Skip to main content
CVE-2023-24000 HIGH POC THREAT Act Now

A vulnerability in Ruben Garcia GamiPress gamipress.5.7. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.2%.

SQLi
NVD
CVSS 3.1
8.2
EPSS
21.2%
CVE-2023-5412 HIGH POC PATCH This Week

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.2 due to insufficient escaping on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Image Horizontal Reel Scroll Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
9.8%
CVE-2023-5464 HIGH POC PATCH This Week

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Jquery Accordion Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5437 HIGH POC PATCH This Week

The WP fade in text news plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Wp Fade In Text News
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5435 HIGH POC PATCH This Week

The Up down image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Up Down Image Slideshow Gallery
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5439 HIGH POC PATCH This Week

The Wp photo text slider 50 plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Wp Photo Text Slider 50
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5438 HIGH POC PATCH This Week

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Wp Image Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5436 HIGH POC PATCH This Week

The Vertical marquee plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 7.1 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Vertical Marquee Plugin
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5434 HIGH POC PATCH This Week

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Superb Slideshow Gallery
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5428 HIGH POC PATCH This Week

The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Image Vertical Reel Scroll Slideshow
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5430 HIGH POC PATCH This Week

The Jquery news ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 3.0 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Jquery News Ticker
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5433 HIGH POC PATCH This Week

The Message ticker plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.2 due to insufficient escaping on the user supplied parameter and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Message Ticker
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5431 HIGH POC PATCH This Week

The Left right image slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Left Right Image Slideshow Gallery
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5429 HIGH POC PATCH This Week

The Information Reel plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 10.0 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi WordPress Information Reel
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-3955 HIGH POC PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
3.4%
CVE-2023-3676 HIGH POC PATCH THREAT This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Microsoft
NVD GitHub
CVSS 3.1
8.8
EPSS
11.7%
CVE-2023-46248 HIGH POC This Week

Cody is an artificial intelligence (AI) coding assistant. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Cody
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-45996 HIGH POC This Week

SQL injection vulnerability in Senayan Library Management Systems Slims v.9 and Bulian v.9.6.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Senayan Library Management System Senayan Library Management System Bulian
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-5098 HIGH POC This Week

The Campaign Monitor Forms by Optin Cat WordPress plugin before 2.5.6 does not prevent users with low privileges (like subscribers) from overwriting any options on a site with the string "true",. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Campaign Monitor Optin Cat
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38994 HIGH POC This Week

The 'check_univention_joinstatus' prometheus monitoring script (and other scripts) in UCS 5.0-5 revealed the LDAP plaintext password of the machine account in the process list allowing attackers with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Univention Corporate Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37832 HIGH POC This Week

A lack of rate limiting in Elenos ETG150 FM transmitter v3.12 allows attackers to obtain user credentials via brute force and cause other unspecified impacts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46992 HIGH POC This Week

TOTOLINK A3300R V17.0.0cu.557_B20221024 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3300R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46978 HIGH POC This Week

TOTOLINK X6000R V9.4.0cu.852_B20230719 is vulnerable to Incorrect Access Control.Attackers can reset login password & WIFI passwords without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass X6000r Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-45899 HIGH POC This Week

An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Superuser
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46245 HIGH POC PATCH This Week

Kimai is a web-based multi-user time-tracking application. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Ssti Kimai
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-5099 HIGH PATCH This Week

The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.7 via the 'src' attribute of the 'csvsearch' shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure RCE WordPress LFI +1
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40050 HIGH This Week

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Automate
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-31212 HIGH This Week

A vulnerability in CRM Perks Contact Form Entries contact-form-entries.3.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Elementor
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2023-28777 HIGH This Week

A vulnerability in LearnDash LearnDash LMS sfwd-lms.5.3. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2023-5739 HIGH PATCH This Week

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to elevation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation HP Microsoft Image Assistant Pc Hardware Diagnostics +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42658 HIGH This Week

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Inspec
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37243 HIGH This Week

The C:\Windows\Temp\Agent.Package.Availability\Agent.Package.Availability.exe file is automatically launched as SYSTEM when the system reboots. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Agent Package Availability
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37966 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log user-activity-log allows SQL Injection.6.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-36508 HIGH This Week

A vulnerability in bestweblayout Contact Form to DB by BestWebSoft contact-form-to-db.7.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-35879 HIGH This Week

A vulnerability in Woo WooCommerce Product Vendors woocommerce-product-vendors.1.78. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-33927 HIGH This Week

A vulnerability in Themeisle MPG multiple-pages-generator-by-porthas.3.19. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2023-46129 HIGH PATCH This Week

NATS.io is a high performance open source pub-sub distributed communication technology, built for the cloud, on-premise, IoT, and edge computing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nats Server Nkeys
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-45955 HIGH This Week

An issue discovered in Nanoleaf Light strip v3.5.10 allows attackers to cause a denial of service via crafted write binding attribute commands. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Lightstrip Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46723 HIGH This Week

lte-pic32-writer is a writer for PIC32 devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Lte Pic32 Writer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46240 HIGH PATCH This Week

CodeIgniter is a PHP full-stack web framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Codeigniter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46239 HIGH PATCH This Week

quic-go is an implementation of the QUIC protocol in Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Quic Go
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46236 HIGH PATCH This Week

FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

Apache SSRF Fogproject
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy