Skip to main content
CVE-2023-45311 CRITICAL POC PATCH MAL Act Now

fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Fsevents
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-3725 CRITICAL POC Act Now

Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-45239 CRITICAL POC Act Now

A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tac Plus Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-44807 CRITICAL POC Act Now

D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-26153 CRITICAL POC PATCH Act Now

Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Geokit Rails
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-44061 HIGH POC This Week

File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Simple And Nice Shopping Cart Script
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-45303 HIGH POC PATCH This Week

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Code Injection Thingsboard
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-4530 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Advertising Administration Panel
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-5214 CRITICAL PATCH Act Now

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Bolt
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-43058 CRITICAL PATCH Act Now

IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation IBM Robotic Process Automation Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38703 CRITICAL PATCH Act Now

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Python Memory Corruption Pjsip
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-5452 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44771 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44770 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-44765 MEDIUM POC PATCH This Month

A Cross Site Scripting (XSS) vulnerability in Concrete CMS versions 8.5.12 and below, and 9.0 through 9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-44764 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Concrete CMS before 9.2.3 exists via the Name parameter during installation (aka Site of Installation or Settings). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44762 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Concrete CMS from versions 9.2.0 to 9.2.2 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-44761 MEDIUM POC PATCH This Month

Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS versions affected to 8.5.13 and below, and 9.0.0 through 9.2.1 allow a local attacker to execute arbitrary code via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44758 MEDIUM POC This Month

GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Gdidees Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-44243 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Instant Css
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44233 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin - FooGallery plugin <= 2.2.44 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Foogallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39928 HIGH This Week

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Apple RCE Memory Corruption +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-44146 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Checkfront Online Booking System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41950 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Laposta Signup Basic
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41801 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Awp Classifieds
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41732 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cp Blocks
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41659 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Responsive Gallery Grid
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41654 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Authldap
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41650 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Remove Hide Author Date Category Like Entry Meta
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40607 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Learning Management System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-28791 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Org Chart
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44766 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Concrete Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-40671 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 大侠wp DX-auto-save-images plugin <= 1.4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dx Auto Save Images
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40008 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Org Chart
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27615 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Super Minify
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27448 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Makestories For Google Web Stories
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25480 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor plugin <= 1.24.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Post And Page Builder
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25033 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Social Share Boost
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40556 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Schedule Posts Calendar
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-21266 HIGH This Week

In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35897 HIGH PATCH This Week

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM Storage Protect Storage Protect Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44860 HIGH This Week

An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass N3M Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
19.5%
CVE-2023-45282 HIGH PATCH This Week

In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure Prototype Pollution Openmct
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-43810 HIGH PATCH This Week

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opentelemetry
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-32972 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero Qutscloud
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-32971 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero Qutscloud
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-36465 HIGH PATCH This Week

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Decidim
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-45246 HIGH This Week

Sensitive information disclosure and manipulation due to missing authorization. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-45244 HIGH This Week

Sensitive information disclosure and manipulation due to missing authorization. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-21244 MEDIUM PATCH This Month

In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy