Skip to main content
CVE-2023-44061 HIGH POC This Week

File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Simple And Nice Shopping Cart Script
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-45303 HIGH POC PATCH This Week

ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache Code Injection Thingsboard
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-44243 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Instant Css
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44233 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin - FooGallery plugin <= 2.2.44 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Foogallery
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39928 HIGH This Week

A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Use After Free Apple RCE Memory Corruption +3
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-44146 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Checkfront Online Booking System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41950 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Laposta Signup Basic
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41801 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Awp Classifieds
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41732 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cp Blocks
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41659 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Responsive Gallery Grid
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41654 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Authldap
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41650 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Remove Hide Author Date Category Like Entry Meta
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40607 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Learning Management System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-28791 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Org Chart
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40671 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 大侠wp DX-auto-save-images plugin <= 1.4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Dx Auto Save Images
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40008 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Org Chart
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27615 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Super Minify
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27448 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Makestories For Google Web Stories
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25480 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor plugin <= 1.24.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Post And Page Builder
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25033 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Social Share Boost
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40556 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Schedule Posts Calendar
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-21266 HIGH This Week

In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35897 HIGH PATCH This Week

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM Storage Protect Storage Protect Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44860 HIGH This Week

An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass N3M Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
19.5%
CVE-2023-45282 HIGH PATCH This Week

In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Information Disclosure Prototype Pollution Openmct
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-43810 HIGH PATCH This Week

OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Opentelemetry
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-32972 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero Qutscloud
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-32971 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero Qutscloud
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-36465 HIGH PATCH This Week

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Decidim
NVD GitHub
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-45246 HIGH This Week

Sensitive information disclosure and manipulation due to missing authorization. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-45244 HIGH This Week

Sensitive information disclosure and manipulation due to missing authorization. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy