Skip to main content
CVE-2023-46468 HIGH POC This Week

An issue in juzawebCMS v.3.4 and before allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Juzaweb Cms
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5425 HIGH PATCH This Week

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_change_user_meta and pmdm_wp_change_post_meta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Post Meta Data Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-43322 HIGH This Week

ZPE Systems, Inc Nodegrid OS v5.0.0 to v5.0.17, v5.2.0 to v5.2.19, v5.4.0 to v5.4.16, v5.6.0 to v5.6.13, v5.8.0 to v5.8.10, and v5.10.0 to v5.10.3 was discovered to contain a command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nodegrid Os
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-5426 HIGH PATCH This Week

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Post Meta Data Manager
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-46215 HIGH PATCH This Week

Insertion of Sensitive Information into Log File vulnerability in Apache Airflow Celery provider, Apache Airflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Airflow Airflow Celery Provider
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy