Skip to main content
CVE-2023-4911 HIGH POC KEV PATCH THREAT Act Now

Local privilege escalation in the GNU C Library (glibc) dynamic loader ld.so allows unprivileged local users on affected Linux distributions to gain root by abusing a heap buffer overflow when ld.so processes the GLIBC_TUNABLES environment variable during execution of SUID binaries. The flaw is confirmed actively exploited (CISA KEV) with publicly available exploit code, and the EPSS score of 71.53% (99th percentile) reflects very high exploitation likelihood across Linux estates.

Heap Overflow Buffer Overflow Bootstrap
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
71.5%
Threat
6.7
CVE-2023-43176 HIGH POC This Week

A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Aurora Files
NVD VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-43976 HIGH POC This Week

An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Privilege Escalation Cato Client
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-26152 HIGH POC This Week

All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Static Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-26151 HIGH POC PATCH This Week

Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Opcua Asyncio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26150 HIGH POC PATCH This Week

Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Opcua Asyncio
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4817 HIGH This Week

This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Et 7060 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4929 HIGH This Week

All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nport 5150Ai M12 Ct T Firmware Nport 5250Ai M12 Ct T Firmware Nport 5150Ai M12 T Firmware Nport 5250Ai M12 T Firmware +104
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-41693 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mycryptocheckout
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41244 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Localize Remote Images
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40558 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Youtube Video Gallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-32091 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Poeditor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27435 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Http Auth
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0506 HIGH This Week

The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Airspace Cctv Web Service
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40202 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Html Mail
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40201 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Futurio Extra
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-40199 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Like Button
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-2681 HIGH This Week

An SQL Injection vulnerability has been found on Jorani version 1.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Jorani
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4103 HIGH This Week

QSige statistics are affected by a remote SQLi vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Qsige
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4102 HIGH This Week

QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qsige
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-4098 HIGH This Week

It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SQLi Qsige
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-40210 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sb Child List
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39989 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Header Footer Code Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39923 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF The Post Grid
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39917 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays - Responsive Image Gallery plugin <= 5.2.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Photo Gallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39165 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sign Up Sheets
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-2830 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Testimonials
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25989 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Meks Audio Player Meks Easy Ads Widget Meks Easy Maps Meks Easy Photo Feed Widget +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-4097 HIGH This Week

The file upload functionality is not implemented correctly and allows uploading of any type of file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qsige
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-38398 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tablooa
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-38396 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Google Map Shortcode
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-38390 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mobile Address Bar Changer
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37990 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Perelink Pro
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25463 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Tell A Friend Popup Form
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-38381 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Flybox
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37996 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Gtmetrix
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37992 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Smarty For Wordpress
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37991 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Emoji One
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37891 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Optimonk
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-42771 HIGH This Week

Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Acera 1310 Firmware Acera 1320 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-41086 HIGH This Week

Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Acera 1210 Firmware Acera 1150I Firmware Acera 1150W Firmware Acera 1110 Firmware +8
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39222 HIGH This Week

OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Acera 1310 Firmware Acera 1320 Firmware Acera 1210 Firmware Acera 1150I Firmware +10
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-36628 HIGH This Week

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Purity Fa
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4100 HIGH This Week

Allows an attacker to perform XSS attacks stored on certain resources. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qsige
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-22382 HIGH This Week

Weak configuration in Automotive while VM is processing a listener request from TEE. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apq8064au Firmware Msm8996au Firmware Qam8295p Firmware Qam8650p Firmware +25
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-44218 HIGH This Week

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sonicwall Netextender
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44217 HIGH This Week

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sonicwall Netextender
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33039 HIGH This Week

Memory corruption in Automotive Display while destroying the image handle created using connected display driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Qam8295p Firmware Qam8650p Firmware +19
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33035 HIGH PATCH This Week

Memory corruption while invoking callback function of AFE from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Wcn3991 Firmware +139
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33034 HIGH PATCH This Week

Memory corruption while parsing the ADSP response command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Csra6620 Firmware Csra6640 Firmware Wcn3991 Firmware Wcn3998 Firmware +60
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy