Skip to main content
CVE-2023-6634 HIGH POC THREAT Act Now

The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 91.3%.

WordPress Command Injection RCE
NVD
CVSS 3.1
8.1
EPSS
91.3%
Threat
5.9
CVE-2023-46474 HIGH POC THREAT Act Now

File Upload vulnerability PMB v.7.4.8 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted PHP file uploaded to the start_import.php file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 72.7%.

File Upload RCE PHP Pmb
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
72.7%
Threat
5.1
CVE-2023-51073 HIGH POC THREAT Act Now

An issue in Buffalo LS210D v.1.78-0.03 allows a remote attacker to execute arbitrary code via the Firmware Update Script at /etc/init.d/update_notifications.sh. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 26.0%.

RCE Ls210D Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
26.0%
CVE-2023-6266 HIGH POC THREAT Act Now

The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to insufficient path and file validation on the BMI_BACKUP case of the handle_downloading function in all. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 21.8%.

WordPress Authentication Bypass Information Disclosure Path Traversal
NVD VulDB
CVSS 3.1
7.5
EPSS
21.8%
CVE-2023-51748 HIGH POC This Week

ScaleFusion 10.5.2 does not properly limit users to the Edge application because Ctrl-O and Ctrl-S can be used. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Scalefusion
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-51749 HIGH POC This Week

ScaleFusion 10.5.2 does not properly limit users to the Edge application because a search can be made from a tooltip. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Information Disclosure Scalefusion Windows
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-50159 HIGH POC This Week

In ScaleFusion (Windows Desktop App) agent 10.5.2, Kiosk mode application restrictions can be bypassed allowing arbitrary code to be executed. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass RCE Microsoft Scalefusion Windows
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-50123 HIGH POC This Week

The number of attempts to bring the Hozard Alarm system (alarmsystemen) v1.0 to a disarmed state is not limited. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Alarm System
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-50671 HIGH POC This Week

In exiftags 1.01, nikon_prop1 in nikon.c has a heap-based buffer overflow (write of size 28) because snprintf can write to an unexpected address. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Exiftags
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-6979 HIGH PATCH This Week

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
3.7%
CVE-2023-6220 HIGH This Week

The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'piotnetforms_ajax_form_builder' function in versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

File Upload WordPress RCE
NVD VulDB
CVSS 3.1
8.1
EPSS
6.3%
CVE-2023-6878 HIGH This Week

The Slick Social Share Buttons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'dcssb_ajax_update' function in versions up to, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5448 HIGH PATCH This Week

The WP Register Profile With Shortcode plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-5504 HIGH PATCH This Week

The BackWPup plugin for WordPress is vulnerable to Directory Traversal in versions up to, and including, 4.0.1 via the Log File Folder. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

WordPress PHP Path Traversal
NVD VulDB
CVSS 3.1
8.7
EPSS
0.5%
CVE-2023-31003 HIGH PATCH This Week

IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.6.1) could allow a local user to obtain root access. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity.

IBM Information Disclosure Docker Security Verify Access Security Verify Access Docker
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2023-6636 HIGH PATCH This Week

The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation on the 'gspb_save_files' function in versions up. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD
CVSS 3.1
7.2
EPSS
4.4%
CVE-2023-6558 HIGH PATCH This Week

The Export and Import Users and Customers plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation on the 'upload_import_file' function in versions up to,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload WordPress RCE
NVD
CVSS 3.1
7.2
EPSS
3.8%
CVE-2023-6828 HIGH This Week

The Contact Form, Survey & Popup Form Plugin for WordPress - ARForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ arf_http_referrer_url’ parameter in all. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress
NVD VulDB
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-6751 HIGH PATCH This Week

The Hostinger plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the function publish_website in all versions up to, and including, 1.9.7. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-51782 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.6.8. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Use After Free Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-51780 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.6.8. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Use After Free Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-51781 HIGH PATCH This Week

An issue was discovered in the Linux kernel before 6.6.8. Rated high severity (CVSS 7.0). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Linux Memory Corruption Use After Free Information Disclosure Linux Kernel +1
NVD GitHub
CVSS 3.1
7.0
EPSS
0.0%
CVE-2024-22198 HIGH POC PATCH THREAT GHSA This Month

Nginx-UI is a web interface to manage Nginx configurations. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 16.0%.

Privilege Escalation Command Injection Information Disclosure Nginx RCE +1
NVD GitHub
CVSS 3.1
7.1
EPSS
16.0%
CVE-2024-22196 HIGH POC PATCH GHSA This Month

Nginx-UI is an online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Nginx SQLi Nginx Ui
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2024-22197 HIGH POC PATCH GHSA This Month

Nginx-ui is online statistics for Server Indicators​​ Monitor CPU usage, memory usage, load average, and disk usage in real-time. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Privilege Escalation Command Injection Information Disclosure Nginx RCE +1
NVD GitHub
CVSS 3.1
7.7
EPSS
3.1%
CVE-2024-0429 HIGH This Month

A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Hex Workshop
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-0252 HIGH This Month

ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 29.1% and no vendor patch available.

RCE Code Injection Manageengine Adselfservice Plus
NVD
CVSS 3.1
8.8
EPSS
29.1%
CVE-2024-21637 HIGH PATCH This Month

Authentik is an open-source Identity Provider. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Privilege Escalation Authentik
NVD GitHub
CVSS 3.1
7.6
EPSS
0.2%
CVE-2024-22190 HIGH POC PATCH This Month

GitPython is a python library used to interact with Git repositories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Python Gitpython Windows
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2024-21833 HIGH This Month

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware Archer Ax5400 Firmware Deco X50 Firmware +2
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-21821 HIGH This Month

Multiple TP-LINK products allow a network-adjacent authenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware Archer Ax5400 Firmware Archer Axe75 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2024-21773 HIGH This Month

Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

TP-Link Command Injection Archer Ax3000 Firmware Archer Ax5400 Firmware Deco X50 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy