Skip to main content
CVE-2023-38894 CRITICAL POC PATCH Act Now

A Prototype Pollution issue in Cronvel Tree-kit v.0.7.4 and before allows a remote attacker to execute arbitrary code via the extend function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Prototype Pollution Tree Kit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-39846 CRITICAL POC Act Now

An issue in Konga v0.14.9 allows attackers to bypass authentication via a crafted JWT token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Konga
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-39115 CRITICAL POC Act Now

install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Complete Online Matrimonial Website System Script
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
4.6%
CVE-2023-0579 HIGH POC This Week

The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Yet Another Related Posts Plugin
NVD WPScan
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1977 HIGH POC This Week

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Booking Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4383 HIGH POC This Week

A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Escan Anti Virus
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-26037 CRITICAL Act Now

Directory Traversal vulnerability in Server functionalty in Even Balance Punkbuster version 1.902 before 1.905 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Punkbuster
NVD VulDB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-2272 MEDIUM POC This Month

The Tiempo.com WordPress plugin through 0.1.2 does not sanitise and escape the page parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tiempo
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-2123 MEDIUM POC This Month

The WP Inventory Manager WordPress plugin before 2.1.0.13 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Inventory Manager
NVD GitHub WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-2122 MEDIUM POC This Month

The Image Optimizer by 10web WordPress plugin before 1.0.27 does not sanitise and escape the iowd_tabs_active parameter before rendering it in the plugin admin panel, leading to a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Image Optimizer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-1465 MEDIUM POC This Month

The WP EasyPay WordPress plugin before 4.1 does not escape some generated URLs before outputting them back in pages, leading to Reflected Cross-Site Scripting issues which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Easypay
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0058 MEDIUM POC This Month

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when creating and editing its shortcode, and is missing sanitisation as well as escaping, which could allow attackers to make. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Tiempo
NVD WPScan
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-4384 MEDIUM POC This Month

A vulnerability has been found in MaximaTech Portal Executivo 21.9.1.140 and classified as problematic. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Portal Executivo
NVD VulDB
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-4204 CRITICAL Act Now

NPort IAW5000A-I/O Series firmware version v2.2 and prior is affected by a hardcoded credential vulnerabilitywhich poses a potential risk to the security and integrity of the affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nport Iaw5000A I O Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-33663 CRITICAL Act Now

In the module “Customization fields fee for your store” (aicustomfee) from ai-dev module for PrestaShop, an attacker can perform SQL injection up to 0.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Aicustomfee
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-32493 CRITICAL Act Now

Dell PowerScale OneFS, 9.5.0.x, contains a protection mechanism bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Dell Powerscale Onefs
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4382 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in tdevs Hyip Rio 2.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hyip Rio
NVD VulDB Exploit-DB
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-38904 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Netlify CMS v.2.10.192 allows a remote attacker to execute arbitrary code via a crafted payload to the body parameter of the new post function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Netlify Cms
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1110 MEDIUM POC This Month

The Yellow Yard Searchbar WordPress plugin before 2.8.12 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yellow Yard Searchbar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0551 MEDIUM POC This Month

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Rest Api To Miniprogram
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0274 MEDIUM POC This Month

The URL Params WordPress plugin before 2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Url Params
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-40021 MEDIUM POC PATCH This Month

Oppia is an online learning platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

CSRF Oppia
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-20017 CRITICAL Act Now

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Intersight Private Virtual Appliance
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-20013 CRITICAL Act Now

Multiple vulnerabilities in Cisco Intersight Private Virtual Appliance could allow an authenticated, remote attacker to execute arbitrary commands using root-level privileges. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Intersight Private Virtual Appliance
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-35893 HIGH PATCH This Week

IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Security Guardium
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-20211 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-40341 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Blue Ocean
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40336 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Folders
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-39975 HIGH PATCH This Week

kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kerberos 5
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-2254 MEDIUM POC This Month

The Ko-fi Button WordPress plugin before 1.3.3 does not properly some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ko Fi Button
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2225 MEDIUM POC This Month

The SEO ALert WordPress plugin through 1.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo Alert
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-3958 HIGH PATCH This Week

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Wp Remote Users Sync
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-2271 MEDIUM POC This Month

The Tiempo.com WordPress plugin through 0.1.2 does not have CSRF check when deleting its shortcode, which could allow attackers to make logged in admins delete arbitrary shortcode via a CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Tiempo
NVD WPScan
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-40034 HIGH PATCH This Week

Woodpecker is a community fork of the Drone CI system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Woodpecker
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-20224 HIGH This Week

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Thousandeyes Enterprise Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-32495 HIGH This Week

Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32487 HIGH This Week

Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation RCE Information Disclosure Dell +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32486 HIGH This Week

Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20197 HIGH This Week

A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Secure Endpoint Secure Endpoint Private Cloud Fedora
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-38737 HIGH PATCH This Week

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40340 HIGH PATCH This Week

Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40339 HIGH PATCH This Week

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Config File Provider
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4241 HIGH PATCH This Week

lol-html can cause panics on certain HTML inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lol Html
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20209 HIGH This Week

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Code Injection Command Injection Telepresence Video Communication Server
NVD
CVSS 3.1
7.2
EPSS
37.9%
CVE-2023-20229 HIGH PATCH This Week

A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Denial Of Service Microsoft Cisco Duo Device Health Application
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-40033 HIGH PATCH This Week

Flarum is an open source forum software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Oracle Flarum
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-4389 HIGH PATCH This Week

A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-4387 HIGH PATCH This Week

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Linux VMware Memory Corruption +2
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-32492 HIGH This Week

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-32490 MEDIUM This Month

Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy