Skip to main content
CVE-2023-0245 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Online Flight Booking Management System.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Flight Booking Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0244 CRITICAL POC Act Now

A vulnerability classified as critical was found in TuziCMS 2.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-0243 CRITICAL POC Act Now

A vulnerability classified as critical has been found in TuziCMS 2.0.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tuzicms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0247 HIGH POC PATCH This Week

Uncontrolled Search Path Element in GitHub repository bits-and-blooms/bloom prior to 3.3.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Bloom
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-0227 MEDIUM POC PATCH This Month

Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Pyload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-23457 MEDIUM POC PATCH This Month

A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Upx Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23456 MEDIUM POC PATCH This Month

A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service Upx Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0246 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Espcms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-22599 CRITICAL Act Now

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inrouter302 Firmware Inrouter615 S Firmware
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-22601 HIGH This Week

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Inrouter302 Firmware Inrouter615 S Firmware
NVD
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-22600 HIGH This Week

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Inrouter302 Firmware Inrouter615 S Firmware
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-0254 HIGH PATCH This Week

The Simple Membership WP user Import plugin for WordPress is vulnerable to SQL Injection via the ‘orderby’ parameter in versions up to, and including, 1.7 due to insufficient escaping on the user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Simple Membership Wp User Import
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-22598 HIGH This Week

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Inrouter302 Firmware Inrouter615 S Firmware
NVD
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-0256 MEDIUM This Month

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Food Ordering System
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-0042 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22597 MEDIUM This Month

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Inrouter302 Firmware Inrouter615 S Firmware
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-23455 MEDIUM PATCH This Month

atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Denial Of Service Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23454 MEDIUM PATCH This Month

cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption Buffer Overflow Linux Denial Of Service Linux Kernel +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22488 MEDIUM PATCH This Month

Flarum is a forum software for building communities. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Flarum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0257 MEDIUM This Month

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Online Food Ordering System
NVD VulDB
CVSS 3.1
4.7
EPSS
0.4%
CVE-2023-0258 LOW Monitor

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. Rated low severity (CVSS 2.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Online Food Ordering System
NVD VulDB
CVSS 3.1
2.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy