Skip to main content
CVE-2023-3547 HIGH POC This Week

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF All In One B2B For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32653 HIGH POC This Week

An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Imagegear
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-28393 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Imagegear
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-23567 HIGH POC This Week

A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Imagegear
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-5151 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
81.5%
CVE-2023-5150 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
22.8%
CVE-2023-5149 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
21.0%
CVE-2023-5148 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
30.7%
CVE-2023-5147 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
26.6%
CVE-2023-5146 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
32.9%
CVE-2023-42753 HIGH POC This Week

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Linux Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40581 HIGH POC PATCH This Week

yt-dlp is a youtube-dl fork with additional features and fixes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Command Injection Microsoft Yt Dlp
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-43642 HIGH POC PATCH This Week

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Google Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-3550 HIGH POC This Week

Mediawiki v1.40.0 does not validate namespaces used in XML files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Debian Linux
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2023-4300 HIGH POC This Week

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Import Xml And Rss Feeds
NVD WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-4238 HIGH POC This Week

The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress PHP Prevent Files Folders Access
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-4156 HIGH POC This Week

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gawk Enterprise Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-43278 HIGH This Week

A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Seacms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5165 HIGH This Week

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Docker Desktop
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-43382 HIGH This Week

Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-5154 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-8000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload D-Link PHP Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
15.1%
CVE-2023-5145 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DAR-7000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
34.3%
CVE-2023-0633 HIGH This Week

In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).12.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Docker Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0627 HIGH This Week

Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).11.X. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Docker Docker Desktop
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38907 HIGH This Week

An issue in TPLink Smart Bulb Tapo series L530 before 1.2.4, L510E before 1.1.0, L630 before 1.0.4, P100 before 1.5.0, and Tapo Application 2.8.14 allows a remote attacker to replay old messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tapo L530E Firmware Tapo
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5156 HIGH PATCH This Week

A flaw was found in the GNU C Library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Glibc Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-41303 HIGH This Week

Command injection vulnerability in the distributed file system module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41302 HIGH This Week

Redirection permission verification vulnerability in the home screen module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41301 HIGH This Week

Vulnerability of unauthorized API access in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41300 HIGH This Week

Vulnerability of parameters not being strictly verified in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41293 HIGH This Week

Data security classification vulnerability in the DDMP module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-41299 HIGH This Week

DoS vulnerability in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-41298 HIGH This Week

Vulnerability of permission control in the window module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-39409 HIGH This Week

DoS vulnerability in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-39408 HIGH This Week

DoS vulnerability in the PMS module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Emui Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3664 HIGH This Week

The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure WordPress Fileorganizer
NVD WPScan
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy