

SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Evotingsystem Php
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28479 HIGH POC This Week

An issue was discovered in Tigergraph Enterprise 3.7.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tigergraph
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4369 HIGH This Week

Insufficient data validation in Systems Extensions in Google Chrome on ChromeOS prior to 116.0.5845.120 allowed an attacker who convinced a user to install a malicious extension to bypass file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-4368 HIGH This Week

Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4366 HIGH This Week

Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4362 HIGH This Week

Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux
NVD
CVSS 3.1
8.8
EPSS
18.5%
CVE-2023-4358 HIGH This Week

Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4357 HIGH This Week

Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
45.9%
CVE-2023-4356 HIGH This Week

Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4355 HIGH This Week

Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
26.8%
CVE-2023-4354 HIGH This Week

Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-4353 HIGH This Week

Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-4352 HIGH This Week

Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4351 HIGH This Week

Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4349 HIGH This Week

Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2312 HIGH This Week

Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32006 HIGH This Week

The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Node Js Fedora
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-32004 HIGH This Week

A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js Fedora
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-39438 HIGH This Week

A missing authorization check allows an arbitrary authenticated user to perform certain operations through the API of CLA-assistant by executing specific additional steps. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Contributor License Agreement Assistant
NVD GitHub
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-38401 HIGH This Week

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow local users to elevate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Aruba Aruba Virtual Intranet Access
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-4343 HIGH This Week

Broadcom RAID Controller web interface is vulnerable due to exposure of sensitive password information in the URL as a URL search parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4339 HIGH This Week

Broadcom RAID Controller web interface is vulnerable to exposure of private keys used for CIM stored with insecure file permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4335 HIGH This Week

Broadcom RAID Controller Web server (nginx) is serving private server-side files without any authentication on Linux. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Broadcom Authentication Bypass Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4334 HIGH This Week

Broadcom RAID Controller Web server (nginx) is serving private files without any authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Broadcom Authentication Bypass Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4332 HIGH This Week

Broadcom RAID Controller web interface is vulnerable due to Improper permissions on the log file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4331 HIGH This Week

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that support obsolete and vulnerable TLS protocols. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-4326 HIGH This Week

Broadcom RAID Controller web interface is vulnerable has an insecure default TLS configuration that supports obsolete SHA1-based ciphersuites. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Broadcom Raid Controller Web Interface
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-38402 HIGH This Week

A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Aruba Microsoft Aruba Virtual Intranet Access
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy