Skip to main content
CVE-2023-28170 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Themely Theme Demo Import.1.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Theme Demo Import
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-47702 CRITICAL Act Now

IBM Security Guardium Key Lifecycle Manager 4.3 could allow a remote attacker to traverse directories on the system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-23970 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Corsa
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47706 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6689 HIGH This Week

A successful CSRF attack could force the user to perform state changing requests on the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bcu 500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-29096 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft - Messages Database Plugin For WordPress.7.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Contact Form To Db
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-30750 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.5.10. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Cm Popup
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-30495 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.1.23. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ultimate Addons For Contact Form 7
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-49825 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.4.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Soledad
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-33330 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.9.50. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Automatewoo
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-33209 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor - Track Website Changes.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Seo Change Monitor
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-47852 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.6.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Link Whisper Free
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-47784 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.6.15. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Slider Revolution
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-28782 HIGH This Week

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Gravity Forms
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-40555 HIGH This Week

Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.17.5. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Flatsome
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-29432 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.8.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Houzez
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-37871 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.5.6. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Gocardless
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-35876 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.8.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Square
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2023-35915 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo.9.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Woopayments
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-47236 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress.4.8. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Ipages Flipbook
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-38519 HIGH PATCH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance.4.3.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Mainwp Dashboard
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-49166 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.0.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Msync
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-49161 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bravo Translate
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-30872 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.6.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bsk Forms Blacklist
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-32743 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.7.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Automatewoo
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-35916 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Woopayments
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-35914 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Subscriptions
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-50249 HIGH PATCH This Week

Sentry-Javascript is official Sentry SDKs for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Astro
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37544 HIGH PATCH This Week

Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Authentication Bypass Pulsar
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-47704 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-50707 HIGH This Week

Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bcu 500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46147 HIGH This Week

Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.3.5. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Ultra
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2023-28788 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Advanced Page Visit Counter
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-47507 HIGH This Week

Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.6.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Master Slider Pro
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-26525 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Dokan
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-0011 MEDIUM This Month

A flaw in the input validation in TOBY-L2 allows a user to execute arbitrary operating system commands using specifically crafted AT commands. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Toby L200 Firmware Toby L201 Firmware Toby L210 Firmware Toby L220 Firmware +1
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-28491 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.7.6. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Slideshow Gallery
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-6910 MEDIUM This Month

A vulnerable API method in M-Files Server before 23.12.13195.0 allows for uncontrolled resource consumption. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service M Files Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-47161 MEDIUM This Month

IBM UrbanCode Deploy (UCD) 7.1 through 7.1.2.14, 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 may mishandle input validation of an uploaded archive file leading to a denial of service due to resource. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service IBM Urbancode Deploy
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-50704 MEDIUM This Month

An attacker could construct a URL within the application that causes a redirection to an arbitrary external domain and could be leveraged to facilitate phishing attacks against application users. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Uc 500E Firmware
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-50703 MEDIUM This Month

An attacker with network access could perform a man-in-the-middle (MitM) attack and capture sensitive information to gain unauthorized access to the application. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Uc 500E Firmware
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-32128 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box - Accept Payments in any Cryptocurrency on. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cryptocurrency Payment Donation Box
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-47599 MEDIUM This Month

Deserialization of Untrusted Data vulnerability in File Manager by Bit Form Team File Manager - 100% Free & Open Source File Manager Plugin for WordPress | Bit File Manager.2.7. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization WordPress File Manager
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-31092 MEDIUM This Month

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Foxskav Easy Bet.0.2. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Easy Bet
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42012 MEDIUM This Month

An IBM UrbanCode Deploy Agent 7.2 through 7.2.3.7, and 7.3 through 7.3.2.2 installed as a Windows service in a non-standard location could be subject to a denial of service attack by local accounts. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Urbancode Deploy
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36520 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.7.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Editorial Calendar
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-38513 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media Organizer & Lightroom).2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Photo Engine
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-50639 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in CuteHttpFileServer v.1.0 and v.2.0 allows attackers to obtain sensitive information via the file upload function in the home page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Cute Http File Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49272 MEDIUM This Month

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Hotel Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49271 MEDIUM This Month

Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Hotel Management System
NVD
CVSS 3.1
5.4
EPSS
0.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy