Skip to main content
CVE-2023-51467 CRITICAL POC PATCH THREAT Act Now

The vulnerability permits attackers to circumvent authentication processes, enabling them to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

RCE SSRF Ofbiz
NVD
CVSS 3.1
9.8
EPSS
96.0%
CVE-2023-5991 CRITICAL POC Act Now

The Hotel Booking Lite WordPress plugin before 4.8.5 does not validate file paths provided via user input, as well as does not have proper CSRF and authorisation checks, allowing unauthenticated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress CSRF Hotel Booking Lite
NVD WPScan
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-51102 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formWifiMacFilterSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51101 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetUplinkInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51100 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formGetDiagnoseInfo . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-51099 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formexeCommand . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-51098 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a command injection vulnerability via the function formSetDiagnoseInfo . Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-51097 CRITICAL POC Act Now

Tenda W9 V1.0.0.7(4456)_CN was discovered to contain a stack overflow via the function formSetAutoPing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W9 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-51094 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a Command Execution vulnerability via the function TendaTelnet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-51093 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function fromSetLocalVlanInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-51092 CRITICAL POC THREAT Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function upgrade. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.9%
CVE-2023-51091 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function R7WebsSecurityHandler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.5%
CVE-2023-51090 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formGetWeiXinConfig. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-51095 CRITICAL POC Act Now

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow via the function formDelWlRfPolicy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda M3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-7111 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Library Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5931 HIGH POC This Week

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 does not validate files to be uploaded, which could allow attackers with a low-privilege account (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress PHP Rtmedia
NVD WPScan
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5674 HIGH POC THREAT This Week

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Mail Log
NVD WPScan
CVSS 3.1
8.8
EPSS
10.8%
CVE-2023-5673 HIGH POC This Week

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file extensions uploading files to attach to emails, allowing attackers to upload PHP files, leading to remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload WordPress PHP Wp Mail Log
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-5645 HIGH POC This Week

The WP Mail Log WordPress plugin before 1.1.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Mail Log
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-49949 HIGH POC This Week

Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Passwork
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-5644 HIGH POC This Week

The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wp Mail Log
NVD WPScan
CVSS 3.1
7.6
EPSS
0.5%
CVE-2023-52096 HIGH POC This Week

SteVe Community ocpp-jaxb before 0.0.8 generates invalid timestamps such as ones with month 00 in certain situations (such as when an application receives a StartTransaction Open Charge Point. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ocpp Jaxb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6250 HIGH POC This Week

The BestWebSoft's Like & Share WordPress plugin before 2.74 discloses the content of password protected posts to unauthenticated users via a meta tag. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Like Share
NVD WPScan
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-6114 HIGH POC THREAT This Week

The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2 does not disallow listing the `backups-dup-lite/tmp` directory (or the `backups-dup-pro/tmp` directory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress Duplicator
NVD WPScan
CVSS 3.1
7.5
EPSS
30.9%
CVE-2023-5203 HIGH POC This Week

The WP Sessions Time Monitoring Full Automatic WordPress plugin before 1.0.9 does not sanitize the request URL or query parameters before using them in an SQL query, allowing unauthenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress SQLi Wp Sessions Time Monitoring Full Automatic
NVD WPScan
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-51107 HIGH POC This Week

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in functon compute_color() of jquant2.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mupdf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-51106 HIGH POC This Week

A floating point exception (divide-by-zero) vulnerability was discovered in mupdf 1.23.4 in function pnm_binary_read_image() of load-pnm.c when fz_colorspace_n returns zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mupdf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-51105 HIGH POC This Week

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function bmp_decompress_rle4() of load-bmp.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mupdf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-51104 HIGH POC This Week

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in function pnm_binary_read_image() of load-pnm.c when span equals zero. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mupdf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-51103 HIGH POC This Week

A floating point exception (divide-by-zero) vulnerability was discovered in Artifex MuPDF 1.23.4 in the function fz_new_pixmap_from_float_data() of pixmap.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mupdf
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-50968 HIGH POC PATCH THREAT This Week

Arbitrary file properties reading vulnerability in Apache Software Foundation Apache OFBiz when user operates an uri call without authorizations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Apache Information Disclosure SSRF Ofbiz
NVD
CVSS 3.1
7.5
EPSS
63.4%
CVE-2023-5939 HIGH POC This Week

The rtMedia for WordPress, BuddyPress and bbPress WordPress plugin before 4.6.16 loads the contents of the import file in an unsafe manner, leading to remote code execution by privileged users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Rtmedia
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-5672 MEDIUM POC This Month

The WP Mail Log WordPress plugin before 1.1.3 does not properly validate file path parameters when attaching files to emails, leading to local file inclusion, and allowing an attacker to leak the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal WordPress Wp Mail Log
NVD WPScan
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-49438 MEDIUM POC PATCH This Month

An open redirect vulnerability in the python package Flask-Security-Too <=5.3.2 allows attackers to redirect unsuspecting users to malicious sites via a crafted URL by abusing the ?next parameter on. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Open Redirect Flask Security Too
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-48003 MEDIUM POC This Month

An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Asp Net Zero
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6268 MEDIUM POC This Month

The JSON Content Importer WordPress plugin before 1.5.4 does not sanitise and escape the tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Json Content Importer
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6166 MEDIUM POC This Month

The Quiz Maker WordPress plugin before 6.4.9.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz Maker
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27150 MEDIUM POC This Month

openCRX 5.2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name field after creation of a Tracker in Manage Activity. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Opencrx
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6155 MEDIUM POC This Month

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Quiz Maker
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-5980 MEDIUM POC This Month

The BSK Forms Blacklist WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bsk Forms Blacklist
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-52086 HIGH PATCH This Week

resumable.php (aka PHP backend for resumable.js) 0.1.4 before 3c6dbf5 allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to upload.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Php Backend For Resumable Js
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-5180 HIGH This Week

An issue was discovered in Open Design Alliance Drawings SDK before 2024.12. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Drawings Sdk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-46681 HIGH PATCH This Week

Improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability in VR-S1000 firmware Ver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Code Injection Vr S1000 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28616 HIGH This Week

An issue was discovered in Stormshield Network Security (SNS) before 4.3.17, 4.4.x through 4.6.x before 4.6.4, and 4.7.x before 4.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stormshield Network Security
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-45741 MEDIUM PATCH This Month

VR-S1000 firmware Ver. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Vr S1000 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-51363 MEDIUM PATCH This Month

VR-S1000 firmware Ver. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Vr S1000 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-50332 MEDIUM This Month

Improper authorization vulnerability exists in the User Management (/admin/users) page of GROWI versions prior to v6.0.6. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Growi
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-50294 MEDIUM This Month

The App Settings (/admin/app) page in GROWI versions prior to v6.0.6 stores sensitive information in cleartext form. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Growi
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-50297 MEDIUM This Month

Open redirect vulnerability in PowerCMS (6 Series, 5 Series, and 4 Series) allows a remote unauthenticated attacker to redirect users to arbitrary web sites via a specially crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Powercms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-51654 MEDIUM This Month

Improper link resolution before file access ('Link Following') issue exists in iPrint&Scan Desktop for Windows versions 11.0.0 and earlier. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Iprint Scan
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy