Skip to main content
CVE-2023-5199 CRITICAL POC Act Now

The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution in versions up to, and including, 0.3 via the 'php-to-page' shortcode. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP WordPress RCE Php To Page
NVD VulDB
CVSS 3.1
9.9
EPSS
4.9%
CVE-2023-5843 CRITICAL POC Act Now

The Ads by datafeedr.com plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 1.1.3 via the 'dfads_ajax_load_ads' function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

RCE Code Injection WordPress Ads By Datafeedr Com
NVD VulDB
CVSS 3.1
9.0
EPSS
9.1%
CVE-2023-44397 CRITICAL POC Act Now

CloudExplorer Lite is an open source, lightweight cloud management platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Cloudexplorer Lite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-47104 CRITICAL POC PATCH Act Now

tinyfiledialogs (aka tiny file dialogs) before 3.15.0 allows shell metacharacters (such as a backquote or a dollar sign) in titles, messages, and other input data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Tinyfiledialogs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5832 CRITICAL POC PATCH Act Now

Improper Input Validation in GitHub repository mintplex-labs/anything-llm prior to 0.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Anythingllm
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-46502 CRITICAL PATCH Act Now

An issue in openCRX v.5.2.2 allows a remote attacker to read internal files and execute server side request forgery attack via insecure DocumentBuilderFactory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Opencrx
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43792 CRITICAL Act Now

baserCMS is a website development framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43649 CRITICAL PATCH Act Now

baserCMS is a website development framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-45799 CRITICAL Act Now

In MLSoft TCO!stream versions 8.0.22.1115 and below, a vulnerability exists due to insufficient permission validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tco Stream
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-45798 CRITICAL Act Now

In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation of third-party modules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Vestcert
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-45797 CRITICAL Act Now

A Buffer overflow vulnerability in DreamSecurity MagicLine4NX versions 1.0.0.1 to 1.0.0.26 allows an attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Magicline 4 0
NVD
CVSS 3.1
9.8
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy