Skip to main content
CVE-2023-0579 HIGH POC This Week

The YARPP WordPress plugin before 5.30.3 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Yet Another Related Posts Plugin
NVD WPScan
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1977 HIGH POC This Week

The Booking Manager WordPress plugin before 2.0.29 does not validate URLs input in it's admin panel or in shortcodes for showing events from a remote .ics file, allowing an attacker with privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Booking Manager
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4383 HIGH POC This Week

A vulnerability, which was classified as critical, was found in MicroWorld eScan Anti-Virus 7.0.32 on Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Escan Anti Virus
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-35893 HIGH PATCH This Week

IBM Security Guardium 10.6, 11.3, 11.4, and 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection IBM Security Guardium
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-20211 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-40341 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.27.5 and earlier allows attackers to connect to an attacker-specified URL, capturing GitHub credentials associated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Blue Ocean
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40336 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Folders Plugin 6.846.v23698686f0f6 and earlier allows attackers to copy folders. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Folders
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-39975 HIGH PATCH This Week

kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Kerberos 5
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-3958 HIGH PATCH This Week

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Wp Remote Users Sync
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-40034 HIGH PATCH This Week

Woodpecker is a community fork of the Drone CI system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Woodpecker
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-20224 HIGH This Week

A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges to root on an affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Authentication Bypass Thousandeyes Enterprise Agent
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-32495 HIGH This Week

Dell PowerScale OneFS, 8.2.x-9.5.x, contains a exposure of sensitive information to an unauthorized Actor vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32487 HIGH This Week

Dell PowerScale OneFS, 8.2.x - 9.5.0.x, contains an elevation of privilege vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation RCE Information Disclosure Dell +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32486 HIGH This Week

Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20197 HIGH This Week

A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Secure Endpoint Secure Endpoint Private Cloud Fedora
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-38737 HIGH PATCH This Week

IBM WebSphere Application Server Liberty 22.0.0.13 through 23.0.0.7 is vulnerable to a denial of service, caused by sending a specially-crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Websphere Application Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40340 HIGH PATCH This Week

Jenkins NodeJS Plugin 1.6.0 and earlier does not properly mask (i.e., replace with asterisks) credentials specified in the Npm config file in Pipeline build logs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Jenkins Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40339 HIGH PATCH This Week

Jenkins Config File Provider Plugin 952.va_544a_6234b_46 and earlier does not mask (i.e., replace with asterisks) credentials specified in configuration files when they're written to the build log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Config File Provider
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4241 HIGH PATCH This Week

lol-html can cause panics on certain HTML inputs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lol Html
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20209 HIGH This Week

A vulnerability in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with read-write. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Cisco Code Injection Command Injection Telepresence Video Communication Server
NVD
CVSS 3.1
7.2
EPSS
37.9%
CVE-2023-20229 HIGH PATCH This Week

A vulnerability in the CryptoService function of Cisco Duo Device Health Application for Windows could allow an authenticated, local attacker with low privileges to conduct directory traversal. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Denial Of Service Microsoft Cisco Duo Device Health Application
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-40033 HIGH PATCH This Week

Flarum is an open source forum software. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Oracle Flarum
NVD GitHub
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-4389 HIGH PATCH This Week

A flaw was found in btrfs_get_root_ref in fs/btrfs/disk-io.c in the btrfs filesystem in the Linux Kernel due to a double decrement of the reference count. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-4387 HIGH PATCH This Week

A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Use After Free Linux VMware Memory Corruption +2
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-32492 HIGH This Week

Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Dell Powerscale Onefs
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy