Skip to main content
CVE-2023-7187 HIGH POC This Week

A vulnerability was found in Totolink N350RT 9.3.5u.6139_B20201216. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow N350Rt Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-7130 HIGH POC This Week

A vulnerability has been found in code-projects College Notes Gallery 2.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi College Notes Gallery
NVD VulDB GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-52286 HIGH POC This Week

Tencent tdsqlpcloud through 1.8.5 allows unauthenticated remote attackers to discover database credentials via an index.php/api/install/get_db_info request, a related issue to CVE-2023-42387. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Tencent Distributed Sql
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-52267 HIGH POC PATCH This Week

ehttp 1.0.6 before 17405b9 has a simple_log.cpp _log out-of-bounds-read during error logging for long strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Ehttp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-52266 HIGH POC PATCH This Week

ehttp 1.0.6 before 17405b9 has an epoll_socket.cpp read_func use-after-free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Ehttp
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-52181 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Presslabs Theme per user.0.1. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Theme Per User
NVD
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-52182 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in ARI Soft ARI Stream Quiz - WordPress Quizzes Builder.3.0. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Ari Stream Quiz
NVD
CVSS 3.1
9.9
EPSS
0.4%
CVE-2023-52284 MEDIUM POC PATCH This Month

Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Webassembly Micro Runtime
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-51469 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestres do WP Checkout Mestres WP.1.9.6. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Checkout Mestres Wp
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2023-51423 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webinarignition
NVD
CVSS 3.1
9.3
EPSS
0.1%
CVE-2023-49777 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.3.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Yith Woocommerce Product Add Ons
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-39157 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Crocoblock JetElements For Elementor.6.10. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection RCE Jetelements
NVD
CVSS 3.1
9.0
EPSS
0.3%
CVE-2023-7191 HIGH This Week

A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-7190 HIGH This Week

A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-7189 HIGH This Week

A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-7186 HIGH This Week

A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fakabao
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-7185 HIGH This Week

A vulnerability was found in 7-card Fakabao up to 1.0_build20230805. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fakabao
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-7184 HIGH This Week

A vulnerability was found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fakabao
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-7183 HIGH This Week

A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Fakabao
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-52269 MEDIUM POC This Month

MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Securitygateway
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-52133 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WhileTrue Most And Least Read Posts Widget.5.16. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Most And Least Read Posts Widget
NVD
CVSS 3.1
8.5
EPSS
0.1%
CVE-2023-7193 HIGH This Week

A vulnerability was found in MTab Bookmark up to 1.2.6 and classified as critical.php of the component Installation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP Authentication Bypass Bookmark
NVD VulDB
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-7188 HIGH This Week

A vulnerability classified as critical has been found in Shipping 100 Fahuo100 up to 1.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP SQLi Fahuo100
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-52277 HIGH This Week

Royal RoyalTSX before 6.0.2.1 allows attackers to cause a denial of service (Heap Memory Corruption and application crash) or possibly have unspecified other impact via a long hostname in an RTSZ. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Royaltsx
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-52132 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jewel Theme WP Adminify.1.6. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Adminify
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-52131 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Zinc Page Generator.7.1. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Page Generator
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-51547 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPManageNinja LLC Fluent Support - WordPress Helpdesk and Customer Support Ticket Plugin.7.6. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Fluent Support
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-52134 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eyal Fitoussi GEO my WordPress.0.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Geo My Wordpress
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-52180 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes.1.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Recipe Maker For Your Food Blog From Zip Recipes
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-6093 MEDIUM This Month

A clickjacking vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oncell G3150A Lte Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-52275 LOW POC Monitor

Gallery3d on Tecno Camon X CA7 devices allows attackers to view hidden images by navigating to data/com.android.gallery3d/.privatealbum/.encryptfiles and guessing the correct image file extension. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Camon X Firmware
NVD GitHub
CVSS 3.1
2.1
EPSS
0.3%
CVE-2023-51503 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments - Fully Integrated Solution Built and Supported by Woo.9.2. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Woopayments
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-52185 MEDIUM This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Everestthemes Everest Backup - WordPress Cloud Backup, Migration, Restore & Cloning Plugin.1.9. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Everest Backup
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-6094 MEDIUM This Month

A vulnerability has been identified in OnCell G3150A-LTE Series firmware versions v1.3 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oncell G3150A Lte Firmware
NVD
CVSS 3.1
5.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy