Skip to main content
CVE-2023-40211 HIGH POC THREAT Act Now

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in PickPlugins Post Grid Combo - 36+ Gutenberg Blocks.2.50. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 31.5%.

Information Disclosure Post Grid Combo
NVD
CVSS 3.1
7.5
EPSS
31.5%
CVE-2023-46326 HIGH POC This Week

ZStack Cloud version 3.10.38 and before allows unauthenticated API access to the list of active job UUIDs and the session ID for each of these. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zstack
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6402 HIGH POC This Week

A vulnerability, which was classified as critical, was found in PHPGurukul Nipah Virus Testing Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48914 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/add. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-48913 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/delete. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-48912 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/archives/edit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-49052 HIGH POC This Week

File Upload vulnerability in Microweber v.2.0.4 allows a remote attacker to execute arbitrary code via a crafted script to the file upload function in the created forms component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microweber
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-49097 HIGH POC PATCH This Week

ZITADEL is an identity infrastructure system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-47464 HIGH POC THREAT This Week

Insecure Permissions vulnerability in GL.iNet AX1800 version 4.0.0 before 4.5.0 allows a remote attacker to execute arbitrary code via the upload API function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Gl Ax1800 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
22.6%
CVE-2023-47454 HIGH POC This Week

An Untrusted search path vulnerability in NetEase CloudMusic 2.10.4 for Windows allows local users to gain escalated privileges through the urlmon.dll file in the current working directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Cloudmusic
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47453 HIGH POC This Week

An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Video Player
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47452 HIGH POC This Week

An Untrusted search path vulnerability in notepad++ 6.5 allows local users to gain escalated privileges through the msimg32.dll file in the current working directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Notepad
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-47307 HIGH POC This Week

Buffer Overflow vulnerability in /apply.cgi in Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 allows attackers to cause a denial of service via the ApCliAuthMode parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Lbt T300 T310 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6376 HIGH POC This Week

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Court Document Management
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48964 HIGH POC This Week

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/WifiMacFilterSet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda I6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-48963 HIGH POC This Week

Tenda i6 V1.0.0.8(3856) is vulnerable to Buffer Overflow via /goform/wifiSSIDget. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda I6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-49087 HIGH POC PATCH This Week

xml-security is a library that implements XML signatures and encryption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Saml2 Xml Security
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-46956 HIGH POC This Week

SQL injection vulnerability in Packers and Movers Management System v.1.0 allows a remote attacker to execute arbitrary code via crafted payload to the /mpms/admin/?page=user/manage_user&id file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Packers And Movers Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-47844 HIGH POC This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lim Kai Yang Grab & Save allows Reflected XSS.0.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grab Save
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-42917 HIGH KEV THREAT This Week

A memory corruption vulnerability was addressed with improved locking. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Safari +6
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2023-46690 HIGH This Week

In Delta Electronics InfraSuite Device Master v.1.0.7, a vulnerability exists that allows an attacker to write to any file to any location of the filesystem, which could lead to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-37928 HIGH PATCH This Week

A post-authentication command injection vulnerability in the WSGI server of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nas326 Firmware Nas542 Firmware
NVD
CVSS 3.1
8.8
EPSS
60.2%
CVE-2023-37927 HIGH PATCH This Week

The improper neutralization of special elements in the CGI program of the Zyxel NAS326 firmware version V5.21(AAZF.14)C0 and NAS542 firmware version V5.21(ABAG.11)C0 could allow an authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nas326 Firmware Nas542 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-2264 HIGH This Week

An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Sel 411L Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-6401 HIGH This Week

A vulnerability classified as problematic was found in NotePad++ up to 8.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Notepad
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-4770 HIGH This Week

An uncontrolled search path element vulnerability has been found on 4D and 4D server Windows executables applications, affecting version 19 R8 100218. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft 4D Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49699 HIGH This Week

Memory Corruption in IMS while calling VoLTE Streamingmedia Interface. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Asr1806 Firmware Asr1803 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-5247 HIGH This Week

Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple Mitsubishi Electric FA Engineering Software Products allows a malicious attacker to execute a malicious. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Gx Works3 Melsoft Iq Appportal Melsoft Navigator +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48742 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LicenseManager License Manager for WooCommerce license-manager-for-woocommerce allows SQL. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi License Manager For Woocommerce
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-44150 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, Registration Form, Login Form, User Profile & Restrict. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Profilepress
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-47279 HIGH This Week

In Delta Electronics InfraSuite Device Master v.1.0.7, A vulnerability exists that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtain plaintext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Infrasuite Device Master
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-46389 HIGH This Week

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via registry.xml file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linx 212 Firmware Linx 151 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-46388 HIGH This Week

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via dpal_config.zml file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linx 212 Firmware Linx 151 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-46387 HIGH This Week

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Incorrect Access Control via dpal_config.zml file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linx 212 Firmware Linx 151 Firmware
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-46386 HIGH This Week

LOYTEC electronics GmbH LINX-212 and LINX-151 devices (all versions) are vulnerable to Insecure Permissions via registry.xml file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Linx 212 Firmware Linx 151 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-46385 HIGH This Week

LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure L Inx Configurator
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46384 HIGH This Week

LOYTEC electronics GmbH LINX Configurator (all versions) is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure L Inx Configurator
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-46383 HIGH This Week

LOYTEC electronics GmbH LINX Configurator (all versions) uses HTTP Basic Authentication, which transmits usernames and passwords in base64-encoded cleartext and allows remote attackers to steal the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure L Inx Configurator
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-5909 HIGH This Week

KEPServerEX does not properly validate certificates from clients which may allow unauthenticated users to connect. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Industrial Gateway Server Keepserverex Opc Aggregator Thingworx Industrial Connectivity +4
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-49735 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Path Traversal XXE SSRF Tiles
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-6375 HIGH This Week

Tyler Technologies Court Case Management Plus may store backups in a location that can be accessed by a remote, unauthenticated attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Court Case Management Plus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-6418 HIGH This Week

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via videos.php in the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Voovi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6417 HIGH This Week

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via update.php in the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Voovi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6416 HIGH This Week

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signup2.php in the emailadd parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Voovi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6415 HIGH This Week

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via signin.php in the user parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Voovi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6414 HIGH This Week

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via perfil.php in the id and user parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Voovi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6413 HIGH This Week

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photos.php in the id and user parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Voovi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6412 HIGH This Week

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via photo.php in multiple parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Voovi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6411 HIGH This Week

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via home.php in the update parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Voovi
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6410 HIGH This Week

A vulnerability has been reported in Voovi Social Networking Script that affects version 1.0 and consists of a SQL injection via editprofile.php in multiple parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Voovi
NVD
CVSS 3.1
7.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy