Skip to main content
CVE-2023-20273 HIGH POC KEV THREAT Act Now

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Cisco Apple Command Injection Ios Xe
NVD GitHub
CVSS 3.1
7.2
EPSS
89.6%
CVE-2023-5311 HIGH POC PATCH This Week

The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass RCE WordPress Wp Extra
NVD VulDB
CVSS 3.1
8.8
EPSS
6.6%
CVE-2023-5753 HIGH POC This Week

Potential buffer overflows in the Bluetooth subsystem due to asserts being disabled in /subsys/bluetooth/host/hci_core.c. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-43961 HIGH POC PATCH This Week

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Authentication Bypass Sa Token
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37913 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Java Path Traversal Microsoft Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-37912 HIGH POC PATCH This Week

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation RCE Xwiki Rendering
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-37909 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-39740 HIGH POC This Week

The leakage of the client secret in Onigiriya-musubee Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Onigiriya Musubee
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39739 HIGH POC This Week

The leakage of the client secret in REGINA SWEETS&BAKERY Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Regina Sweets Bakery
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39737 HIGH POC This Week

The leakage of the client secret in Matsuya Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Matsuya
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39736 HIGH POC This Week

The leakage of the client secret in Fukunaga_memberscard Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Fukunaga Memberscard
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39735 HIGH POC This Week

The leakage of the client secret in Uomasa_Saiji_news Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uomasa Saiji New
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39734 HIGH POC This Week

The leakage of the client secret in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Trackdiner10 10 Mc
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39733 HIGH POC This Week

The leakage of the client secret in TonTon-Tei Line v13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tonton Tei
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-39732 HIGH POC This Week

The leakage of the client secret in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tokueimaru Waiting
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-37910 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-45135 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
1.7%
CVE-2023-45990 HIGH POC This Week

Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wenwenai Cms
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-4692 HIGH POC This Week

An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Grub2 Enterprise Linux
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-45555 HIGH POC This Week

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Zzzcms
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-38849 HIGH POC This Week

An issue in tire-sales Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38848 HIGH POC This Week

An issue in rmc R Beauty CLINIC Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38847 HIGH POC This Week

An issue in CHRISTINA JAPAN Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38846 HIGH POC This Week

An issue in Marbre Lapin Line v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38845 HIGH POC This Week

An issue in Anglaise Company Anglaise.Company v.13.6.1 allows a remote attacker to obtain sensitive information via crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46135 HIGH POC PATCH This Week

rs-stellar-strkey is a Rust lib for encode/decode of Stellar Strkeys. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Rs Stellar Strkey
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46120 HIGH POC PATCH This Week

The RabbitMQ Java client library allows Java and JVM-based applications to connect to and interact with RabbitMQ nodes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Rabbitmq Java Client
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39619 HIGH POC This Week

ReDos in NPMJS Node Email Check v.1.0.4 allows an attacker to cause a denial of service via a crafted string to the scpSyntax component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Node Email Check
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-5044 HIGH PATCH This Week

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Code Injection Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
8.8
EPSS
56.6%
CVE-2023-5043 HIGH PATCH This Week

Ingress nginx annotation injection causes arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-42852 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-41976 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-40447 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-5472 HIGH This Week

Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-4607 HIGH This Week

An authenticated XCC user can change permissions for any user through a crafted API command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx1331 Firmware +119
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-46204 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Duplicate Theme
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46202 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Auto Login New User After Registration
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46198 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Appointment Calendar
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46193 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Internal Link Building
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46191 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Open Graph Metabox
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46190 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Novo Map
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46189 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar - Google Calendar Plugin <= 3.2.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Simple Calendar
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46152 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF - WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wolf Wordpress Posts Bulk Editor And Products Manager Professional
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46151 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Product Category Tree
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46150 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WP Military WP Radio plugin <= 3.1.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Radio
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46102 HIGH This Week

The Android Client application, when enrolled to the AppHub server, connects to an MQTT broker to exchange messages and receive commands to execute on the HMI device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-45851 HIGH This Week

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-45321 HIGH This Week

The Android Client application, when enrolled with the define method 1 (the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-45220 HIGH This Week

The Android Client application, when enrolled with the define method 1(the user manually inserts the server ip address), use HTTP protocol to retrieve sensitive information (ip address and. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Ctrlx Hmi Web Panel Wr2107 Firmware Ctrlx Hmi Web Panel Wr2110 Firmware Ctrlx Hmi Web Panel Wr2115 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-43507 HIGH This Week

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy