Skip to main content
CVE-2022-47003 CRITICAL POC PATCH Act Now

A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Mura Cms
NVD VulDB
CVSS 3.1
9.8
EPSS
3.6%
CVE-2022-47769 CRITICAL POC Act Now

An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Fast Checkin
NVD VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-47770 CRITICAL POC Act Now

Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fast Checkin
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24241 CRITICAL POC Act Now

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/loginpost.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Forget Heart Message Box
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-23924 CRITICAL POC PATCH Act Now

Dompdf is an HTML to PDF converter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization Dompdf
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-0611 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in TRENDnet TEW-652BRP 3.04B01.ccp of the component Web Management Interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 652Brp Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
3.9%
CVE-2023-24956 HIGH POC This Week

Forget Heart Message Box v1.1 was discovered to contain a SQL injection vulnerability via the name parameter at /cha.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Forget Heart Message Box
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0454 HIGH POC This Week

OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Orangescrum
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-0341 HIGH POC PATCH This Week

A stack buffer overflow exists in the ec_glob function of editorconfig-core-c before v0.12.6 which allowed an attacker to arbitrarily write to the stack and possibly allows remote code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow RCE Editorconfig
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2022-47768 HIGH POC This Week

Serenissima Informatica Fast Checkin 1.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Fast Checkin
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-0618 HIGH POC This Week

A vulnerability was found in TRENDnet TEW-652BRP 3.04B01. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 652Brp Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-0617 HIGH POC This Week

A vulnerability was found in TRENDNet TEW-811DRU 1.0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 811dru Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-0613 HIGH POC This Week

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 811dru Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-23135 HIGH POC This Week

An arbitrary file upload vulnerability in Ftdms v3.1.6 allows attackers to execute arbitrary code via uploading a crafted JPG file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Ftdms
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-23136 MEDIUM POC This Month

lmxcms v1.41 was discovered to contain an arbitrary file deletion vulnerability via BackdbAction.class.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Lmxcms
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-0606 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository ampache/ampache prior to 5.5.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Ampache
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-23076 CRITICAL Act Now

OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Manageengine Supportcenter Plus
NVD
CVSS 3.1
9.8
EPSS
74.3%
CVE-2023-24997 CRITICAL Act Now

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Deserialization Inlong
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-23928 CRITICAL PATCH Act Now

reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Jwt Attack Reason Jose
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2022-31902 MEDIUM POC This Month

Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Notepad
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.6%
CVE-2023-0608 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22501 CRITICAL Act Now

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Atlassian Jira Service Management
NVD
CVSS 3.1
9.1
EPSS
16.0%
CVE-2023-0587 CRITICAL Act Now

A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Trend Micro Apex One
NVD
CVSS 3.1
9.1
EPSS
59.6%
CVE-2023-24610 HIGH This Week

NOSH 4a5cfdb allows remote authenticated users to execute PHP arbitrary code via the "practice logo" upload feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload PHP Nosh Chartingsystem
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-22575 HIGH This Week

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-23692 HIGH This Week

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Emc Data Domain Os
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-0607 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Projectsend
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-20856 HIGH This Week

VMware vRealize Operations (vROps) contains a CSRF bypass vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

VMware CSRF Vrealize Operations
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-0524 HIGH This Week

As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nessus Tenable Io Tenable Sc
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-22374 HIGH This Week

A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

RCE Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
8.5
EPSS
72.6%
CVE-2023-0610 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Wallabag
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-0609 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Wallabag
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-22574 HIGH This Week

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Denial Of Service Dell Emc Powerscale Onefs
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-22657 HIGH This Week

On F5OS-A beginning in version 1.2.0 to before 1.3.0 and F5OS-C beginning in version 1.3.0 to before 1.5.0, processing F5OS tenant file names may allow for command injection. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection F5Os A F5Os C
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22358 HIGH This Week

In versions beginning with 7.2.2 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Big Ip Access Policy Manager Big Ip Edge
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22572 HIGH This Week

Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Emc Powerscale Onefs
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23969 HIGH PATCH This Week

In Django 3.2 before 3.2.17, 4.0 before 4.0.9, and 4.1 before 4.1.6, the parsed values of Accept-Language headers are cached in order to avoid repetitive parsing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Django Debian Linux
NVD
CVSS 3.1
7.5
EPSS
47.1%
CVE-2023-23555 HIGH This Week

On BIG-IP Virtual Edition versions 15.1x beginning in 15.1.4 to before 15.1.8 and 14.1.x beginning in 14.1.5 to before 14.1.5.3, and BIG-IP SPK beginning in 1.5.0 to before 1.6.0, when FastL4 profile. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23552 HIGH This Week

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.0 before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP Advanced WAF or BIG-IP ASM security policy is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Advanced Web Application Firewall Big Ip Application Security Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-22842 HIGH This Week

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22839 HIGH This Week

On BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all version of 13.1.x, when a DNS profile with the Rapid Response Mode setting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Big Ip Domain Name System Big Ip Local Traffic Manager Big Ip 10000S Firmware +31
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22664 HIGH This Week

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, and BIG-IP SPK starting in version 1.6.0, when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22422 HIGH This Week

On BIG-IP versions 17.0.x before 17.0.0.2 and 16.1.x before 16.1.3.3, when a HTTP profile with the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject are. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22341 HIGH This Week

On version 14.1.x before 14.1.5.3, and all versions of 13.1.x, when the BIG-IP APM system is configured with all the following elements, undisclosed requests may cause the Traffic Management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Big Ip Access Policy Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22340 HIGH This Week

On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP profile is configured on a Message Routing type virtual server,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics +9
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22323 HIGH This Week

In BIP-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when OCSP authentication profile is configured on a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Analytics Big Ip Application Acceleration Manager +8
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22281 HIGH This Week

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Big Ip Advanced Firewall Manager
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23132 HIGH This Week

Selfwealth iOS mobile App 3.3.1 is vulnerable to Sensitive key disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Selfwealth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23131 HIGH This Week

Selfwealth iOS mobile App 3.3.1 is vulnerable to Insecure App Transport Security (ATS) Settings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Selfwealth
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0612 HIGH This Week

A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Tew 811dru Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy