Skip to main content
CVE-2023-4911 HIGH POC KEV PATCH THREAT Act Now

Local privilege escalation in the GNU C Library (glibc) dynamic loader ld.so allows unprivileged local users on affected Linux distributions to gain root by abusing a heap buffer overflow when ld.so processes the GLIBC_TUNABLES environment variable during execution of SUID binaries. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and the EPSS score of 71.53% (99th percentile) reflects very high exploitation likelihood across Linux estates.

Heap Overflow Buffer Overflow Bootstrap
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
71.5%
Threat
6.7
CVE-2023-44974 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
19.1%
CVE-2023-44973 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33273 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-33272 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-33271 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-33270 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-33269 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-33268 CRITICAL POC Act Now

An issue was discovered in DTS Monitoring 3.57.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Monitoring
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-43176 HIGH POC This Week

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Aurora Files
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5350 CRITICAL POC PATCH Act Now

SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Suitecrm
NVD GitHub
CVSS 3.1
9.1
EPSS
1.9%
CVE-2023-43976 HIGH POC This Week

An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Privilege Escalation Cato Client
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-26152 HIGH POC This Week

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Static Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-26151 HIGH POC PATCH This Week

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opcua Asyncio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26150 HIGH POC PATCH This Week

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Opcua Asyncio
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5353 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Suitecrm
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-39647 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Category Product
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39651 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Brandlist
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39649 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Category Slider
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39648 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Testimonial
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39646 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Theme Volty Cms Category Chain Slider
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39645 CRITICAL PATCH Act Now

Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Cms Payment Icon
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-40830 CRITICAL Act Now

Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3654 CRITICAL Act Now

cashIT!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cashit
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-3656 CRITICAL Act Now

cashIT!. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Cashit
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33028 CRITICAL Act Now

Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware +172
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-24855 CRITICAL Act Now

Memory corruption in Modem while processing security related configuration before AS Security Exchange. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Microsoft Ar8035 Firmware Fastconnect 6200 Firmware +59
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-22385 CRITICAL Act Now

Memory Corruption in Data Modem while making a MO call or MT VOLTE call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +235
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-43898 MEDIUM POC PATCH This Month

Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Stb Image H
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-5351 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Suitecrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4817 HIGH This Week

This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Et 7060 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4929 HIGH This Week

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nport 5150Ai M12 Ct T Firmware Nport 5250Ai M12 Ct T Firmware Nport 5150Ai M12 T Firmware Nport 5250Ai M12 T Firmware +104
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-41693 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mycryptocheckout
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41244 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Localize Remote Images
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40558 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtube Video Gallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-32091 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Poeditor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27435 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Http Auth
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0506 HIGH This Week

The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Airspace Cctv Web Service
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40202 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Html Mail
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40201 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Futurio Extra
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-40199 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Like Button
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-2681 HIGH This Week

An SQL Injection vulnerability has been found on Jorani version 1.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Jorani
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4103 HIGH This Week

QSige statistics are affected by a remote SQLi vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Qsige
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4102 HIGH This Week

QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qsige
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4098 HIGH This Week

It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Qsige
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40210 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sb Child List
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39989 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Header Footer Code Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39923 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF The Post Grid
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39917 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays - Responsive Image Gallery plugin <= 5.2.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Photo Gallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39165 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sign Up Sheets
NVD
CVSS 3.1
8.8
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy