Skip to main content
CVE-2023-43271 CRITICAL POC Act Now

Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A500S Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-43641 HIGH POC PATCH THREAT This Week

libcue provides an API for parsing and extracting data from CUE sheets. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow RCE Libcue Fedora +1
NVD GitHub
CVSS 3.1
8.8
EPSS
16.6%
CVE-2023-44400 HIGH POC PATCH This Week

Uptime Kuma is a self-hosted monitoring tool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Session Fixation Uptime Kuma
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-45363 HIGH POC PATCH THREAT This Week

An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Mediawiki Debian Linux
NVD
CVSS 3.1
7.5
EPSS
22.7%
CVE-2023-36820 MEDIUM POC PATCH This Month

Micronaut Security is a security solution for applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Micronaut Security
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-45367 MEDIUM POC This Month

An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Mediawiki
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-44813 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Moosocial
NVD GitHub
CVSS 3.1
6.1
EPSS
1.8%
CVE-2023-44812 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Moosocial
NVD GitHub
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-44393 MEDIUM POC PATCH This Month

Piwigo is an open source photo gallery application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Piwigo
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-43643 MEDIUM POC PATCH This Month

AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Antisamy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-43899 CRITICAL Act Now

hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Hansuncms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-44467 CRITICAL PATCH Act Now

langchain_experimental (aka LangChain Experimental) in LangChain before 0.0.306 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via __import__ in Python code, which is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Python Langchain Experimental
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-5365 CRITICAL Act Now

HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation HP Authentication Bypass Information Disclosure +1
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43696 CRITICAL Act Now

Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apu0200 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-45612 CRITICAL PATCH Act Now

In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

XXE Ktor
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-44821 MEDIUM POC This Month

Gifsicle through 1.94, if deployed in a way that allows untrusted input to affect Gif_Realloc calls, might allow a denial of service (memory consumption). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gifsicle
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-45613 CRITICAL PATCH Act Now

In JetBrains Ktor before 2.3.5 server certificates were not verified. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ktor
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-44392 CRITICAL PATCH Act Now

Garden provides automation for Kubernetes development and testing. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Kubernetes RCE Code Injection Deserialization Garden
NVD GitHub
CVSS 3.1
9.0
EPSS
0.7%
CVE-2023-44811 HIGH This Week

Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE CSRF Moosocial
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-41672 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices - Admin Notification Center plugin <= 2.3.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Hide Admin Notices Admin Notification Center Plugin
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41670 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Use Memcached
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41669 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Live News
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41668 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Leadster
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41667 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Dtree
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-42455 HIGH PATCH This Week

Wazuh is a security detection, visibility, and compliance open source project. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Wazuh Authentication Bypass Wazuh Dashboard Wazuh Kibana App
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41660 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Synchro
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-44993 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpbot
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44473 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Table Of Contents Plus
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44240 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <= 1.54 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Timthumb Vulnerability Scanner
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44246 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Shockingly Simple Favicon
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44238 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Remove Slug From Custom Post Type
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44237 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Site Protector
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44236 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Captcha
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44260 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin <= 2.23.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce Esto
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44232 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Hide Pages
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44231 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contact Form
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45356 HIGH This Week

Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-45355 HIGH This Week

Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-45354 HIGH This Week

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Unify Openscape Common Management
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-45353 HIGH This Week

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Unify Openscape Common Management
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45352 HIGH This Week

Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Unify Openscape Common Management
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-45351 HIGH This Week

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-45350 HIGH This Week

Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5463 HIGH This Week

A vulnerability was found in XINJE XDPPro up to 3.7.17a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Xdppro
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5462 HIGH This Week

A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Xd5E 30R E Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5459 HIGH This Week

A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dvp32Es200R Firmware Dvp32Es200T Firmware Dvp32Es211T Firmware Dvp32Es200Rc Firmware +3
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-43700 HIGH This Week

Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apu0200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-43699 HIGH This Week

Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apu0200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5330 HIGH This Week

Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service Mattermost Server
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3589 HIGH This Week

A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

CSRF Teamwork Cloud No Magic Release
NVD
CVSS 3.1
7.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy