Skip to main content
CVE-2023-46570 CRITICAL POC Act Now

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32 function of libr/arch/p/nds32/nds32-dis.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46569 CRITICAL POC Act Now

An out-of-bounds read in radare2 v.5.8.9 and before exists in the print_insn32_fpu function of libr/arch/p/nds32/nds32-dis.h. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Radare2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46468 HIGH POC This Week

An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Juzaweb Cms
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5837 MEDIUM POC This Month

A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fotoscms2
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5836 CRITICAL Act Now

A vulnerability was found in SourceCodester Task Reminder System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Task Reminder System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-45897 MEDIUM POC PATCH This Month

exfatprogs before 1.2.2 allows out-of-bounds memory access, such as in read_file_dentry_set. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Exfatprogs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-46467 MEDIUM POC This Month

Cross Site Scripting vulnerability in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter of the registration page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5425 HIGH PATCH This Week

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Post Meta Data Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-43322 HIGH This Week

ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nodegrid Os
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-5426 HIGH PATCH This Week

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Post Meta Data Manager
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-46215 HIGH PATCH This Week

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Airflow Airflow Celery Provider
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-46854 MEDIUM PATCH This Month

Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Proxmox Widget Toolkit
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5835 MEDIUM PATCH This Month

A vulnerability classified as problematic was found in hu60t hu60wap6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Hu60Wap6
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy