Skip to main content
CVE-2023-46990 CRITICAL POC Act Now

Deserialization of Untrusted Data in PublicCMS v.4.0.202302.e allows a remote attacker to execute arbitrary code via a crafted script to the writeReplace function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Publiccms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-5652 CRITICAL POC THREAT Act Now

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress SQLi Wp Hotel Booking
NVD WPScan
CVSS 3.1
9.8
EPSS
63.7%
CVE-2023-5640 CRITICAL POC Act Now

The Article Analytics WordPress plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Article Analytics
NVD WPScan
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-5340 CRITICAL POC Act Now

The Five Star Restaurant Menu and Food Ordering WordPress plugin before 2.4.11 unserializes user input via an AJAX action available to unauthenticated users, allowing them to perform PHP Object. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Five Star Restaurant Menu
NVD WPScan
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46302 CRITICAL POC PATCH Act Now

Apache Software Foundation Apache Submarine has a bug when serializing against yaml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Apache Deserialization Submarine
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-4824 HIGH POC This Week

The WooHoo Newspaper Magazine theme does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Woohoo Newspaper Magazine Theme
NVD WPScan
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-48192 HIGH POC This Week

An issue in TOTOlink A3700R v.9.1.2u.6134_B20201202 allows a local attacker to execute arbitrary code via the setTracerouteCfg function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE A3700r Firmware
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-48310 HIGH POC PATCH This Week

TestingPlatform is a testing platform for Internet Security Standards. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Testing Platform
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48051 HIGH POC This Week

An issue in /upydev/keygen.py in upydev v0.4.3 allows attackers to decrypt sensitive information via weak encryption padding. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Upydev
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-48111 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Tenda Ax1803 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-48110 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the urls parameter in the function saveParentControlInfo . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Tenda Ax1803 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-48109 HIGH POC This Week

Tenda AX1803 v1.0.0.1 was discovered to contain a heap overflow via the deviceId parameter in the function saveParentControlInfo . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Tenda Ax1803 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38879 HIGH POC This Week

The Community Edition version 9.0 of OS4ED's openSIS Classic allows remote attackers to read arbitrary files via a directory traversal vulnerability in the 'filename' parameter of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Opensis
NVD GitHub
CVSS 3.1
7.5
EPSS
3.7%
CVE-2023-48241 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
72.8%
CVE-2023-48090 HIGH POC This Week

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leaks in extract_attributes media_tools/m3u8.c:329. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-6199 MEDIUM POC This Month

Book Stack version 23.10.2 allows filtering local files on the server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Bookstack
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-47311 MEDIUM POC This Month

An issue in Yamcs 5.8.6 allows attackers to send aribitrary telelcommands in a Command Stack via Clickjacking. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Yacms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5609 MEDIUM POC This Month

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seraphinite Accelerator
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5140 MEDIUM POC This Month

The Bonus for Woo WordPress plugin before 5.8.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bonus For Woo
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48223 MEDIUM POC PATCH This Month

fast-jwt provides fast JSON Web Token (JWT) implementation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Fast Jwt
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-48176 CRITICAL Act Now

An Insecure Permissions issue in WebsiteGuide v.0.2 allows a remote attacker to gain escalated privileges via crafted jwt (JSON web token). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Websiteguide
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-38823 CRITICAL Act Now

Buffer Overflow vulnerability in Tenda Ac19 v.1.0, AC18, AC9 v.1.0, AC6 v.2.0 and v.1.0 allows a remote attacker to execute arbitrary code via the formSetCfm function in bin/httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Tenda Ac6 Firmware Ac9 Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-38880 CRITICAL Act Now

The Community Edition version 9.0 of OS4ED's openSIS Classic has a broken access control vulnerability in the database backup functionality. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Opensis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-35762 CRITICAL Act Now

Versions of INEA ME RTU firmware 3.36b and prior are vulnerable to operating system (OS) command injection, which could allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Me Rtu Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-29155 CRITICAL Act Now

Versions of INEA ME RTU firmware 3.36b and prior do not require authentication to the "root" account on the host system of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Me Rtu Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-46700 CRITICAL Act Now

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.4M (MySQL version) and LuxCal Web Calendar prior to 5.2.4L (SQLite version) allows a remote unauthenticated attacker to execute an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Luxcal Web Calendar
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-48039 MEDIUM POC This Month

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gf_mpd_parse_string media_tools/mpd.c:75. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-46471 MEDIUM POC This Month

Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via the text variable scriptContainer of the ScriptViewer. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Yacms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46470 MEDIUM POC This Month

Cross Site Scripting vulnerability in Space Applications Services Yamcs v.5.8.6 allows a remote attacker to execute arbitrary code via crafted telecommand in the timeline view of the ArchiveBrowser. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Yacms
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-5799 MEDIUM POC This Month

The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Hotel Booking
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-5651 MEDIUM POC This Month

The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Hotel Booking
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-5610 MEDIUM POC This Month

The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Seraphinite Accelerator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-5509 MEDIUM POC This Month

The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Mystickymenu
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4799 MEDIUM POC This Month

The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Magic Embeds
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48300 MEDIUM POC PATCH This Month

The `Embed Privacy` plugin for WordPress that prevents the loading of embedded external content is vulnerable to Stored Cross-Site Scripting via `embed_privacy_opt_out` shortcode in versions up to,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

WordPress XSS Embed Privacy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6196 HIGH This Week

The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Audio Merchant
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-5343 MEDIUM POC This Month

The Popup box WordPress plugin before 3.7.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Popup Box
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5119 MEDIUM POC This Month

The Forminator WordPress plugin before 1.27.0 does not properly sanitize the redirect-url field in the form submission settings, which could allow high-privilege users such as an administrator to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forminator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-4970 MEDIUM POC This Month

The PubyDoc WordPress plugin through 2.0.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pubydoc
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4808 MEDIUM POC This Month

The WP Post Popup WordPress plugin through 3.7.3 does not sanitise and escape some of its inputs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Post Popup
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-48293 HIGH PATCH This Week

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-38885 HIGH This Week

OpenSIS Classic Community Edition version 9.0 lacks cross-site request forgery (CSRF) protection throughout the whole app. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Opensis
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-48292 HIGH POC PATCH THREAT This Week

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Admin Tools
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
22.9%
CVE-2023-48240 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SSRF Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-48221 HIGH PATCH This Week

wire-avs provides Audio, Visual, and Signaling (AVS) functionality sure the secure messaging software Wire. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Denial Of Service Audio Video And Signaling
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-47172 HIGH This Week

Certain WithSecure products allow Local Privilege Escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Client Security Elements Endpoint Protection Email And Server Security Server Security
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-6045 HIGH This Week

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through type confusion. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption RCE Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5593 HIGH PATCH This Week

The out-of-bounds write vulnerability in the Windows-based SecuExtender SSL VPN Client software version 4.0.4.0 could allow an authenticated local user to gain a privilege escalation by sending a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Privilege Escalation Microsoft Secuextender Ssl Vpn
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43612 HIGH This Week

in OpenHarmony v3.2.2 and prior versions allow a local attacker arbitrary file read and write through improper preservation of permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38884 HIGH This Week

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Opensis
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy