Skip to main content
CVE-2023-4019 HIGH POC This Week

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress PHP Media From Ftp
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4746 HIGH POC This Week

A vulnerability classified as critical has been found in TOTOLINK N200RE V5 9.3.5u.6437_B20230519. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N200Re V5 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
3.2%
CVE-2023-4733 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1840. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Vim Fedora +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-4750 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1857. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Use After Free Memory Corruption Vim Fedora +1
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-4752 HIGH POC PATCH This Week

Use After Free in GitHub repository vim/vim prior to 9.0.1858. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Vim Fedora +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-41055 HIGH POC PATCH This Week

LibreY is a fork of LibreX, a framework-less and javascript-free privacy respecting meta search engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Google PHP Librey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4279 HIGH POC This Week

This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress User Activity Log
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-28072 HIGH This Week

Dell Alienware Command Center, versions prior to 5.5.51.0, contain a deserialization of untrusted data vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Deserialization Alienware Command Center
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38464 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38460 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38459 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38458 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38456 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38455 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38453 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38452 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38451 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38450 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38449 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38444 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38443 HIGH This Week

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-41058 HIGH PATCH This Week

Parse Server is an open source backend server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Parse Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3222 HIGH This Week

Vulnerability in the password recovery mechanism of Password Recovery plugin for Roundcube, in its 1.2 version, which could allow a remote attacker to change an existing user´s password by adding a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Password Recovery
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4616 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Lg Led Assistant
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-4615 HIGH This Week

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG LED Assistant. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Lg Led Assistant
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-33915 HIGH This Week

In LTE protocol stack, there is a possible missing permission check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33914 HIGH This Week

In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20820 HIGH This Week

In wlan service, there is a possible command injection due to improper input validation. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Openwrt
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-40205 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixelgrade PixTypes pixtypes allows DOM-Based XSS.4.15. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy