Skip to main content
CVE-2022-2441 HIGH POC PATCH This Week

The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE WordPress CSRF Imagemagick Engine
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-4999 HIGH POC This Week

The Horizontal scrolling announcement plugin for WordPress is vulnerable to SQL Injection via the plugin's [horizontal-scrolling] shortcode in versions up to, and including, 9.2 due to insufficient. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Horizontal Scrolling Announcement
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2020-36698 HIGH POC This Week

The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized user interaction in versions up to, and including, 2.50. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Security Malware Scan
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-4598 HIGH POC PATCH This Week

The Slimstat Analytics plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 5.0.9 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Slimstat Analytics
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5690 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Modoboa
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-5687 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Mosparo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5686 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Radare2 Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4402 HIGH POC This Week

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_products function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP Information Disclosure Essential Blocks +1
NVD VulDB
CVSS 3.1
8.1
EPSS
2.9%
CVE-2023-45805 HIGH POC PATCH This Week

pdm is a Python package and dependency manager supporting the latest PEP standards. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Pdm Unearth
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40361 HIGH POC This Week

SECUDOS Qiata (DOMOS OS) 4.13 has Insecure Permissions for the previewRm.sh daily cronjob. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qiata
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-46277 HIGH POC PATCH This Week

please (aka pleaser) through 0.5.4 allows privilege escalation through the TIOCSTI and/or TIOCLINUX ioctl. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Please
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-36714 HIGH POC This Week

The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Brizy
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2023-5681 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-4386 HIGH This Week

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the get_posts function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization PHP Information Disclosure WordPress Essential Blocks
NVD VulDB
CVSS 3.1
8.1
EPSS
4.0%
CVE-2022-4290 HIGH PATCH This Week

The Cyr to Lat plugin for WordPress is vulnerable to authenticated SQL Injection via the 'ctl_sanitize_title' function in versions up to, and including, 3.5 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Cyr To Lat
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2021-4334 HIGH This Week

The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass Fancy Product Designer
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-46117 HIGH PATCH This Week

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

RCE Command Injection Reconftw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-23373 HIGH This Week

An OS command injection vulnerability has been reported to affect QUSBCam2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qusbcam2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-5576 HIGH PATCH This Week

The Migration, Backup, Staging - WPvivid plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 0.9.91 via Google Drive API secrets stored in plaintext. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Google Information Disclosure WordPress Migration Backup Staging
NVD VulDB
CVSS 3.1
8.0
EPSS
0.7%
CVE-2022-3342 HIGH PATCH This Week

The Jetpack CRM plugin for WordPress is vulnerable to PHAR deserialization via the ‘zbscrmcsvimpf’ parameter in the 'zeroBSCRM_CSVImporterLitehtml_app' function in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization WordPress Jetpack Crm
NVD VulDB
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-3487 HIGH This Week

An integer overflow in Silicon Labs Gecko Bootloader version 4.3.1 and earlier allows unbounded memory access when reading from or writing to storage slots. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Gecko Bootloader
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34045 HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5523 HIGH This Week

Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Web Companion
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34052 HIGH PATCH This Week

VMware Aria Operations for Logs contains a deserialization vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Authentication Bypass VMware Deserialization Aria Operations For Logs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-4943 HIGH This Week

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Google WordPress Google Authenticator
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2022-4712 HIGH This Week

The WP Cerber Security plugin for WordPress is vulnerable to stored cross-site scripting via the log parameter when logging in to the site in versions up to, and including, 9.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Wp Cerber Security Anti Spam Malware Scan
NVD VulDB
CVSS 3.1
7.2
EPSS
1.8%
CVE-2023-32786 HIGH PATCH This Week

In Langchain through 0.0.155, prompt injection allows an attacker to force the service to retrieve data from an arbitrary URL, essentially providing SSRF and potentially injecting content into. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Langchain
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5524 HIGH This Week

Insufficient blacklisting in M-Files Web Companion before release version 23.10 and LTS Service Release Versions before 23.8 LTS SR1 allows Remote Code Execution via specific file types. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE File Upload Web Companion
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-34046 HIGH This Week

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a. Rated high severity (CVSS 7.0). No vendor patch available.

Privilege Escalation VMware Fusion
NVD
CVSS 3.1
7.0
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy