Skip to main content
CVE-2023-44487 HIGH POC KEV PATCH THREAT Act Now

Denial of service against HTTP/2 server implementations allows remote unauthenticated attackers to exhaust server resources by rapidly opening and immediately canceling (RST_STREAM) large numbers of streams over a single connection, a technique dubbed the 'Rapid Reset' attack. The flaw is confirmed actively exploited (CISA KEV) following large-scale weaponization observed August through October 2023, with publicly available exploit code and an EPSS score of 94.45% placing it in the 100th percentile for likelihood of exploitation. Virtually every major HTTP/2 stack - including nghttp2, Netty, Envoy, and Eclipse Jetty - is affected.

Denial Of Service Apache HTTP Server
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
94.4%
Threat
7.3
CVE-2023-5497 HIGH POC This Week

A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Office Anywhere
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5494 HIGH POC THREAT This Week

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
14.8%
CVE-2023-5493 HIGH POC This Week

A vulnerability has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5492 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-5491 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5490 HIGH POC This Week

A vulnerability classified as critical was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5489 HIGH POC This Week

A vulnerability classified as critical has been found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-5488 HIGH POC This Week

A vulnerability was found in Byzoro Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S45F Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-45208 HIGH POC This Week

A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service D-Link Command Injection Dap 1860 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-44959 HIGH POC THREAT This Week

An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Command Injection Dsl 3782 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
20.5%
CVE-2023-44827 HIGH POC This Week

An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Microsoft Zentao Zentao Biz +1
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-44846 HIGH POC This Week

An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Seacms
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-43896 HIGH POC This Week

A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Reflect
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-31096 HIGH POC This Week

An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Broadcom Lsi Pci Sv92Ex Firmware
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-36478 HIGH POC PATCH This Week

Eclipse Jetty provides a web server and servlet container. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Denial Of Service Jetty Jenkins Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
3.8%
CVE-2023-5471 HIGH POC This Week

A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Farmacia
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-44847 HIGH POC This Week

An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Seacms
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-45312 HIGH This Week

In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Mt Proto Proxy
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-36577 HIGH PATCH This Week

Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +10
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-36415 HIGH PATCH This Week

Azure Identity SDK Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Azure Identity Sdk
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-36414 HIGH PATCH This Week

Azure Identity SDK Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Microsoft Azure Identity Sdk
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-41841 HIGH This Week

An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-36556 HIGH This Week

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Fortimail
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-34989 HIGH This Week

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-34988 HIGH This Week

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-34987 HIGH This Week

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-34986 HIGH This Week

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-34985 HIGH This Week

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-44996 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Post View Count
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44995 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Woocommerce Login Redirect
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44994 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Shortcodes Ui
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44476 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Copyrightpro
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44475 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Add Shortcodes Actions And Filters
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44471 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Backend Localization
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44470 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Kv Tinymce Editor Add Fonts
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44241 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Keap Landing Pages
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-42796 HIGH PATCH This Week

A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Cp 8050 Firmware Cp 8031 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4837 HIGH This Week

SmodBIP is vulnerable to Cross-Site Request Forgery, that could be used to induce logged in users to perform unintended actions, including creation of additional accounts with administrative. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smodbip
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-44261 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Block Plugin Update
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44259 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mediavine Control Panel
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44257 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mang Board
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41876 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Gallery Metabox
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41858 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Order Delivery Date For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41854 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpcentral
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41853 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Ical Availability
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41852 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch - Grow your Email List plugin <= 3.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mailmunch
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41851 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Custom Post Template
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41850 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Outbound Link Manager
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41697 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Wp Cleaner
NVD
CVSS 3.1
8.8
EPSS
0.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy