Skip to main content
CVE-2023-35992 HIGH POC This Week

An integer overflow vulnerability exists in the FST fstReaderIterBlocks2 vesc allocation functionality of GTKWave 3.3.115, when compiled as a 32-bit binary. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gtkwave
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-38651 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gtkwave
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-38650 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gtkwave
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-38653 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gtkwave
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-39414 HIGH POC This Week

Multiple integer underflow vulnerabilities exist in the LXT2 lxt2_rd_iter_radix shift operation functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gtkwave
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-35128 HIGH POC This Week

An integer overflow vulnerability exists in the fstReaderIterBlocks2 time_table tsec_nitems functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gtkwave
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-6139 MEDIUM POC This Month

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Denial Of Service Essential Real Estate
NVD WPScan
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-52271 MEDIUM POC This Month

The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Antifraud
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-6627 MEDIUM POC This Month

The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Google Wp Go Maps
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-6555 MEDIUM POC This Month

The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Email Subscription Popup
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-52225 CRITICAL Act Now

Insecure deserialization in Tagbox UGC Galleries WordPress plugin. CVSS 10.0.

Deserialization
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-52218 CRITICAL Act Now

Insecure deserialization in WooCommerce Tranzila Payment Gateway plugin. CVSS 10.0.

Deserialization WordPress
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-6161 MEDIUM POC This Month

The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Crowdfunding
NVD WPScan
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-52219 CRITICAL Act Now

Insecure deserialization in Gecka Terms Thumbnails WordPress plugin through 1.1.

Deserialization
NVD
CVSS 3.1
9.9
EPSS
0.6%
CVE-2023-6921 CRITICAL Act Now

Blind SQL Injection vulnerability in PrestaShow Google Integrator (PrestaShop addon) allows for data extraction and modification. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google SQLi Google Integrator
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-52200 CRITICAL Act Now

CSRF + deserialization chain in ARMember WordPress membership plugin.

Deserialization CSRF
NVD
CVSS 3.1
9.6
EPSS
0.2%
CVE-2023-6141 MEDIUM POC This Month

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Essential Real Estate
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-52215 CRITICAL Act Now

SQL injection in Simple Inventory Management WordPress plugin by UkrSolution.

WordPress SQLi
NVD
CVSS 3.1
9.3
EPSS
0.3%
CVE-2023-52202 CRITICAL Act Now

Deserialization in HTML5 MP3 Player with Folder Feedburner Playlist Free WordPress plugin.

Deserialization
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-52205 CRITICAL Act Now

Insecure deserialization in HTML5 SoundCloud Player with Playlist Free WordPress plugin.

Deserialization
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-52207 CRITICAL Act Now

Insecure deserialization in HTML5 MP3 Player with Playlist Free WordPress plugin by SVNLabs.

Deserialization
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-5235 HIGH This Week

The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization WordPress Ovic Responsive Wpbakery WPBakery Page Builder
NVD WPScan
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-29048 HIGH This Week

A component for parsing OXMF templates could be abused to execute arbitrary system commands that would be executed as the non-privileged runtime user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Command Injection Ox App Suite
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-6845 HIGH This Week

The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Commenttweets
NVD WPScan
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-52204 HIGH This Week

SQL injection in Randomize WordPress plugin through 1.4.3.

SQLi
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2023-29051 HIGH This Week

User-defined OXMF templates could be used to access a limited part of the internal OX App Suite Java API. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Java Ox App Suite
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2021-3600 HIGH PATCH This Week

It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. Rated high severity (CVSS 7.8). This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow RCE Information Disclosure Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-7224 HIGH This Week

OpenVPN Connect version 3.0 through 3.4.6 on macOS allows local users to execute code in external third party libraries using the DYLD_INSERT_LIBRARIES environment variable. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Code Injection Connect macOS
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-6631 HIGH This Week

PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Powersystem Center
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-52206 HIGH This Week

Deserialization in Live Composer page builder WordPress plugin.

Deserialization
NVD
CVSS 3.1
7.7
EPSS
0.4%
CVE-2024-21747 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM &. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-52142 HIGH This Week

SQL injection in Events Shortcodes For The Events Calendar WordPress plugin.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-52201 HIGH This Week

SQL injection in pTypeConverter WordPress plugin.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.2%
CVE-2023-52190 HIGH This Week

Information exposure in Coupon Referral Program WordPress plugin through 1.7.2.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29050 HIGH This Week

The optional "LDAP contacts provider" could be abused by privileged users to inject LDAP filter strings that allow to access content outside of the intended hierarchy. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Code Injection LDAP Ox App Suite
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2023-49961 HIGH PATCH This Week

WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Bastion Bastion Access Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-7215 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Chatgpt Web
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.2%
CVE-2023-52196 HIGH This Week

Reflected XSS in CPT Bootstrap Carousel WordPress plugin.

XSS Bootstrap
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-52213 HIGH This Week

XSS in Rate Star Review plugin for WordPress.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-21745 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.3.9. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-21744 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-52198 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michiel van Eerd Private Google Calendars allows Stored XSS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Google
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-50948 MEDIUM This Month

IBM Storage Fusion HCI 2.1.0 through 2.6.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass IBM Storage Fusion Hci
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2022-36352 MEDIUM This Month

Missing Authorization vulnerability in Profilegrid ProfileGrid - User Profiles, Memberships, Groups and Communities.0.3. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-6529 MEDIUM This Month

The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress CSRF Wp Vr
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6552 MEDIUM PATCH This Month

Lack of "current" GET parameter validation during the action of changing a language leads to an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Tasmoadmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-27739 MEDIUM This Month

easyXDM 2.5 allows XSS via the xdm_e parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Easyxdm
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-52197 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Impactpixel Ads Invalid Click Protection allows Stored XSS.0. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-52203 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.0.5. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2022-2602 MEDIUM POC This Month

io_uring UAF, Unix SCM garbage collection. Rated medium severity (CVSS 5.3). No vendor patch available.

Memory Corruption Use After Free Information Disclosure Linux Kernel Ubuntu Linux
NVD
CVSS 3.1
5.3
EPSS
1.4%
Prev Page 3 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy