Skip to main content
CVE-2023-23637 HIGH POC PATCH This Week

IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Impatient
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2023-22499 HIGH POC PATCH This Week

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Information Disclosure Deno
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0332 HIGH POC This Week

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-0338 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Daloradius
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0337 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository lirantal/daloradius prior to master-branch. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Daloradius
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22732 CRITICAL PATCH Act Now

Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-22727 CRITICAL PATCH Act Now

CakePHP is a development framework for PHP web apps. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PHP SQLi Cakephp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-22357 CRITICAL Act Now

Active debug code exists in OMRON CP1L-EL20DR-D all versions, which may lead to a command that is not specified in FINS protocol being executed without authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cp1L El20Dr D Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-22303 CRITICAL Act Now

TP-Link SG105PE firmware prior to 'TL-SG105PE(UN) 1.0_1.0.0 Build 20221208' contains an authentication bypass vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

TP-Link Authentication Bypass Tl Sg105Pe Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-22279 CRITICAL Act Now

MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Microsoft Maho Pbx Netdevancer Firmware Maho Pbx Netdevancer Vsg Firmware Maho Pbx Netdevancer Mobilegate Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22731 HIGH PATCH This Week

Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Shopware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-22286 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Maho Pbx Netdevancer Firmware Maho Pbx Netdevancer Vsg Firmware Maho Pbx Netdevancer Mobilegate Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-22304 HIGH This Week

OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Pix Rt100 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2023-22366 HIGH This Week

CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Information Disclosure Cx Motion Mch Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22734 HIGH PATCH This Week

Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22730 HIGH PATCH This Week

Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-0122 HIGH PATCH This Week

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-23749 HIGH This Week

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ldap Integration With Active Directory And Openldap
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22624 HIGH This Week

Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zoho Microsoft Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-22875 HIGH This Week

IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-0158 HIGH This Week

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Krill
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22280 HIGH This Week

MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Maho Pbx Netdevancer Firmware Maho Pbx Netdevancer Vsg Firmware Maho Pbx Netdevancer Mobilegate Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-22733 MEDIUM PATCH This Month

Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-22316 MEDIUM This Month

Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pix Rt100 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-22298 MEDIUM PATCH This Month

Open redirect vulnerability in pgAdmin 4 versions prior to v6.14 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-22296 MEDIUM This Month

Reflected cross-site scripting vulnerability in MAHO-PBX NetDevancer series MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Maho Pbx Netdevancer Firmware Maho Pbx Netdevancer Vsg Firmware Maho Pbx Netdevancer Mobilegate Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0296 MEDIUM This Month

The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openshift
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-22278 MEDIUM This Month

m-FILTER prior to Ver.5.70R01 (Ver.5 Series) and m-FILTER prior to Ver.4.87R04 (Ver.4 Series) allows a remote unauthenticated attacker to bypass authentication and send users' unintended email when. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass M Filter
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-36647 MEDIUM This Month

Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to. Rated medium severity (CVSS 4.7). No vendor patch available.

Information Disclosure Mbed Tls
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy