Skip to main content
CVE-2022-45835 MEDIUM POC THREAT This Month

Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.0.15. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.1%.

SSRF Phonepe
NVD
CVSS 3.1
5.8
EPSS
71.1%
Threat
4.8
CVE-2023-48060 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-48058 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/task/run. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-47346 HIGH POC This Week

Buffer Overflow vulnerability in free5gc 3.3.0, UPF 1.2.0, and SMF 1.2.0 allows attackers to cause a denial of service via crafted PFCP messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Free5gc Smf Upf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-47117 HIGH POC PATCH This Week

Label Studio is an open source data labeling tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Python Label Studio
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-4603 MEDIUM POC PATCH This Month

The Star CloudPRNT for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'printersettings' parameter in versions up to, and including, 2.0.3 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress XSS Star Cloudprnt For Woocommerce
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-46020 MEDIUM POC This Month

Cross Site Scripting (XSS) in updateprofile.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'rename', 'remail', 'rphone' and 'rcity' parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Blood Bank
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46019 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Blood Bank
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46016 MEDIUM POC This Month

Cross Site Scripting (XSS) in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Blood Bank
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46015 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in index.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via 'msg' parameter in application URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Blood Bank
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6102 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Maiwei Safety Production Control Platform
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6099 CRITICAL Act Now

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Facial Love Cloud Platform
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46021 MEDIUM POC This Month

SQL Injection vulnerability in cancel.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary commands via the 'reqid' parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46018 MEDIUM POC This Month

SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-46017 MEDIUM POC This Month

SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-46014 MEDIUM POC This Month

SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blood Bank
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-48068 MEDIUM POC This Month

DedeCMS v6.2 was discovered to contain a Cross-site Scripting (XSS) vulnerability via spec_add.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47621 HIGH PATCH This Week

Guest Entries is a php library which allows users to create, update & delete entries from the front-end of a site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload PHP Guest Entries
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6097 HIGH This Week

A SQL injection vulnerability has been found in ICS Business Manager, affecting version 7.06.0028.7089. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ics Business Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5747 HIGH This Week

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Wave Server Software Pno A6081R E1T Firmware Pno A6081R E2T Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-35041 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability leading to Local File Inclusion (LF) in Webpushr Web Push Notifications Web Push Notifications - Webpushr plugin <= 4.34.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Web Push Notifications
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47669 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin <= 3.10.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Profile Builder
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-34384 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Kebo Twitter Feed
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-34378 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Hide Post
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33207 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Krzysztof Wielogórski Stop Referrer Spam plugin <= 1.3.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Stop Referrer Spam
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32588 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in BRANDbrilliance Post State Tags plugin <= 2.0.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Post State Tags
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32583 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Prashant Walke WP All Backup plugin <= 2.4.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp All Backup
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47230 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Contact Forms
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46638 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Webcodin WCP OpenWeather plugin <= 2.5.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wcp Openweather
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46636 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in David Stöckl Custom Header Images plugin <= 1.2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Custom Header Images
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46629 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in themelocation Remove Add to Cart WooCommerce plugin <= 1.4.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Remove Add To Cart Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46625 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Autolinks Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46620 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.3.9.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Deepl Api Translation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46619 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wdsocialwidgets
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46618 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Category Seo Meta Tags
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26543 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Aleksandr Guidrevitch WP Meteor Website Speed Optimization Addon plugin <= 3.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Meteor
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26531 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF All In One Search Automatic Push Management
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27445 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Meril Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Blog Floating Button
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27441 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gl_SPICE New Adman plugin <= 1.6.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF New Adman
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27438 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Evgen Yurchenko WP Translitera plugin <= p1.2.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Translitera
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27436 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Louis Reingold Elegant Custom Fonts plugin <= 1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Elegant Custom Fonts
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27434 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Classic Editor and Classic Widgets plugin <= 1.2.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Classic Editor And Classic Widgets
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26524 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master - Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Quiz And Survey Master
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26518 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes WP TFeed plugin <= 1.6.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Tfeed
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26516 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPIndeed Debug Assistant plugin <= 1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Debug Assistant
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26514 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google plugin <= 1.3.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Dynamic Xml Sitemaps Generator For Google
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47625 MEDIUM POC PATCH This Month

PX4 autopilot is a flight control solution for drones. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow Px4 Drone Autopilot
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-48063 MEDIUM POC This Month

An issue was discovered in dreamer_cms 4.1.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-6101 HIGH This Week

A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1.7/ha.html of the component Intelligent Monitoring. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Maiwei Safety Production Control Platform
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-47163 HIGH PATCH This Week

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Remarshal
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy