Skip to main content
CVE-2023-24163 CRITICAL POC PATCH Act Now

SQL Inection vulnerability in Dromara hutool before 5.8.21 allows attacker to execute arbitrary code via the aviator template engine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Hutool
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-24162 CRITICAL POC Act Now

Deserialization vulnerability in Dromara Hutool v5.8.11 allows attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Hutool
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2022-44897 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in ApolloTheme AP PageBuilder component through 2.4.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ap Pagebuilder
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-22900 CRITICAL Act Now

Efence login function has insufficient validation for user input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Efence
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-0593 MEDIUM POC PATCH This Month

A path traversal vulnerability affects yaffshiv YAFFS filesystem extractor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Yaffshiv
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0592 MEDIUM POC PATCH This Month

A path traversal vulnerability affects jefferson's JFFS2 filesystem extractor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Jefferson
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-0591 MEDIUM POC PATCH This Month

ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Ubi Reader
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-24829 HIGH PATCH This Week

Incorrect Authorization vulnerability in Apache Software Foundation Apache IoTDB.13.0 before 0.13.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Authentication Bypass Iotdb
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-22611 HIGH PATCH This Week

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ecostruxure Geo Scada Expert 2019 Ecostruxure Geo Scada Expert 2020 Ecostruxure Geo Scada Expert 2021
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22610 HIGH PATCH This Week

A CWE-863: Incorrect Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Ecostruxure Geo Scada Expert 2019 Ecostruxure Geo Scada Expert 2020 Ecostruxure Geo Scada Expert 2021
NVD
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy