Skip to main content
CVE-2023-6553 CRITICAL POC PATCH THREAT Act Now

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.7 via the /includes/backup-heart.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.3%.

RCE PHP Code Injection WordPress Backup Migration
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
93.3%
Threat
6.3
CVE-2023-50917 CRITICAL POC PATCH THREAT Act Now

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

PHP Command Injection Majordomo
NVD GitHub
CVSS 3.1
9.8
EPSS
38.3%
CVE-2023-50469 CRITICAL POC Act Now

Shenzhen Libituo Technology Co., Ltd LBT-T300-T310 v2.2.2.6 was discovered to contain a buffer overflow via the ApCliEncrypType parameter at /apply.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Lbt T300 T310 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.9%
CVE-2023-50089 CRITICAL POC Act Now

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Command Injection Wnr2000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
4.0%
CVE-2023-48050 CRITICAL POC Act Now

SQL injection vulnerability in Cams Biometrics Zkteco, eSSL, Cams Biometrics Integration Module with HR Attendance (aka odoo-biometric-attendance) v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Zkteco Essl Cams Biometrics Integration Module Biometric Attendance
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40954 CRITICAL POC PATCH Act Now

A SQL injection vulnerability in Grzegorz Marczynski Dynamic Progress Bar (aka web_progress) v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Dynamic Progress Bar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48049 CRITICAL POC Act Now

A SQL injection vulnerability in Cybrosys Techno Solutions Website Blog Search (aka website_search_blog) v. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Website Blog Search
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-46116 HIGH POC PATCH This Week

Tutanota (Tuta Mail) is an encrypted email provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Tutanota
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-6831 HIGH POC PATCH This Week

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
8.1
EPSS
3.3%
CVE-2023-50265 HIGH POC PATCH This Week

Bazarr manages and downloads subtitles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Bazarr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-50264 HIGH POC PATCH This Week

Bazarr manages and downloads subtitles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Bazarr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-50719 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
83.5%
CVE-2023-50918 CRITICAL PATCH Act Now

app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Misp
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33222 CRITICAL Act Now

When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-33221 CRITICAL Act Now

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sigma Lite Firmware Sigma Extreme Firmware Sigma Wide Firmware +4
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33220 CRITICAL Act Now

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33219 CRITICAL Act Now

The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33218 CRITICAL Act Now

The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Sigma Lite Firmware Sigma Extreme Firmware +5
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48392 CRITICAL Act Now

Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Webitr Attendance System
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-48390 CRITICAL Act Now

Multisuns EasyLog web+ has a code injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Easylog Web Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48388 CRITICAL Act Now

Multisuns EasyLog web+ has a vulnerability of using hard-coded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Easylog Web Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-48384 CRITICAL Act Now

ArmorX Global Technology Corporation ArmorX Spam has insufficient validation for user input within a special function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Spamtrap
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-46279 CRITICAL PATCH Act Now

Deserialization of Untrusted Data vulnerability in Apache Dubbo.This issue only affects Apache Dubbo 3.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Dubbo
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-29234 CRITICAL PATCH Act Now

A deserialization vulnerability existed when decode a malicious package.1.0 through 3.1.10, from 3.2.0 through 3.2.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Dubbo
NVD
CVSS 3.1
9.8
EPSS
7.4%
CVE-2023-48376 CRITICAL Act Now

SmartStar Software CWS is a web-based integration platform, its file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Cws Collaborative Development Platform
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-48372 CRITICAL Act Now

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48371 CRITICAL Act Now

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Omicard Edm
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-6827 HIGH PATCH This Week

The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Essential Real Estate
NVD VulDB
CVSS 3.1
7.5
EPSS
9.6%
CVE-2023-50720 MEDIUM POC PATCH THREAT This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
5.3
EPSS
59.1%
CVE-2023-42183 MEDIUM POC This Month

lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Classic Lockss Daemon
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-4020 CRITICAL Act Now

An unvalidated input in a library function responsible for communicating between secure and non-secure memory in Silicon Labs TrustZone implementation allows reading/writing of memory in the secure. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-50723 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-50722 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-50721 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
78.8%
CVE-2023-50870 HIGH This Week

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teamcity
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-48394 HIGH This Week

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Webitr Attendance System
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-48387 HIGH This Week

TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jcicsecuritytool
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-48375 HIGH This Week

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cws Collaborative Development Platform
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6826 HIGH This Week

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress E2pdf
NVD VulDB
CVSS 3.1
7.2
EPSS
7.3%
CVE-2023-50715 MEDIUM POC PATCH This Month

Home Assistant is open source home automation software. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Home Assistant
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-6832 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6837 HIGH PATCH This Week

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Api Manager Identity Server Identity Server As Key Manager Carbon Identity Application Authentication Endpoint +1
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-6680 HIGH This Week

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-48380 HIGH This Week

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Mail Sqr Expert
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-50728 HIGH PATCH This Week

octokit/webhooks is a GitHub webhook events toolset for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure App Octokit Webhooks +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3904 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-33217 HIGH This Week

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sigma Lite Firmware Sigma Extreme Firmware Sigma Wide Firmware Morphowave Compact Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-6836 HIGH PATCH This Week

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-48389 HIGH This Week

Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Easylog Web Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-48378 HIGH This Week

Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mail Sqr Expert
NVD
CVSS 3.1
7.5
EPSS
1.3%
Page 1 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy