Skip to main content
CVE-2020-22452 CRITICAL POC PATCH Act Now

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Phpmyadmin
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-24166 CRITICAL POC Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/formWifiBasicSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-0321 CRITICAL POC Act Now

Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cr6 Firmware Cr300 Firmware Cr800 Firmware Cr1000 Firmware +1
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-0493 HIGH POC PATCH This Week

Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Btcpay Server
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
7.9%
CVE-2023-0455 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository unilogies/bumsys prior to v1.0.3-beta. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Bumsys
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
5.7%
CVE-2023-23619 HIGH POC PATCH MAL This Week

Modelina is a library for generating data models based on inputs such as AsyncAPI, OpenAPI, or JSON Schema documents. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Modelina
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-23614 HIGH POC This Week

Pi-hole®'s Web interface (based off of AdminLTE) provides a central location to manage your Pi-hole. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Web Interface
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24057 HIGH POC PATCH This Week

HL7 (Health Level 7) FHIR Core Libraries before 5.6.92 allow attackers to extract files into arbitrary directories via directory traversal from a crafted ZIP or TGZ archive (for a prepackaged. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Node.js Path Traversal Hl7 Fhir Core Fhir Ig Publisher
NVD GitHub
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-22486 HIGH POC This Week

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cmark Gfm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-0509 HIGH POC PATCH This Week

Improper Certificate Validation in GitHub repository pyload/pyload prior to 0.5.0b3.dev44. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Pyload Pyload Ng
NVD GitHub
CVSS 3.1
7.4
EPSS
0.5%
CVE-2023-0516 HIGH POC This Week

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-0515 HIGH POC This Week

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical.php of the component Parameter Handler. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-23151 MEDIUM POC This Month

bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file deletion vulnerability via the component /include/inc_content_media.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Bloofoxcms
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-22971 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Hughes Network Systems Router Terminal for HX200 v8.3.1.14, HX90 v6.11.0.5, HX50L v6.10.0.18, HN9460 v8.2.0.48, and HN7000S v6.9.0.37, allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hx200 Firmware Hx90 Firmware Hx50L Firmware Hn9460 Firmware +1
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-0448 MEDIUM POC THREAT This Month

The WP Helper Lite WordPress plugin, in versions < 4.3, returns all GET parameters unsanitized in the response, resulting in a reflected cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Helper Premium
NVD
CVSS 3.1
6.1
EPSS
44.5%
CVE-2023-24456 CRITICAL PATCH Act Now

Jenkins Keycloak Authentication Plugin 2.3.0 and earlier does not invalidate the previous session on login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Session Fixation Information Disclosure Keycloak Authentication
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-24444 CRITICAL Act Now

Jenkins OpenID Plugin 2.4 and earlier does not invalidate the previous session on login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Openid
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24443 CRITICAL PATCH Act Now

Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Testcomplete Support
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-24441 CRITICAL PATCH Act Now

Jenkins MSTest Plugin 1.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Mstest
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-24430 CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Semantic Versioning
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-24429 CRITICAL PATCH Act Now

Jenkins Semantic Versioning Plugin 1.14 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE SSRF Semantic Versioning
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-24427 CRITICAL PATCH Act Now

Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Session Fixation Information Disclosure Bitbucket Oauth
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24170 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24169 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_0007343c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24167 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/add_white_node. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24165 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/initIpAddrInfo. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24164 CRITICAL Act Now

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/FUN_000c2318. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24022 CRITICAL PATCH Act Now

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3.7.11.3 have hardcoded credentials that are easily discovered and can be used by remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Rtd Firmware Rts Firmware
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-24508 CRITICAL Act Now

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Rtd Firmware Rts Firmware
NVD
CVSS 3.1
9.6
EPSS
1.6%
CVE-2023-0469 MEDIUM POC This Month

A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-0519 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Modoboa
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0488 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pyload/pyload prior to 0.5.0b3.dev42. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pyload Pyload Ng
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-0470 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository modoboa/modoboa prior to 2.0.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Modoboa
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0513 MEDIUM POC This Month

A vulnerability has been found in isoftforce Dreamer CMS up to 4.0.1 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dreamer Cms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-24458 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins BearyChat Plugin 3.0.2 and earlier allows attackers to connect to an attacker-specified URL. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Bearychat
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-24452 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins TestQuality Updater Plugin 1.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified username and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Testquality Updater
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-24447 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins RabbitMQ Consumer Plugin 2.8 and earlier allows attackers to connect to an attacker-specified AMQP(S) URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Rabbitmq Consumer
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-24446 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins OpenID Plugin 2.4 and earlier allows attackers to trick users into logging in to the attacker's account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Openid
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-24437 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins JIRA Pipeline Steps Plugin 2.0.165.v8846cf59f3db and earlier allows attackers to connect to an attacker-specified URL using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Atlassian Jira Pipeline Steps
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-24434 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Pull Request Builder Plugin 1.42.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Github Pull Request Builder
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-24432 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Orka By Macstadium
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-24426 HIGH This Week

Jenkins Azure AD Plugin 303.va_91ef20ee49f and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Microsoft Azure Ad
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24424 HIGH PATCH This Week

Jenkins OpenId Connect Authentication Plugin 2.4 and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Session Fixation Information Disclosure Openid Connect Authentication
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-24422 HIGH PATCH This Week

A sandbox bypass vulnerability involving map constructors in Jenkins Script Security Plugin 1228.vd93135a_2fb_25 and earlier allows attackers with permission to define and run sandboxed scripts,. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Jenkins Command Injection Script Security
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-23612 HIGH PATCH This Week

OpenSearch is an open source distributed and RESTful search engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Opensearch
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-22482 HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0444 HIGH This Week

A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Infrasuite Device Master
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0468 MEDIUM POC This Month

A use-after-free flaw was found in io_uring/poll.c in io_poll_check_events in the io_uring subcomponent in the Linux Kernel due to a race condition of poll_refs. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-22736 HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.5
EPSS
0.8%
CVE-2023-23608 MEDIUM POC PATCH This Month

Spotipy is a light weight Python library for the Spotify Web API. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Python Spotipy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy