Skip to main content
CVE-2023-22518 CRITICAL POC KEV THREAT Emergency

All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-5360 CRITICAL POC THREAT Emergency

The Royal Elementor Addons and Templates WordPress plugin before 1.3.79 does not properly validate uploaded files, which could allow unauthenticated users to upload arbitrary files, such as PHP and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Royal Elementor Addons
NVD WPScan Exploit-DB
CVSS 3.1
9.8
EPSS
81.7%
CVE-2023-24000 HIGH POC THREAT Act Now

A vulnerability in Ruben Garcia GamiPress gamipress.5.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

SQLi
NVD
CVSS 3.1
8.2
EPSS
21.2%
CVE-2023-5412 HIGH POC PATCH This Week

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Image Horizontal Reel Scroll Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
9.8%
CVE-2023-46485 CRITICAL POC Act Now

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setTracerouteCfg function of the stecgi.cgi component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection X6000r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46484 CRITICAL POC Act Now

An issue in TOTOlink X6000R V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the setLedCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection X6000r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46256 CRITICAL POC Act Now

PX4-Autopilot provides PX4 flight control solution for drones. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-46993 CRITICAL POC Act Now

In TOTOLINK A3300R V17.0.0cu.557_B20221024 when dealing with setLedCfg request, there is no verification for the enable parameter, which can lead to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-46979 CRITICAL POC Act Now

TOTOLINK X6000R V9.4.0cu.852_B20230719 was discovered to contain a command injection vulnerability via the enable parameter in the setLedCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X6000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-46977 CRITICAL POC Act Now

TOTOLINK LR1200GB V9.1.0u.6619_B20230130 was discovered to contain a stack overflow via the password parameter in the function loginAuth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Lr1200Gb Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.7%
CVE-2023-46976 CRITICAL POC Act Now

TOTOLINK A3300R 17.0.0cu.557_B20221024 contains a command injection via the file_name parameter in the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-46356 CRITICAL POC Act Now

In the module "CSV Feeds PRO" (csvfeeds) before 2.6.1 from Bl Modules for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Csv Feeds Pro
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5865 CRITICAL POC PATCH Act Now

Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5464 HIGH POC PATCH This Week

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Jquery Accordion Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5437 HIGH POC PATCH This Week

The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Wp Fade In Text News
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5435 HIGH POC PATCH This Week

The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Up Down Image Slideshow Gallery
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5439 HIGH POC PATCH This Week

The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Wp Photo Text Slider 50
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5438 HIGH POC PATCH This Week

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Wp Image Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5436 HIGH POC PATCH This Week

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Vertical Marquee Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5434 HIGH POC PATCH This Week

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Superb Slideshow Gallery
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5428 HIGH POC PATCH This Week

The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Image Vertical Reel Scroll Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5430 HIGH POC PATCH This Week

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Jquery News Ticker
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5433 HIGH POC PATCH This Week

The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Message Ticker
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5431 HIGH POC PATCH This Week

The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Left Right Image Slideshow Gallery
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5429 HIGH POC PATCH This Week

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Information Reel
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-3955 HIGH POC PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2023-3676 HIGH POC PATCH THREAT This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
11.7%
CVE-2023-46248 HIGH POC This Week

Cody is an artificial intelligence (AI) coding assistant. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cody
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-45996 HIGH POC This Week

SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Senayan Library Management System Senayan Library Management System Bulian
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-5098 HIGH POC This Week

The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true",. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Campaign Monitor Optin Cat
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38994 HIGH POC This Week

The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Univention Corporate Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37832 HIGH POC This Week

A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46992 HIGH POC This Week

TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3300R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46978 HIGH POC This Week

TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass X6000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-45899 HIGH POC This Week

An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Superuser
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46245 HIGH POC PATCH This Week

Kimai is a web-based multi-user time-tracking application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ssti Kimai
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-39610 MEDIUM POC This Month

An issue in TP-Link Tapo C100 v1.1.15 Build 211130 Rel.15378n(4555) and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted web request. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tapo C100 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-46361 MEDIUM POC This Month

Artifex Software jbig2dec v0.20 was discovered to contain a SEGV vulnerability via jbig2_error at /jbig2dec/jbig2.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jbig2Dec
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-5073 MEDIUM POC This Month

The iframe forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'iframe' shortcode in versions up to, and including, 1.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Iframe Forms
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-44484 MEDIUM POC This Month

Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Blood Donation Management System
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5307 MEDIUM POC This Month

The Photos and Files Contest Gallery WordPress plugin before 21.2.8.1 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contest Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5238 MEDIUM POC This Month

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventprime
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5211 MEDIUM POC This Month

The Fattura24 WordPress plugin before 6.2.8 does not sanitize or escape the 'id' parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Fattura24
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4250 MEDIUM POC This Month

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Eventprime
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5863 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.2.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-42425 CRITICAL Act Now

An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Edge Evc5Fd Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36263 CRITICAL PATCH Act Now

Prestashop opartlimitquantity 1.4.5 and before is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Op Art Limit Quantity
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-46249 CRITICAL PATCH Act Now

authentik is an open-source Identity Provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43139 CRITICAL Act Now

An issue in franfinance before v.2.0.27 allows a remote attacker to execute arbitrary code via the validation.php, and controllers/front/validation.php components. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE Command Injection Franfinance
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-47174 CRITICAL Act Now

Thorn SFTP gateway 3.4.x before 3.4.4 uses Pivotal Spring Framework for Java deserialization of untrusted data, which is not supported by Pivotal, a related issue to CVE-2016-1000027. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Deserialization Sftp Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy