Skip to main content
CVE-2023-0297 CRITICAL POC PATCH THREAT Act Now

Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Pyload
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
95.8%
CVE-2023-0299 CRITICAL POC PATCH Act Now

Improper Input Validation in GitHub repository publify/publify prior to 9.2.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Publify
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-22496 CRITICAL POC THREAT Act Now

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Netdata
NVD GitHub
CVSS 3.1
9.8
EPSS
36.2%
CVE-2023-22495 CRITICAL POC Act Now

Izanami is a shared configuration service well-suited for micro-service architecture implementation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Izanami
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22480 CRITICAL POC PATCH THREAT Act Now

KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Authentication Bypass Kubeoperator
NVD GitHub
CVSS 3.1
9.8
EPSS
66.8%
CVE-2023-22497 CRITICAL POC Act Now

Netdata is an open source option for real-time infrastructure monitoring and troubleshooting. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Netdata
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-22850 HIGH POC This Week

Tiki before 24.1, when the Spreadsheets feature is enabled, allows lib/sheet/grid.php PHP Object Injection because of an unserialize call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Tiki
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-22478 HIGH POC PATCH This Week

KubePi is a modern Kubernetes panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Kubernetes Authentication Bypass Kubepi
NVD GitHub
CVSS 3.1
7.5
EPSS
3.6%
CVE-2023-22851 HIGH POC This Week

Tiki before 24.2 allows lib/importer/tikiimporter_blog_wordpress.php PHP Object Injection by an admin because of an unserialize call. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Deserialization Tiki
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-0298 MEDIUM POC PATCH This Month

Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Firefly Iii
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23589 MEDIUM POC PATCH This Month

The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Tor Debian Linux Fedora
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-0301 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0-M4-2301. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Alf Io
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0300 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Alf Io
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22853 HIGH This Week

Tiki before 24.1, when feature_create_webhelp is enabled, allows lib/structures/structlib.php PHP Object Injection because of an eval. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Tiki
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-22602 HIGH PATCH This Week

When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Authentication Bypass Shiro Spring Boot
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-22852 MEDIUM This Month

Tiki through 25.0 allows CSRF attacks that are related to tiki-importer.php and tiki-import_sheet.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF Tiki
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22470 MEDIUM PATCH This Month

Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nextcloud Deck
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-45353 MEDIUM This Month

Broken Access Control in Betheme theme <= 26.6.1 on WordPress. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Betheme
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-22471 MEDIUM PATCH This Month

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Deck
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy