Skip to main content
CVE-2023-3277 CRITICAL POC THREAT Emergency

The MStore API plugin for WordPress is vulnerable to Unauthorized Account Access and Privilege Escalation in versions up to, and including, 4.10.7 due to improper implementation of the Apple login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 38.2%.

Apple WordPress Privilege Escalation Mstore Api
NVD VulDB
CVSS 3.1
9.8
EPSS
38.2%
Threat
4.6
CVE-2022-45805 HIGH POC THREAT Act Now

A vulnerability in integrationdevpaytm Paytm Payment Gateway paytm-payments.7.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.4%.

SQLi
NVD
CVSS 3.1
8.2
EPSS
39.4%
Threat
4.3
CVE-2023-46404 CRITICAL POC PATCH Act Now

PCRS <= 3.11 (d0de1e) “Questions” page and “Code editor” page are vulnerable to remote code execution (RCE) by escaping Python sandboxing. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Pcrs
NVD GitHub
CVSS 3.1
9.9
EPSS
1.9%
CVE-2023-46980 CRITICAL POC Act Now

An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Best Courier Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-3961 CRITICAL POC Act Now

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Samba Storage Enterprise Linux +2
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-46817 CRITICAL POC Act Now

An issue was discovered in phpFox before 4.8.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Phpfox
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-38965 CRITICAL POC Act Now

Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Lost And Found Information System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-46954 CRITICAL POC Act Now

SQL Injection vulnerability in Relativity ODA LLC RelativityOne v.12.1.537.3 Patch 2 and earlier allows a remote attacker to execute arbitrary code via the name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Relativityone
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-46947 HIGH POC This Week

Subrion 4.2.1 has a remote command execution vulnerability in the backend. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Subrion
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-4043 HIGH POC PATCH This Week

In Eclipse Parsson before versions 1.1.4 and 1.0.5, Parsing JSON from untrusted sources can lead malicious actors to exploit the fact that the built-in support for parsing numbers with large scale in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Information Disclosure Parsson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34260 HIGH POC THREAT This Week

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow a denial of service (service outage) via /wlmdeu%2f%2e%2e%2f%2e%2e followed by a directory reference such as %2fetc%00index.htm to try. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Denial Of Service D Copia253Mf Plus Firmware
NVD
CVSS 3.1
7.5
EPSS
73.4%
CVE-2023-5707 MEDIUM POC PATCH This Month

The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Seo Slider
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-25960 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Zendrop Zendrop - Global Dropshipping zendrop-dropshipping-and-fulfillment allows SQL. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Zendrop
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-36529 CRITICAL Act Now

A vulnerability in Favethemes Houzez CRM houzez-crm.3.4. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.9
EPSS
0.2%
CVE-2023-23369 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Multimedia Console Media Streaming Add On
NVD
CVSS 3.1
9.8
EPSS
14.4%
CVE-2023-23368 CRITICAL Act Now

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero Qutscloud
NVD
CVSS 3.1
9.8
EPSS
18.7%
CVE-2023-4591 CRITICAL Act Now

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6, which would allow an unauthenticated user to perform a local file inclusion (LFI) via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Wpn Xm
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5763 CRITICAL PATCH Act Now

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Glassfish
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-41355 CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nokia G 040W Q Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41351 CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an unauthenticated remote attacker to bypass the authentication mechanism to log in to the device by an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Authentication Bypass G 040W Q Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43982 CRITICAL Act Now

Bon Presta boninstagramcarousel between v5.2.1 to v7.0.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at insta_parser.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Socialfeed Photos Video Using Instagram Api
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41350 CRITICAL Act Now

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of insufficient measures to prevent multiple failed authentication attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nokia Authentication Bypass G 040W Q Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5948 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository teamamaze/amazefileutilities prior to 1.91. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Amaze File Utilities
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-5945 MEDIUM POC PATCH This Month

The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Video Carousel Slider With Lightbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-45360 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-34261 MEDIUM POC This Month

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow identification of valid user accounts via username enumeration because they lead to a "nicht einloggen" error rather than a falsch. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D Copia253Mf Plus Firmware
NVD
CVSS 3.1
5.3
EPSS
8.1%
CVE-2023-41652 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David F. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
4.8%
CVE-2023-36621 CRITICAL Act Now

An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Boomerang
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2023-34259 MEDIUM POC THREAT This Month

Kyocera TASKalfa 4053ci printers through 2VG_S000.002.561 allow /wlmdeu%2f%2e%2e%2f%2e%2e directory traversal to read arbitrary files on the filesystem, even files that require root privileges. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal D Copia253Mf Plus Firmware
NVD
CVSS 3.1
4.9
EPSS
60.7%
CVE-2023-3893 HIGH PATCH This Week

A security issue was discovered in Kubernetes where a user that can create pods on Windows nodes running kubernetes-csi-proxy may be able to escalate to admin privileges on those nodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Microsoft Csi Proxy
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
CVE-2023-4769 HIGH This Week

A SSRF vulnerability has been found in ManageEngine Desktop Central affecting version 9.1.0, specifically the /smtpConfig.do component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Zoho Manageengine Desktop Central
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2023-41357 HIGH This Week

Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Vitals Enterprise Social Platform
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41353 HIGH This Week

Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of weak password requirements. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nokia Brute Force G 040W Q Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41348 HIGH This Week

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its code-authentication module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ax55 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-41347 HIGH This Week

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ax55 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-41346 HIGH This Week

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ax55 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-41345 HIGH This Week

ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rt Ax55 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-42027 HIGH PATCH This Week

IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Txseries For Multiplatforms Cics Tx
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36620 MEDIUM POC This Month

An issue was discovered in the Boomerang Parental Control application before 13.83 for Android. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Boomerang
NVD
CVSS 3.1
4.6
EPSS
0.5%
CVE-2022-46859 HIGH This Week

A vulnerability in Spiffy Plugins Spiffy Calendar spiffy-calendar.9.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-34383 HIGH This Week

A vulnerability in weDevs WP Project Manager wedevs-project-manager.6.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2023-36677 HIGH This Week

A vulnerability in smartypants SP Project & Document Manager sp-client-document-manager.67. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-45362 MEDIUM POC This Month

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-25700 HIGH This Week

A vulnerability in Themeum Tutor LMS tutor.1.10. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-46818 HIGH This Week

A vulnerability in gopiplus Email posts to subscribers email-posts-to-subscribers.2. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-47445 HIGH This Week

A vulnerability in Be POPIA Compliant Be POPIA Compliant be-popia-compliant.2.0. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2022-46808 HIGH This Week

A vulnerability in reputeinfosystems ARMember armember-membership.4.11. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2023-25800 HIGH This Week

A vulnerability in Themeum Tutor LMS tutor.2.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-1194 HIGH PATCH This Week

An out-of-bounds (OOB) memory read flaw was found in parse_lease_state in the KSMBD implementation of the in-kernel samba server and CIFS in the Linux kernel. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Buffer Overflow Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-41726 HIGH This Week

Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Avalanche
NVD
CVSS 3.1
7.8
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy