Skip to main content
CVE-2023-5011 HIGH POC This Week

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Information System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5010 HIGH POC This Week

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Information System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5007 HIGH POC This Week

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Information System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6976 HIGH POC PATCH This Week

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-7018 HIGH POC PATCH This Week

Deserialization of Untrusted Data in GitHub repository huggingface/transformers prior to 4.36. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Deserialization Transformers
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-6562 HIGH POC This Week

JPX Fragment List (flst) box vulnerability in Kakadu 7.9 allows an attacker to exfiltrate local and remote files reachable by a server if the server allows the attacker to upload a specially-crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Kakadu Sdk
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-6977 HIGH POC PATCH This Week

This vulnerability enables malicious users to read sensitive files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
3.9%
CVE-2023-23970 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in WooRockets Corsa.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Corsa
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47706 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 could allow an authenticated user to upload files of a dangerous file type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6689 HIGH This Week

A successful CSRF attack could force the user to perform state changing requests on the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Bcu 500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-29096 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BestWebSoft Contact Form to DB by BestWebSoft - Messages Database Plugin For WordPress.7.0. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Contact Form To Db
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-30750 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CreativeMindsSolutions CM Popup Plugin for WordPress.5.10. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Cm Popup
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-30495 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themefic Ultimate Addons for Contact Form 7.1.23. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ultimate Addons For Contact Form 7
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-49825 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.4.1. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Soledad
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-33330 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.9.50. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Automatewoo
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-33209 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CrawlSpider SEO Change Monitor - Track Website Changes.2. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Seo Change Monitor
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-47852 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Link Whisper Link Whisper Free.6.5. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Link Whisper Free
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-47784 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.6.15. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Slider Revolution
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-28782 HIGH This Week

Deserialization of Untrusted Data vulnerability in Rocketgenius Inc. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Gravity Forms
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-40555 HIGH This Week

Deserialization of Untrusted Data vulnerability in UX-themes Flatsome | Multi-Purpose Responsive WooCommerce Theme.17.5. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization WordPress Flatsome
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2023-29432 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Favethemes Houzez - Real Estate WordPress Theme.8.3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress SQLi Houzez
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-37871 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.5.6. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Gocardless
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2023-35876 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.8.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Square
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2023-35915 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo.9.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Woopayments
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-47236 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Avirtum iPages Flipbook For WordPress.4.8. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Ipages Flipbook
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-38519 HIGH PATCH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MainWP MainWP Dashboard - WordPress Manager for Multiple Websites Maintenance.4.3.3. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

WordPress SQLi Mainwp Dashboard
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-49166 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Magic Logix MSync.0.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Msync
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-49161 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Guelben Bravo Translate.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bravo Translate
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-30872 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BannerSky BSK Forms Blacklist.6.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Bsk Forms Blacklist
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-32743 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WooCommerce AutomateWoo.7.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Automatewoo
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-35916 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo.9.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Woopayments
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-35914 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.1.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Woocommerce Subscriptions
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-50249 HIGH PATCH This Week

Sentry-Javascript is official Sentry SDKs for JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Astro
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37544 HIGH PATCH This Week

Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication.8.0 through 2.8.*, from 2.9.0 through 2.9.*, from. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Authentication Bypass Pulsar
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-47704 HIGH This Week

IBM Security Guardium Key Lifecycle Manager 4.3 contains plain text hard-coded credentials or other secrets in source code repository. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Security Guardium Key Lifecycle Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-50707 HIGH This Week

Through the exploitation of active user sessions, an attacker could send custom requests to cause a denial-of-service condition on the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Bcu 500 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-46147 HIGH This Week

Deserialization of Untrusted Data vulnerability in Themify Themify Ultra.3.5. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization Ultra
NVD
CVSS 3.1
7.4
EPSS
0.2%
CVE-2023-28788 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Page Visit Counter Advanced Page Visit Counter - Most Wanted Analytics Plugin for WordPress.4.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Advanced Page Visit Counter
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-47507 HIGH This Week

Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.6.5. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Master Slider Pro
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-26525 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs Dokan - Best WooCommerce Multivendor Marketplace Solution - Build Your Own Amazon, eBay,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Dokan
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy