Skip to main content
CVE-2023-48795 MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2023-51385 MEDIUM POC PATCH THREAT This Month

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.5%.

Command Injection SSH Openssh Debian Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
16.5%
CVE-2023-6272 CRITICAL POC Act Now

The Theme My Login 2FA WordPress plugin before 1.2 does not rate limit 2FA validation attempts, which may allow an attacker to brute-force all possibilities, which shouldn't be too long, as the 2FA. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress 2Fa
NVD WPScan
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6906 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Totolink A7100RU 7.4cu.2313_B20191024. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow A7100Ru Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-50976 CRITICAL POC PATCH Act Now

Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the Transactions API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Redpanda
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-6907 CRITICAL POC Act Now

A vulnerability has been found in codelyfe Stupid Simple CMS up to 1.2.4 and classified as critical. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Stupid Simple Cms
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-5886 HIGH POC This Week

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Deserialization CSRF Export Any Wordpress Data To Xml Csv +1
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-5882 HIGH POC This Week

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress CSRF Export Any Wordpress Data To Xml Csv Wp All Export
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4311 HIGH POC This Week

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Vrm360
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6203 HIGH POC This Week

The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress The Events Calendar
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5949 HIGH POC This Week

The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Smartcrawl
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3430 HIGH POC This Week

A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Openimageio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-6909 HIGH POC PATCH THREAT This Week

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
89.7%
CVE-2023-50981 HIGH POC This Week

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Crypto
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-50980 HIGH POC This Week

gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Crypto
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6295 HIGH POC This Week

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Siteorigin Widgets Bundle
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-6222 HIGH POC This Week

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Quttera Web Malware Scanner
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-4724 HIGH POC This Week

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Export Any Wordpress Data To Xml Csv Wp All Export
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-6077 MEDIUM POC This Month

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Slider Factory Pro
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-5348 MEDIUM POC This Month

The Product Catalog Mode For WooCommerce WordPress plugin before 5.0.3 does not properly authorize settings updates or escape settings values, leading to stored XSS by unauthenticated users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Catalog Mode For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-50979 MEDIUM POC This Month

Crypto++ (aka cryptopp) through 8.9.0 has a Marvin side channel during decryption with PKCS#1 v1.5 padding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Crypto
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-32728 CRITICAL Act Now

The Zabbix Agent 2 item key smart.disk.get does not sanitize its parameters before passing them to a shell command resulting possible vulnerability for remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Zabbix Zabbix Agent2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6483 CRITICAL Act Now

The vulnerability exists in ADiTaaS (Allied Digital Integrated Tool-as-a-Service) version 5.1 due to an improper authentication vulnerability in the ADiTaaS backend API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Allied Digital Integrated Tool As A Service
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-6905 CRITICAL Act Now

A vulnerability, which was classified as problematic, has been found in Jahastech NxFilter 4.3.2.5.jsp?actionFlag=test&id=1 of the component Bind Request Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection LDAP Nxfilter
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-6778 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Clearml Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6065 MEDIUM POC THREAT This Month

The Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 doesn't restrict access to detailed scan logs, which allows a malicious actor to discover local paths and portions of the site's code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Quttera Web Malware Scanner
NVD WPScan
CVSS 3.1
5.3
EPSS
18.7%
CVE-2023-24590 HIGH This Week

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Controller 6000 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5005 MEDIUM POC This Month

The Autocomplete Location field Contact Form 7 WordPress plugin before 3.0, autocomplete-location-field-contact-form-7-pro WordPress plugin before 2.0 does not sanitise and escape some of its. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Autocomplete Location Field Contact Form 7
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32725 HIGH This Week

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zabbix Server Frontend
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-33331 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.1.76. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Product Vendors
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-6289 MEDIUM POC This Month

The Swift Performance Lite WordPress plugin before 2.3.6.15 does not prevent users from exporting the plugin's settings, which may include sensitive information such as Cloudflare API tokens. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Swift Performance
NVD WPScan
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-41314 HIGH This Week

The api /api/snapshot and /api/get_log_file would allow unauthenticated access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Doris
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2023-23570 HIGH This Week

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-32726 HIGH This Week

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Zabbix Agent
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-6817 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Memory Corruption Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-6691 HIGH This Week

Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Epmp Force 300 25 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47038 HIGH PATCH This Week

A vulnerability was found in perl 5.30.0 through 5.38.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Perl Fedora Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-47558 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page - Hit Counter allows SQL Injection.4.14.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Who Hit The Page Hit Counter
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-47530 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.8.7. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Redirect 404 Error Page To Homepage Or Custom Page With Logs
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-47506 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.6.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Master Slider
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-34168 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.1.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Report Post
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-46177 HIGH PATCH This Week

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Mq Appliance
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-4320 HIGH This Week

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Satellite
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32230 HIGH This Week

An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Monitor Wall Videojet Decoder 7513 Firmware Videojet Decoder 7523 Firmware Video Recording Manager +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39509 HIGH This Week

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cpp13 Firmware Cpp14 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-32727 HIGH This Week

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zabbix Zabbix Server
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-46686 HIGH This Week

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-6355 MEDIUM This Month

Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Controller 7000 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-49855 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in BinaryCarpenter Menu Bar Cart Icon For WooCommerce By Binary Carpenter.49.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Menu Bar Cart Icon For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-5236 MEDIUM PATCH This Month

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Data Grid Jboss Data Grid Infinispan
NVD
CVSS 3.1
6.5
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy