Skip to main content
CVE-2024-21650 CRITICAL POC PATCH THREAT Act Now

XWiki Platform prior to specific patched versions contains a CVSS 10.0 remote code execution vulnerability through the user registration form. Attackers inject Groovy code into the first name or last name fields, which is executed server-side when the user profile page is rendered.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
10.0
EPSS
92.5%
Threat
6.3
CVE-2023-47211 CRITICAL POC THREAT Emergency

A directory traversal vulnerability exists in the uploadMib functionality of ManageEngine OpManager 12.7.258. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 81.6%.

Path Traversal Manageengine Firewall Analyzer Manageengine Netflow Analyzer Manageengine Network Configuration Manager Manageengine Opmanager +3
NVD
CVSS 3.1
9.1
EPSS
81.6%
Threat
5.8
CVE-2024-21644 HIGH POC PATCH THREAT Act Now

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint. Attackers can extract this key to forge session cookies, impersonate the administrator, and execute arbitrary code through pyLoad's plugin system.

Authentication Bypass Python Pyload
NVD GitHub
CVSS 3.1
7.5
EPSS
86.5%
Threat
5.6
CVE-2024-0305 MEDIUM POC THREAT This Month

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.7%.

PHP Information Disclosure Ncast
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
93.7%
Threat
5.4
CVE-2022-45354 MEDIUM POC THREAT This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPChill Download Monitor.7.60. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 87.6%.

Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
87.6%
Threat
5.2
CVE-2023-6505 HIGH POC THREAT Act Now

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%.

WordPress Information Disclosure Prime Mover
NVD WPScan
CVSS 3.1
7.5
EPSS
73.8%
Threat
5.2
CVE-2024-21645 MEDIUM POC PATCH THREAT This Month

pyLoad is the free and open-source Download Manager written in pure Python. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 71.3%.

Python Code Injection Pyload
NVD GitHub
CVSS 3.1
5.3
EPSS
71.3%
Threat
4.7
CVE-2022-2588 MEDIUM POC PATCH THREAT This Month

It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0. Rated medium severity (CVSS 5.3). Public exploit code available and EPSS exploitation probability 59.4%.

Linux Memory Corruption Use After Free Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
5.3
EPSS
59.4%
Threat
4.3
CVE-2022-2586 MEDIUM POC KEV PATCH THREAT Act Now

It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. Rated medium severity (CVSS 5.3). Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption Use After Free Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
2.3%
Threat
4.1
CVE-2023-6528 HIGH POC THREAT Act Now

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.8%.

Deserialization WordPress RCE Slider Revolution
NVD WPScan
CVSS 3.1
8.8
EPSS
15.8%
CVE-2018-25095 CRITICAL POC Act Now

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress RCE Duplicator
NVD WPScan
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-6140 HIGH POC This Week

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Essential Real Estate
NVD WPScan
CVSS 3.1
8.8
EPSS
3.9%
CVE-2023-50982 CRITICAL POC Act Now

Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Stud Ip
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2023-47890 HIGH POC PATCH This Week

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Path Traversal Pyload
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6532 HIGH POC This Week

The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Blogs Planetarium
NVD WPScan
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-52074 HIGH POC This Week

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-52073 HIGH POC This Week

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-52072 HIGH POC This Week

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-37575 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37574 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37447 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37577 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39444 HIGH POC This Week

Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37442 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39317 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35963 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35962 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35960 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35959 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37573 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37446 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37445 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38619 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38618 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37576 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37578 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37443 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37444 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39443 HIGH POC This Week

Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38620 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35964 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35961 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35958 HIGH POC This Week

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39316 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37420 HIGH POC This Week

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38583 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37417 HIGH POC This Week

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39275 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39274 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39273 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy