Skip to main content
CVE-2023-46116 HIGH POC PATCH This Week

Tutanota (Tuta Mail) is an encrypted email provider. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Tutanota
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-6831 HIGH POC PATCH This Week

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
8.1
EPSS
3.3%
CVE-2023-50265 HIGH POC PATCH This Week

Bazarr manages and downloads subtitles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Bazarr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-50264 HIGH POC PATCH This Week

Bazarr manages and downloads subtitles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Bazarr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-50719 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
83.5%
CVE-2023-6827 HIGH PATCH This Week

The Essential Real Estate plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'ajaxUploadFonts' function in versions up to, and including,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Essential Real Estate
NVD VulDB
CVSS 3.1
7.5
EPSS
9.6%
CVE-2023-50723 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-50722 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-50721 HIGH PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
78.8%
CVE-2023-50870 HIGH This Week

In JetBrains TeamCity before 2023.11.1 a CSRF on login was possible. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Teamcity
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-48394 HIGH This Week

Kaifa Technology WebITR is an online attendance system, its file uploading function does not restrict upload of file with dangerous type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Webitr Attendance System
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-48387 HIGH This Week

TAIWAN-CA(TWCA) JCICSecurityTool fails to check the source website and access locations when executing multiple Registry-related functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jcicsecuritytool
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-48375 HIGH This Week

SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cws Collaborative Development Platform
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6826 HIGH This Week

The E2Pdf plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'import_action' function in versions up to, and including, 1.20.25. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload RCE WordPress E2pdf
NVD VulDB
CVSS 3.1
7.2
EPSS
7.3%
CVE-2023-6837 HIGH PATCH This Week

Multiple WSO2 products have been identified as vulnerable to perform user impersonatoin using JIT provisioning. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Api Manager Identity Server Identity Server As Key Manager Carbon Identity Application Authentication Endpoint +1
NVD
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-6680 HIGH This Week

An improper certificate validation issue in Smartcard authentication in GitLab EE affecting all versions from 11.6 prior to 16.4.4, 16.5 prior to 16.5.4, and 16.6 prior to 16.6.2 allows an attacker. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-48380 HIGH This Week

Softnext Mail SQR Expert is an email management platform, it has insufficient filtering for a special character within a spcific function. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Mail Sqr Expert
NVD
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-50728 HIGH PATCH This Week

octokit/webhooks is a GitHub webhook events toolset for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure App Octokit Webhooks +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3904 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-33217 HIGH This Week

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Sigma Lite Firmware Sigma Extreme Firmware Sigma Wide Firmware Morphowave Compact Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-6836 HIGH PATCH This Week

Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Api Manager Api Manager Analytics Api Microgateway Enterprise Integrator +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-48389 HIGH This Week

Multisuns EasyLog web+ has a path traversal vulnerability within its parameter in a specific URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Easylog Web Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-48378 HIGH This Week

Softnext Mail SQR Expert has a path traversal vulnerability within its parameter in a specific URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mail Sqr Expert
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-48373 HIGH This Week

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Omicard Edm
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-49159 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Elegant Digital Solutions CommentLuv.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Commentluv
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-49898 HIGH PATCH This Week

In streampark, there is a project module that integrates Maven's compilation capability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Command Injection Streampark
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2023-49187 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spoonthemes Adifier - Classified Ads WordPress Theme allows Reflected XSS.1.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Adifier
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49185 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder WP & WooCommerce Search allows Reflected XSS.1.7. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Doofinder
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49183 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NextScripts NextScripts: Social Networks Auto-Poster allows Reflected XSS.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Social Networks Auto Poster
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49182 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fabio Marzocca List all posts by Authors, nested Categories and Titles allows Reflected XSS.7.10. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS List All Posts By Authors Nested Categories And Titles
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49178 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hdw Player
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49177 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gilles Dumas which template file allows Reflected XSS.9.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Which Template File
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49176 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeRevolution WP Pocket URLs allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Pocket Urls
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-49170 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in captainform Forms by CaptainForm - Form Builder for WordPress allows Reflected XSS.5.3. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Captainform
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy