Skip to main content
CVE-2023-5538 HIGH POC THREAT Act Now

The MpOperationLogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the IP Request Headers in versions up to, and including, 1.0.1 due to insufficient input sanitization and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 11.2%.

XSS WordPress Mpoperationlogs
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
11.2%
CVE-2023-5626 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Open Journal System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46009 HIGH POC This Week

gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gifsicle
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43250 HIGH POC This Week

XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Nconvert
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-45813 HIGH POC PATCH This Week

Torbot is an open source tor network intelligence tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Torbot Validators
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-45912 HIGH POC This Week

WIPOTEC GmbH ComScale v4.3.29.21344 and v4.4.12.723 fails to validate user sessions, allowing unauthenticated attackers to read files from the underlying operating system and obtain directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Comscale
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-42319 HIGH POC This Week

Geth (aka go-ethereum) through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a crafted GraphQL query. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Go Ethereum
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-46004 HIGH POC This Week

Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Best Courier Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-37502 HIGH This Week

HCL Compass is vulnerable to lack of file upload security. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Hcl Compass
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43800 HIGH PATCH This Week

Arduino Create Agent is a package to help manage Arduino development. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Create Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43802 HIGH PATCH This Week

Arduino Create Agent is a package to help manage Arduino development. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Create Agent
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26300 HIGH PATCH This Week

A potential security vulnerability has been identified in the system BIOS for certain HP PC products which might allow escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation HP Desktop Pro A 300 G3 Firmware Desktop Pro A G3 Firmware Desktop Pro A G3 Microtower Firmware +86
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-45812 HIGH PATCH This Week

The Apollo Router is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Apollo Router Apollo Helms Charts Router
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35663 HIGH This Week

In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-35656 HIGH This Week

In multiple functions of protocolembmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-30911 HIGH This Week

HPE Integrated Lights-Out 5, and Integrated Lights-Out 6 using iLOrest may cause denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Integrated Lights Out 5 Firmware Integrated Lights Out 6 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-45383 HIGH PATCH This Week

In the module "SoNice etiquetage" (sonice_etiquetage) up to version 2.5.9 from Common-Services for PrestaShop, a guest can download personal information without restriction by performing a path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sonice Etiquetage
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-45727 HIGH KEV THREAT This Week

Proself Enterprise/Standard Edition Ver5.62 and earlier, Proself Gateway Edition Ver1.65 and earlier, and Proself Mail Sanitize Edition Ver1.08 and earlier allow a remote unauthenticated attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Proself
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2023-5632 HIGH PATCH This Week

In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Mosquitto
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39331 HIGH This Week

A previously disclosed vulnerability (CVE-2023-30584) was patched insufficiently in commit 205f1e6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Path Traversal Node Js
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-38552 HIGH This Week

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Node Js Fedora
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-5552 HIGH This Week

A password disclosure vulnerability in the Secure PDF eXchange (SPX) feature allows attackers with full email access to decrypt PDFs in Sophos Firewall version 19.5 MR3 (19.5.3) and older, if the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Sophos Firewall
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43801 HIGH PATCH This Week

Arduino Create Agent is a package to help manage Arduino development. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Create Agent
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-43803 HIGH PATCH This Week

Arduino Create Agent is a package to help manage Arduino development. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Create Agent
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy