Skip to main content
CVE-2023-2830 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Testimonials
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25989 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Meks Audio Player Meks Easy Ads Widget Meks Easy Maps Meks Easy Photo Feed Widget +6
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-4097 HIGH This Week

The file upload functionality is not implemented correctly and allows uploading of any type of file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Qsige
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-38398 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Tablooa
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-38396 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Google Map Shortcode
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-38390 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mobile Address Bar Changer
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37990 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Perelink Pro
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25463 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Tell A Friend Popup Form
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-38381 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Flybox
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37996 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Gtmetrix
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37992 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Smarty For Wordpress
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37991 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Emoji One
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-37891 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Optimonk
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-42771 HIGH This Week

Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Acera 1310 Firmware Acera 1320 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-41086 HIGH This Week

Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Acera 1210 Firmware Acera 1150I Firmware Acera 1150W Firmware Acera 1110 Firmware +8
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39222 HIGH This Week

OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Acera 1310 Firmware Acera 1320 Firmware Acera 1210 Firmware Acera 1150I Firmware +10
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-36628 HIGH This Week

A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation VMware Purity Fa
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4100 HIGH This Week

Allows an attacker to perform XSS attacks stored on certain resources. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Qsige
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-22382 HIGH This Week

Weak configuration in Automotive while VM is processing a listener request from TEE. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apq8064au Firmware Msm8996au Firmware Qam8295p Firmware Qam8650p Firmware +25
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-44218 HIGH This Week

A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sonicwall Netextender
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44217 HIGH This Week

A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Sonicwall Netextender
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33039 HIGH This Week

Memory corruption in Automotive Display while destroying the image handle created using connected display driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Buffer Overflow Memory Corruption Qam8295p Firmware Qam8650p Firmware +19
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33035 HIGH PATCH This Week

Memory corruption while invoking callback function of AFE from ADSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Csra6620 Firmware Csra6640 Firmware Wcn3991 Firmware +139
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33034 HIGH PATCH This Week

Memory corruption while parsing the ADSP response command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Csra6620 Firmware Csra6640 Firmware Wcn3991 Firmware Wcn3998 Firmware +60
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-33029 HIGH PATCH This Week

Memory corruption in DSP Service during a remote call from HLOS to DSP. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Memory Corruption Ar8035 Firmware Csra6620 Firmware +129
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28539 HIGH PATCH This Week

Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Csrb31024 Firmware +153
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24853 HIGH This Week

Memory Corruption in HLOS while registering for key provisioning notify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware Fastconnect 6800 Firmware +107
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24850 HIGH This Week

Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apq8017 Firmware Apq8037 Firmware Aqt1000 Firmware Ar8035 Firmware +200
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-24844 HIGH This Week

Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Ar8035 Firmware Fastconnect 6700 Firmware Fastconnect 6900 Firmware +39
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-22384 HIGH This Week

Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Qca6574au Firmware Qca6696 Firmware Sa6145p Firmware Sa6150p Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21673 HIGH This Week

Improper Access to the VM resource manager can lead to Memory Corruption. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Authentication Bypass Aqt1000 Firmware Ar8035 Firmware Fastconnect 6200 Firmware +158
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-5345 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3440 HIGH This Week

Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oracle Microsoft IBM Jp1 Performance Management
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5255 HIGH This Week

For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Puppet Enterprise Puppet Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-4884 HIGH This Week

An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Open5gs
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-4883 HIGH This Week

Invalid pointer release vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Open5gs
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-4882 HIGH This Week

DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP Open5gs
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3350 HIGH This Week

A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ibermatica Rps
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-3349 HIGH This Week

Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ibermatica Rps
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3655 HIGH This Week

cashIT!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cashit
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-33027 HIGH This Week

Transient DOS in WLAN Firmware while parsing rsn ies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qca9898 Firmware Qcn5164 Firmware Qca4024 Firmware Ipq6028 Firmware Qca8075 Firmware +323
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-33026 HIGH This Week

Transient DOS in WLAN Firmware while parsing a NAN management frame. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Ar9380 Firmware Csr8811 Firmware Wcn6750 Firmware +190
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-28540 HIGH This Week

Cryptographic issue in Data Modem due to improper authentication during TLS handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8035 Firmware Csra6620 Firmware +147
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-24849 HIGH This Week

Information Disclosure in data Modem while parsing an FMTP line in an SDP message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +233
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-24848 HIGH This Week

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure 315 5g Iot Modem Firmware 9206 Lte Modem Firmware 9207 Lte Modem Firmware +239
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-24847 HIGH This Week

Transient DOS in Modem while allocating DSM items. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference 315 5g Iot Modem Firmware Aqt1000 Firmware Ar8031 Firmware +252
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-24843 HIGH This Week

Transient DOS in Modem while triggering a camping on an 5G cell. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure 315 5g Iot Modem Firmware Ar8035 Firmware Fastconnect 6200 Firmware Fastconnect 6700 Firmware +61
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-3967 HIGH This Week

Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.9.3-00. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ops Center Common Services
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-24518 HIGH This Week

A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pandora Fms
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-39158 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Banner Management For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.2%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy