Skip to main content
CVE-2023-5684 CRITICAL POC THREAT Act Now

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231012. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Smart S85F Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
78.4%
CVE-2023-5683 CRITICAL POC THREAT Act Now

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Smart S85F Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
18.0%
CVE-2023-46055 HIGH POC This Week

An issue in ThingNario Photon v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function to the "thingnario Logger Maintenance Webpage". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Photon
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-38193 HIGH POC This Week

An issue was discovered in SuperWebMailer 9.00.0.01710. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Superwebmailer
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-38190 HIGH POC This Week

An issue was discovered in SuperWebMailer 9.00.0.01710. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Superwebmailer
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4635 MEDIUM POC This Month

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventon Lite
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-38194 MEDIUM POC This Month

An issue was discovered in SuperWebMailer 9.00.0.01710. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Superwebmailer
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-38192 MEDIUM POC This Month

An issue was discovered in SuperWebMailer 9.00.0.01710. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Superwebmailer
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-45666 CRITICAL Act Now

stb_image is a single file MIT licensed library for processing images. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stb Image H
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46054 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Wbce Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46003 MEDIUM POC This Month

I-doit pro 25 and below is vulnerable to Cross Site Scripting (XSS) via index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS I Doit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-46078 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PluginEver WC Serial Numbers plugin <= 1.6.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wc Serial Numbers
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46067 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Rocket Font
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45664 HIGH This Week

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Stb Image H
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-45662 HIGH This Week

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stb Image H
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-45681 HIGH This Week

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Stb Vorbis C
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-45679 HIGH This Week

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Stb Vorbis C
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-45678 HIGH This Week

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Stb Vorbis C
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-45677 HIGH This Week

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Stb Vorbis C
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-45676 HIGH This Week

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Stb Vorbis C
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-45675 HIGH This Week

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Stb Vorbis C
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-5132 HIGH This Week

The Soisy Pagamento Rateale plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the parseRemoteRequest function in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Soisy Pagamento Rateale
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-45667 HIGH This Week

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Stb Image H
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-45682 HIGH This Week

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Stb Vorbis C
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-45661 HIGH PATCH This Week

stb_image is a single file MIT licensed library for processing images. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Stb Image H
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-5205 MEDIUM This Month

The Add Custom Body Class plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'add_custom_body_class' value in versions up to, and including, 1.4.1 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Add Custom Body Class
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-45680 MEDIUM This Month

stb_vorbis is a single file MIT licensed library for processing ogg vorbis files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Stb Vorbis C
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-45663 MEDIUM This Month

stb_image is a single file MIT licensed library for processing images. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stb Image H
NVD GitHub
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-4939 MEDIUM PATCH This Month

The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Code Injection Salesmanago
NVD VulDB
CVSS 3.1
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy