Skip to main content
CVE-2023-5886 HIGH POC This Week

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Deserialization CSRF Export Any Wordpress Data To Xml Csv +1
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-5882 HIGH POC This Week

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress CSRF Export Any Wordpress Data To Xml Csv Wp All Export
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4311 HIGH POC This Week

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 is vulnerable to arbitrary file upload due to insufficient checks in a plugin shortcode. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress Vrm360
NVD WPScan
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6203 HIGH POC This Week

The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress The Events Calendar
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5949 HIGH POC This Week

The SmartCrawl WordPress plugin before 3.8.3 does not prevent unauthorised users from accessing password-protected posts' content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Smartcrawl
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3430 HIGH POC This Week

A vulnerability was found in OpenImageIO, where a heap buffer overflow exists in the src/gif.imageio/gifinput.cpp file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Openimageio
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-6909 HIGH POC PATCH THREAT This Week

Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
89.7%
CVE-2023-50981 HIGH POC This Week

ModularSquareRoot in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (infinite loop) via crafted DER public-key data associated with squared odd numbers, such as. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Crypto
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-50980 HIGH POC This Week

gf2n.cpp in Crypto++ (aka cryptopp) through 8.9.0 allows attackers to cause a denial of service (application crash) via DER public-key data for an F(2^m) curve, if the degree of each term in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Crypto
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6295 HIGH POC This Week

The SiteOrigin Widgets Bundle WordPress plugin before 1.51.0 does not validate user input before using it to generate paths passed to include function/s, allowing users with the administrator role to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Siteorigin Widgets Bundle
NVD WPScan
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-6222 HIGH POC This Week

IThe Quttera Web Malware Scanner WordPress plugin before 3.4.2.1 does not validate user input used in a path, which could allow users with an admin role to perform path traversal attacks. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Quttera Web Malware Scanner
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-4724 HIGH POC This Week

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not validate and sanitise the `wp_query` parameter which allows an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Export Any Wordpress Data To Xml Csv Wp All Export
NVD WPScan
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-24590 HIGH This Week

A format string issue in the Controller 6000's optional diagnostic web interface can be used to write/read from memory, and in some instances crash the Controller 6000 leading to a Denial of Service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Controller 6000 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-32725 HIGH This Week

The website configured in the URL widget will receive a session cookie when testing or executing scheduled reports. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zabbix Server Frontend
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-33331 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce Product Vendors allows SQL Injection.1.76. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Product Vendors
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-41314 HIGH This Week

The api /api/snapshot and /api/get_log_file would allow unauthenticated access. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Doris
NVD
CVSS 3.1
8.2
EPSS
0.9%
CVE-2023-23570 HIGH This Week

Client-Side enforcement of Server-Side security for the Command Centre server could be bypassed and lead to invalid configuration with undefined behavior. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Centre
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-32726 HIGH This Week

The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Zabbix Agent
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-6817 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Memory Corruption Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-6691 HIGH This Week

Cambium ePMP Force 300-25 version 4.7.0.1 is vulnerable to a code injection vulnerability that could allow an attacker to perform remote code execution and gain root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Epmp Force 300 25 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-47038 HIGH PATCH This Week

A vulnerability was found in perl 5.30.0 through 5.38.0. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Buffer Overflow Heap Overflow Perl Fedora Enterprise Linux +2
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-47558 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mahlamusa Who Hit The Page - Hit Counter allows SQL Injection.4.14.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Who Hit The Page Hit Counter
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-47530 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPVibes Redirect 404 Error Page to Homepage or Custom Page with Logs allows SQL Injection.8.7. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Redirect 404 Error Page To Homepage Or Custom Page With Logs
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-47506 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.6.5. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Master Slider
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-34168 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Raven WP Report Post allows SQL Injection.1.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Report Post
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-46177 HIGH PATCH This Week

IBM MQ Appliance 9.3 LTS and 9.3 CD could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Mq Appliance
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-4320 HIGH This Week

An arithmetic overflow flaw was found in Satellite when creating a new personal access token. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Satellite
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32230 HIGH This Week

An improper handling of a malformed API request to an API server in Bosch BT software products can allow an unauthenticated attacker to cause a Denial of Service (DoS) situation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Monitor Wall Videojet Decoder 7513 Firmware Videojet Decoder 7523 Firmware Video Recording Manager +1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39509 HIGH This Week

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cpp13 Firmware Cpp14 Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-32727 HIGH This Week

An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zabbix Zabbix Server
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-46686 HIGH This Week

A reliance on untrusted inputs in a security decision could be exploited by a privileged user to configure the Gallagher Command Centre Diagnostics Service to use less secure communication protocols. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Command Centre
NVD
CVSS 3.1
7.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy