Skip to main content
CVE-2024-21644 HIGH POC PATCH THREAT Act Now

pyLoad download manager version prior to 0.5.0b3.dev77 exposes the Flask SECRET_KEY through an unauthenticated endpoint. Attackers can extract this key to forge session cookies, impersonate the administrator, and execute arbitrary code through pyLoad's plugin system.

Authentication Bypass Python Pyload
NVD GitHub
CVSS 3.1
7.5
EPSS
86.5%
Threat
5.6
CVE-2023-6505 HIGH POC THREAT Act Now

The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 73.8%.

WordPress Information Disclosure Prime Mover
NVD WPScan
CVSS 3.1
7.5
EPSS
73.8%
Threat
5.2
CVE-2023-6528 HIGH POC THREAT Act Now

The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 15.8%.

Deserialization WordPress RCE Slider Revolution
NVD WPScan
CVSS 3.1
8.8
EPSS
15.8%
CVE-2023-6140 HIGH POC This Week

The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload WordPress RCE PHP Essential Real Estate
NVD WPScan
CVSS 3.1
8.8
EPSS
3.9%
CVE-2023-47890 HIGH POC PATCH This Week

pyLoad 0.5.0 is vulnerable to Unrestricted File Upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Path Traversal Pyload
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6532 HIGH POC This Week

The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wp Blogs Planetarium
NVD WPScan
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-52074 HIGH POC This Week

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component system/site/webconfig_updagte. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-52073 HIGH POC This Week

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/config_footer_updagte. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-52072 HIGH POC This Week

FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /system/site/userconfig_updagte. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Flycms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-37575 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37574 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37447 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-37577 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39444 HIGH POC This Week

Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37442 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39317 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35963 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35962 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35960 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35959 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37573 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37446 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37445 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38619 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38618 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37576 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37578 HIGH POC This Week

Multiple use-after-free vulnerabilities exist in the VCD get_vartoken realloc functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption RCE Use After Free Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37443 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37444 HIGH POC This Week

Multiple out-of-bounds read vulnerabilities exist in the VCD var definition section functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39443 HIGH POC This Week

Multiple out-of-bounds write vulnerabilities exist in the LXT2 parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38620 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35964 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35961 HIGH POC This Week

Multiple OS command injection vulnerabilities exist in the decompression functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35958 HIGH POC This Week

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39316 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 num_dict_entries functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37420 HIGH POC This Week

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38583 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the LXT2 lxt2_rd_expand_integer_to_bits function of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37417 HIGH POC This Week

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39275 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39274 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39273 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37416 HIGH POC This Week

Multiple out-of-bounds write vulnerabilities exist in the VCD parse_valuechange portdump functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Memory Corruption Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-39272 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the LXT2 facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38623 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38622 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38621 HIGH POC This Week

Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35957 HIGH POC This Week

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35956 HIGH POC This Week

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-35955 HIGH POC This Week

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 VCDATA parsing functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-37922 HIGH POC This Week

Multiple arbitrary write vulnerabilities exist in the VCD sorted bsearch functionality of GTKWave 3.3.115. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gtkwave
NVD
CVSS 3.1
7.8
EPSS
0.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy