Skip to main content
CVE-2023-4749 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Inventory Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4745 CRITICAL POC Act Now

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230822. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-4744 CRITICAL POC Act Now

A vulnerability was found in Tenda AC8 16.03.34.06_cn_TDC01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Tenda Ac8 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-41054 CRITICAL POC PATCH Act Now

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF PHP Librey
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-4019 HIGH POC This Week

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress PHP Media From Ftp
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4746 HIGH POC This Week

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N200Re V5 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
3.2%
CVE-2023-4733 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1840. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Vim Fedora +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-4750 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1857. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Vim Fedora +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-4752 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1858. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-41055 HIGH POC PATCH This Week

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Google PHP Librey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4279 HIGH POC This Week

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress User Activity Log
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-4284 MEDIUM POC This Month

The Post Timeline WordPress plugin before 2.2.6 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Post Timeline
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-4151 MEDIUM POC This Month

The Store Locator WordPress plugin before 1.4.13 does not sanitise and escape an invalid nonce before outputting it back in an AJAX response, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Store Locator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2813 MEDIUM POC This Month

All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Connections Reloaded Atlast Business Fashionable Store +43
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-40208 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Stock Ticker
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-4614 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Lg Led Assistant
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-4613 CRITICAL Act Now

This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Lg Led Assistant
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-4747 CRITICAL Act Now

A vulnerability classified as critical was found in DedeCMS 5.7.110. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Dedecms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41057 MEDIUM POC PATCH This Month

hyper-bump-it is a command line tool for updating the version in project files.`hyper-bump-it` reads a file glob pattern from the configuration file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Hyper Bump It
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4758 MEDIUM POC PATCH This Month

Buffer Over-read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4755 MEDIUM POC PATCH This Month

Use After Free in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4756 MEDIUM POC PATCH This Month

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4754 MEDIUM POC PATCH This Month

Out-of-bounds Write in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41052 MEDIUM POC PATCH This Month

Vyper is a Pythonic Smart Contract Language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-40015 MEDIUM POC PATCH This Month

Vyper is a Pythonic Smart Contract Language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-4298 MEDIUM POC This Month

The 123.chat WordPress plugin before 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS 123 Chat
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4254 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4253 MEDIUM POC This Month

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpbot
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3499 MEDIUM POC This Month

The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Robo Gallery
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4269 MEDIUM POC This Month

The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass User Activity Log
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-28072 HIGH This Week

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Deserialization Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38464 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38460 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38459 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38458 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38456 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38455 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38453 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38452 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38451 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38450 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38449 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38444 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38443 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-41058 HIGH PATCH This Week

Parse Server is an open source backend server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3222 HIGH This Week

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Password Recovery
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4616 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Lg Led Assistant
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-4615 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Lg Led Assistant
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-33915 HIGH This Week

In LTE protocol stack, there is a possible missing permission check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33914 HIGH This Week

In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy