Skip to main content
CVE-2020-29297 CRITICAL POC Act Now

Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-23607 CRITICAL POC PATCH Act Now

erohtar/Dasherr is a dashboard for self-hosted services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP Dasherr
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-23489 CRITICAL POC THREAT Act Now

The Easy Digital Downloads WordPress Plugin, versions 3.1.0.2 & 3.1.0.3, is affected by an unauthenticated SQL injection vulnerability in the 's' parameter of its 'edd_download_search' action. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Easy Digital Downloads
NVD
CVSS 3.1
9.8
EPSS
11.2%
CVE-2023-23488 CRITICAL POC THREAT Act Now

The Paid Memberships Pro WordPress Plugin, version < 2.9.8, is affected by an unauthenticated SQL injection vulnerability in the 'code' parameter of the '/pmpro/v1/order' REST route. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Paid Memberships Pro
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
92.5%
CVE-2023-22726 HIGH POC PATCH This Week

act is a project which allows for local running of github actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal File Upload Privilege Escalation Act
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-23492 HIGH POC THREAT This Week

The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Login With Phone Number
NVD
CVSS 3.1
8.8
EPSS
57.1%
CVE-2023-23490 HIGH POC This Week

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Survey Maker
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-23596 HIGH POC THREAT This Week

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nginx Nginx Proxy Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
15.2%
CVE-2023-23145 HIGH POC PATCH This Week

GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-23143 HIGH POC PATCH This Week

Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-41441 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in ReQlogic v11.3 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the POBatch and WaitDuration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Reqlogic
NVD Exploit-DB VulDB
CVSS 3.1
6.1
EPSS
5.3%
CVE-2023-23491 MEDIUM POC This Month

The Quick Event Manager WordPress Plugin, version < 9.7.5, is affected by a reflected cross-site scripting vulnerability in the 'category' parameter of its 'qem_ajax_calendar' action. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quick Event Manager
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-23024 MEDIUM POC This Month

Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Book Store Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23015 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Kalkun 0.8.0 via username input in file User_model.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Kalkun
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23014 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in InventorySystem thru commit e08fbbe17902146313501ed0b5feba81d58f455c (on Apr 23, 2021) via edit_store_name and edit_active inputs in file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Inventory System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23012 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Classroombookings
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23010 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in Ecommerce-CodeIgniter-Bootstrap thru commit d5904379ca55014c5df34c67deda982c73dc7fe5 (on Dec 27, 2022), allows attackers to execute arbitrary code via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE XSS Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24028 CRITICAL PATCH Act Now

In MISP 2.4.167, app/Controller/Component/ACLComponent.php has incorrect access control for the decaying import function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Authentication Bypass Misp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20025 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, and RV082 Routers could allow an unauthenticated, remote attacker to bypass authentication on an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Rv016 Firmware Rv042 Firmware Rv042G Firmware +1
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-23144 MEDIUM POC PATCH This Month

Integer overflow vulnerability in function Q_DecCoordOnUnitSphere file bifs/unquantize.c in GPAC version 2.2-rev0-gab012bbfb-master. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22910 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22912 MEDIUM POC This Month

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-22964 CRITICAL Act Now

Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x before 13004, is vulnerable to authentication bypass when LDAP authentication is enabled. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Servicedesk Plus Msp
NVD
CVSS 3.1
9.1
EPSS
2.4%
CVE-2023-0052 HIGH This Week

SAUTER Controls Nova 200-220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nova 220 Eyk220F001 Firmware Nova 230 Eyk230F001 Firmware Nova 106 Eyk300F001 Firmware Modunet300 Ey Am300F001 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0101 HIGH PATCH This Week

A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Nessus
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-23691 HIGH This Week

Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Request Smuggling Dell Powervault Me5012 Firmware Powervault Me5024 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-20038 HIGH This Week

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Industrial Network Director
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-20010 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-20020 HIGH This Week

A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Broadworks Application Delivery Platform Device Management Broadworks Xtended Services Platform
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2021-37500 HIGH This Week

Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Reprise License Manager
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-25502 HIGH This Week

Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Detection And Response
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24025 HIGH This Week

CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Pqclean
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-24021 HIGH PATCH This Week

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Modsecurity Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22339 HIGH PATCH This Week

Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Conprosys Hmi System
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22331 HIGH PATCH This Week

Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Conprosys Hmi System
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-20044 HIGH This Week

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Cx Cloud Agent
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-20045 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv160 Vpn Router Firmware Rv160W Wireless Ac Vpn Router Firmware Rv260 Vpn Router Firmware +1
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-20026 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +1
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-20007 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Rv340 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-20008 HIGH This Week

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Roomos Telepresence Collaboration Endpoint Telepresence Tc
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-20043 MEDIUM This Month

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Cx Cloud Agent
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-37499 MEDIUM This Month

CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Reprise License Manager
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-37498 MEDIUM This Month

An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Reprise License Manager
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-20047 MEDIUM This Month

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco Webex Room Phone and Cisco Webex Share devices could allow an unauthenticated, adjacent attacker to cause a denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Webex Room Phone Firmware Webex Share Firmware Sip Ip Phone Software
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-20018 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series Phones could allow an unauthenticated, remote attacker to bypass authentication on an affected device. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Ip Phone 7800 Firmware Ip Phone 7811 Firmware Ip Phone 7821 Firmware +19
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24027 MEDIUM PATCH This Month

In MISP 2.4.167, app/webroot/js/action_table.js allows XSS via a network history name. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0410 MEDIUM PATCH This Month

A Cross-site Scripting (XSS) vulnerability exists in the Qwik framework (Node.js) prior to version 0.1.0-beta5, allowing unauthenticated attackers to inject malicious scripts through user interaction. The vulnerability has a CVSS score of 6.1 (Medium) with low exploitation probability (EPSS 0.34%, 56th percentile), indicating limited real-world risk despite the XSS classification. A patch is available from the vendor, and no active exploitation or public POC has been widely documented.

XSS Qwik
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-24026 MEDIUM PATCH This Month

In MISP 2.4.167, app/webroot/js/event-graph.js has an XSS vulnerability via an event-graph preview payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20058 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Packaged Contact Center Enterprise Unified Contact Center Enterprise Unified Contact Center Express +1
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-20019 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS Broadworks Application Delivery Platform Broadworks Application Server Broadworks Xtended Services Platform
NVD
CVSS 3.1
6.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy