Skip to main content
CVE-2023-41425 MEDIUM POC THREAT This Month

Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 54.3%.

XSS RCE Wondercms
NVD GitHub Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
54.3%
Threat
4.3
CVE-2023-47359 CRITICAL POC CISA Emergency

Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Vlc Media Player
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
Threat
5.5
CVE-2023-46800 CRITICAL POC Act Now

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Matrimonial Project
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46793 CRITICAL POC Act Now

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Matrimonial Project
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46789 CRITICAL POC Act Now

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Matrimonial Project
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46788 CRITICAL POC Act Now

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Matrimonial Project
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46787 CRITICAL POC Act Now

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Matrimonial Project
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46785 CRITICAL POC Act Now

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Matrimonial Project
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46679 CRITICAL POC Act Now

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Job Portal
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-46677 CRITICAL POC Act Now

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Job Portal
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33481 CRITICAL POC Act Now

RemoteClinic 2.0 is vulnerable to a time-based blind SQL injection attack in the 'start' GET parameter of patients/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Remote Clinic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33479 CRITICAL POC Act Now

RemoteClinic version 2.0 contains a SQL injection vulnerability in the /staff/edit.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Remote Clinic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33478 CRITICAL POC Act Now

RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Remote Clinic
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42284 CRITICAL POC Act Now

Blind SQL injection in api_version parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tyk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-42283 CRITICAL POC Act Now

Blind SQL injection in api_id parameter in Tyk Gateway version 5.0.3 allows attacker to access and dump the database via a crafted SQL query. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Tyk
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-2675 CRITICAL POC PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 2023.Q1.1223. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Twake
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-47360 HIGH POC CISA Act Now

Videolan VLC prior to version 3.0.20 contains an Integer underflow that leads to an incorrect packet length. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Information Disclosure Vlc Media Player
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
Threat
5.0
CVE-2023-46501 CRITICAL POC Act Now

An issue in BoltWire v.6.03 allows a remote attacker to obtain sensitive information via a crafted payload to the view and change admin password function. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Boltwire
NVD GitHub
CVSS 3.1
9.1
EPSS
1.3%
CVE-2023-47456 CRITICAL POC Act Now

Tenda AX1806 V1.0.0.1 contains a stack overflow vulnerability in function sub_455D4, called by function fromSetWirelessRepeat. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-47455 CRITICAL POC Act Now

Tenda AX1806 V1.0.0.1 contains a heap overflow vulnerability in setSchedWifi function, in which the src and v12 are directly obtained from http request parameter schedStartTime and schedEndTime. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax1806 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-5709 HIGH POC This Week

The WD WidgetTwitter plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 1.0.9 due to insufficient escaping on the user supplied parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wd Widgettwitter
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46730 HIGH POC PATCH This Week

Group-Office is an enterprise CRM and groupware tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF PHP Microsoft Group Office
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-33480 HIGH POC This Week

RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Remote Clinic
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-43885 HIGH POC This Week

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Tenda Rx9 Pro Firmware
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-41036 HIGH POC PATCH This Week

Macvim is a text editor for MacOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Apple Macvim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5998 HIGH POC PATCH This Week

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46253 HIGH POC This Week

Squidex is an open source headless CMS and content management hub. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Squidex
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-46845 HIGH POC This Week

EC-CUBE 3 series (3.0.0 to 3.0.18-p6) and 4 series (4.0.0 to 4.0.6-p3, 4.1.0 to 4.1.2-p2, and 4.2.0 to 4.2.2) contain an arbitrary code execution vulnerability due to improper settings of the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ec Cube
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-43886 HIGH POC This Week

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Rx9 Pro Firmware
NVD
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-40453 MEDIUM POC This Month

Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Docker Machine
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5660 MEDIUM POC This Month

The SendPress Newsletters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.22.3.31 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Sendpress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-5669 MEDIUM POC This Month

The Featured Image Caption plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and post meta in all versions up to, and including, 0.8.10 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Featured Image Caption
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5703 MEDIUM POC PATCH This Month

The Gift Up Gift Cards for WordPress and WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'giftup' shortcode in all versions up to, and including, 2.20.1. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Gift Up Gift Cards For Wordpress And Woocommerce
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-5661 MEDIUM POC This Month

The Social Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialfeed' shortcode in all versions up to, and including, 1.5.4.6 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Social Feed
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46252 MEDIUM POC This Month

Squidex is an open source headless CMS and content management hub. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squidex
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46998 MEDIUM POC This Month

Cross Site Scripting vulnerability in BootBox Bootbox.js v.3.2 through 6.0 allows a remote attacker to execute arbitrary code via a crafted payload to alert(), confirm(), prompt() functions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Bootbox
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-5309 CRITICAL Act Now

Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Puppet Enterprise
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-38547 CRITICAL PATCH Act Now

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

RCE Information Disclosure One
NVD
CVSS 3.1
9.8
EPSS
18.9%
CVE-2023-33045 CRITICAL Act Now

Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Ar8035 Firmware Csr8811 Firmware Qca6390 Firmware Wcn685X 5 Firmware +124
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-22388 CRITICAL Act Now

Memory Corruption in Multi-mode Call Processor while processing bit mask API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow 315 5g Iot Modem Firmware 9205 Lte Modem Firmware 9206 Lte Modem Firmware +220
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-46001 MEDIUM POC PATCH This Month

Buffer Overflow vulnerability in gpac MP4Box v.2.3-DEV-rev573-g201320819-master allows a local attacker to cause a denial of service via the gpac/src/isomedia/isom_read.c:2807:51 function in. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46744 MEDIUM POC This Month

Squidex is an open source headless CMS and content management hub. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Squidex
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5904 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5903 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pkp/pkp-lib prior to 3.3.0-16. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pkp Web Application Library
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46737 MEDIUM POC PATCH This Month

Cosign is a sigstore signing tool for OCI containers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cosign
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-47102 MEDIUM POC This Month

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Urbackup Server
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-25983 HIGH This Week

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.5.84. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kb Support
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45380 HIGH This Week

In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <= 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Order Duplicator
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-46243 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-46244 HIGH PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy