Skip to main content
CVE-2023-5199 CRITICAL POC Act Now

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP WordPress RCE Php To Page
NVD VulDB
CVSS 3.1
9.9
EPSS
4.9%
CVE-2023-5843 CRITICAL POC Act Now

The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Code Injection WordPress Ads By Datafeedr Com
NVD VulDB
CVSS 3.1
9.0
EPSS
9.1%
CVE-2023-44397 CRITICAL POC Act Now

CloudExplorer Lite is an open source, lightweight cloud management platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cloudexplorer Lite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-47104 CRITICAL POC PATCH Act Now

tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Tinyfiledialogs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5832 CRITICAL POC PATCH Act Now

Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Anythingllm
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-5583 HIGH POC This Week

The WP Simple Galleries plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 1.34 via deserialization of untrusted input from the 'wpsimplegallery_gallery'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Deserialization PHP Information Disclosure Wp Simple Galleries
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-46478 HIGH POC This Week

An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Minical
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-42323 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in DouHaocms v.3.3 allows a remote attacker to execute arbitrary code via the adminAction.class.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP CSRF Douhaocms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-5833 HIGH POC PATCH This Week

Improper Access Control in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Anythingllm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-45672 HIGH POC This Week

Frigate is an open source network video recorder. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Deserialization Frigate
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-46863 HIGH POC This Week

Peppermint Ticket Management before 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/users/file/download?filepath=./../ POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Peppermint
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5844 HIGH POC PATCH This Week

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Admin Classic Bundle
NVD GitHub
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-46865 HIGH POC PATCH THREAT This Week

/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection PHP Crater
NVD GitHub
CVSS 3.1
7.2
EPSS
20.3%
CVE-2023-45670 MEDIUM POC This Month

Frigate is an open source network video recorder. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service CSRF Frigate
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-46867 MEDIUM POC This Month

In International Color Consortium DemoIccMAX 79ecb74, CIccXformMatrixTRC::GetCurve in IccCmm.cpp in libSampleICC.a has a NULL pointer dereference. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Demoiccmax
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-46866 MEDIUM POC This Month

In International Color Consortium DemoIccMAX 79ecb74, CIccCLUT::Interp3d in IccProfLib/IccTagLut.cpp in libSampleICC.a attempts to access array elements at out-of-bounds indexes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Demoiccmax
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-5566 MEDIUM POC This Month

The Simple Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 1.0.20 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Simple Shortcodes
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5362 MEDIUM POC PATCH This Month

The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Carousel Recent Post Slider And Banner Slider
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5666 MEDIUM POC PATCH This Month

The Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcpaccordion' shortcode in all versions up to, and including, 2.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Accordion
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5565 MEDIUM POC This Month

The Shortcode Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shortmenu' shortcode in versions up to, and including, 3.2 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Shortcod Menu
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5335 MEDIUM POC This Month

The Buzzsprout Podcasting plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'buzzsprout' shortcode in versions up to, and including, 1.8.4 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Buzzsprout
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46502 CRITICAL PATCH Act Now

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Opencrx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43792 CRITICAL Act Now

baserCMS is a website development framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43649 CRITICAL PATCH Act Now

baserCMS is a website development framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-45799 CRITICAL Act Now

In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tco Stream
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-45798 CRITICAL Act Now

In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Vestcert
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-45797 CRITICAL Act Now

A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Magicline 4 0
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42431 MEDIUM POC This Month

Cross-site Scripting (XSS) vulnerability in BlueSpiceAvatars extension of BlueSpice allows logged in user to inject arbitrary HTML into the profile image dialog on Special:Preferences. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bluespice
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-46864 MEDIUM POC This Month

Peppermint Ticket Management through 0.2.4 allows remote attackers to read arbitrary files via a /api/v1/ticket/1/file/download?filepath=../ POST request. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Peppermint
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-5315 HIGH PATCH This Week

The Google Maps made Simple plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 0.6 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Google WordPress Google Maps Made Simple
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5250 HIGH This Week

The Grid Plus plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.3.3 via a shortcode attribute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Information Disclosure RCE WordPress LFI +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-42803 HIGH This Week

BigBlueButton is an open-source virtual classroom. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Bigbluebutton
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41891 HIGH PATCH This Week

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Flyteadmin
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-21392 HIGH This Week

In Bluetooth, there is a possible way to corrupt memory due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-21361 HIGH This Week

In Bluetooth, there is a possibility of code-execution due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-21356 HIGH This Week

In Bluetooth, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-5842 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-45671 MEDIUM POC This Month

Frigate is an open source network video recorder. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

XSS Frigate
NVD GitHub
CVSS 3.1
4.7
EPSS
1.4%
CVE-2023-47101 HIGH This Week

The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Openvpn Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21398 HIGH This Week

In sdksandbox, there is a possible strandhogg style overlay attack due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21397 HIGH This Week

In Setup Wizard, there is a possible way to save a WiFi network due to an insecure default value. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21396 HIGH This Week

In Activity Manager, there is a possible background activity launch due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21393 HIGH This Week

In Settings, there is a possible way for the user to change SIM due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21390 HIGH This Week

In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21389 HIGH This Week

In Settings, there is a possible bypass of profile owner restrictions due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21388 HIGH This Week

In Settings, there is a possible restriction bypass due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21381 HIGH This Week

In Media Resource Manager, there is a possible local arbitrary code execution due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Use After Free Privilege Escalation RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21378 HIGH This Week

In Telecomm, there is a possible way to silence the ring for calls of secondary users due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21375 HIGH This Week

In Sysproxy, there is a possible out of bounds write due to an integer underflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21374 HIGH This Week

In System UI, there is a possible factory reset protection bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy