Skip to main content
CVE-2023-5204 CRITICAL POC PATCH THREAT Act Now

The ChatBot plugin for WordPress is vulnerable to SQL Injection via the $strid parameter in versions up to, and including, 4.8.9 due to insufficient escaping on the user supplied parameter and lack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.0%.

SQLi WordPress Wpbot
NVD VulDB
CVSS 3.1
9.8
EPSS
87.0%
Threat
6.1
CVE-2023-30131 CRITICAL POC Act Now

An issue discovered in IXP EasyInstall 6.6.14884.0 allows attackers to run arbitrary commands, gain escalated privilege, and cause other unspecified impacts via unauthenticated API calls. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Easyinstall
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45376 CRITICAL POC Act Now

In the module "Carousels Pack - Instagram, Products, Brands, Supplier" (hicarouselspack) for PrestaShop up to version 1.5.0 from HiPresta for PrestaShop, a guest can perform SQL injection via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Carousels Pack
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43492 CRITICAL POC Act Now

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin codesys.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Cmt Fhd Firmware Cmt Hdm Firmware Cmt3071 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46042 CRITICAL POC THREAT Act Now

An issue in GetSimpleCMS v.3.4.0a allows a remote attacker to execute arbitrary code via a crafted payload to the phpinfo(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Getsimplecms
NVD GitHub
CVSS 3.1
9.8
EPSS
22.6%
CVE-2022-37830 CRITICAL POC Act Now

Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webjet Cms
NVD VulDB
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-45992 CRITICAL POC Act Now

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF XSS Ruckus Cloudpath Enrollment System
NVD GitHub VulDB
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-45278 CRITICAL POC PATCH Act Now

Directory Traversal vulnerability in the storage functionality of the API in Yamcs 5.8.6 allows attackers to delete arbitrary files via crafted HTTP DELETE request. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Yamcs
NVD GitHub
CVSS 3.1
9.1
EPSS
1.6%
CVE-2023-43345 HIGH POC This Week

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Content - Name parameter in the Pages Menu. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Quick Cms
NVD GitHub
CVSS 3.1
8.6
EPSS
0.4%
CVE-2023-27791 HIGH POC This Week

An issue found in IXP Data Easy Install 6.6.148840 allows a remote attacker to escalate privileges via insecure PRNG. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Privilege Escalation Easyinstall
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-30132 HIGH POC This Week

An issue discovered in IXP Data EasyInstall 6.6.14907.0 allows attackers to gain escalated privileges via static Cryptographic Key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Easyinstall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27795 HIGH POC This Week

An issue found in IXP Data Easy Install v.6.6.14884.0 allows a local attacker to gain privileges via a static XOR key. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Easyinstall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27793 HIGH POC This Week

An issue discovered in IXP Data Easy Install v.6.6.14884.0 allows local attackers to gain escalated privileges via weak encoding of sensitive information. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Easyinstall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27792 HIGH POC This Week

An issue found in IXP Data Easy Install v.6.6.14884.0 allows an attacker to escalate privileges via lack of permissions applied to sub directories. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Easyinstall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38128 HIGH POC This Week

An out-of-bounds write vulnerability exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Buffer Overflow Easy Postcard Max Ichitaro 2021 +17
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-38127 HIGH POC This Week

An integer overflow exists in the "HyperLinkFrame" stream parser of Ichitaro 2023 1.0.1.59372. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Easy Postcard Max Ichitaro 2021 +17
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-34366 HIGH POC This Week

A use-after-free vulnerability exists in the Figure stream parsing functionality of Ichitaro 2023 1.0.1.59372. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Buffer Overflow Easy Postcard Max +18
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-35126 HIGH POC This Week

An out-of-bounds write vulnerability exists within the parsers for both the "DocumentViewStyles" and "DocumentEditStyles" streams of Ichitaro 2023 1.0.1.59372 when processing types 0x0000-0x0009 of a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Easy Postcard Max Ichitaro 2021 Ichitaro 2022 +16
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-43251 HIGH POC This Week

XNSoft Nconvert 7.136 has an Exception Handler Chain Corrupted via a crafted image file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Denial Of Service Nconvert
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-43252 HIGH POC This Week

XNSoft Nconvert 7.136 is vulnerable to Buffer Overflow via a crafted image file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nconvert
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-44690 HIGH POC This Week

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mycli
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-45277 HIGH POC PATCH This Week

Yamcs 5.8.6 is vulnerable to directory traversal (issue 1 of 2). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Yamcs
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-45826 MEDIUM POC PATCH This Month

Leantime is an open source project management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Leantime
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-45820 MEDIUM POC PATCH This Month

Directus is a real-time API and App dashboard for managing SQL database content. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Directus
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43875 MEDIUM POC This Month

Multiple Cross-Site Scripting (XSS) vulnerabilities in installation of Subrion CMS v.4.2.1 allows a local attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-43341 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in evolution evo v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected uid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Evolution Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-45281 MEDIUM POC This Month

An issue in Yamcs 5.8.6 allows attackers to obtain the session cookie via upload of crafted HTML file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yamcs
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5241 CRITICAL PATCH Act Now

The AI ChatBot for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.8.9 as well as 4.9.2 via the qcld_openai_upload_pagetraining_file function. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal WordPress PHP Wpbot
NVD VulDB
CVSS 3.1
9.6
EPSS
2.4%
CVE-2023-45379 CRITICAL Act Now

In the module "Rotator Img" (posrotatorimg) in versions at least up to 1.1 from PosThemes for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Posrotatorimg
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-38584 CRITICAL Act Now

In Weintek's cMT3000 HMI Web CGI device, the cgi-bin command_wb.cgi contains a stack-based buffer overflow, which could allow an anonymous attacker to hijack control flow and bypass login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Cmt Fhd Firmware Cmt Hdm Firmware Cmt3071 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-45381 CRITICAL Act Now

In the module "Creative Popup" (creativepopup) up to version 1.6.9 from WebshopWorks for PrestaShop, a guest can perform SQL injection via `cp_download_popup().`. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Creativepopup
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-43986 CRITICAL Act Now

DM Concept configurator before v4.9.4 was discovered to contain a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Configurator
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-35187 CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to a Directory Traversal Remote Code Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2023-35184 CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-35182 CRITICAL Act Now

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Access Rights Manager
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-45384 CRITICAL Act Now

KnowBand supercheckout > 5.0.7 and < 6.0.7 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Supercheckout
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37503 CRITICAL Act Now

HCL Compass is vulnerable to insecure password requirements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force Hcl Compass
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-5212 CRITICAL PATCH Act Now

The AI ChatBot plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 4.8.9 as well as version 4.9.2. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress Path Traversal Wpbot
NVD
CVSS 3.1
9.6
EPSS
0.3%
CVE-2023-41897 CRITICAL Act Now

Home assistant is an open source home automation. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Home Assistant
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2023-41895 CRITICAL Act Now

Home assistant is an open source home automation. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Home Assistant
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-45815 MEDIUM POC PATCH GHSA This Month

ArchiveBox is an open source self-hosted web archiving system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS CSRF Archivebox
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-45280 MEDIUM POC PATCH This Month

Yamcs 5.8.6 allows XSS (issue 2 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yamcs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-45279 MEDIUM POC PATCH This Month

Yamcs 5.8.6 allows XSS (issue 1 of 2). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yamcs
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43359 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43344 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the SEO - Meta description parameter in the Pages. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Quick Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-43342 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Languages Menu component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Quick Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5254 MEDIUM POC PATCH This Month

The ChatBot plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.8.9 via the qcld_wb_chatbot_check_user function. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure WordPress Wpbot
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-43340 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in evolution v.3.2.3 allows a local attacker to execute arbitrary code via a crafted payload injected into the cmsadmin, cmsadminemail, cmspassword and. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Evolution Cms
NVD GitHub
CVSS 3.1
5.2
EPSS
0.5%
CVE-2023-41896 CRITICAL Act Now

Home assistant is an open source home automation. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js XSS Home Assistant Home Assistant Js Websocket
NVD GitHub
CVSS 3.1
9.0
EPSS
0.3%
CVE-2023-5336 HIGH PATCH This Week

The iPanorama 360 - WordPress Virtual Tour Builder plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.8.0 due to insufficient escaping. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Ipanorama 360 Wordpress Virtual Tour Builder
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy