Skip to main content
CVE-2023-0640 CRITICAL POC Act Now

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tew 652Brp Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
6.5%
CVE-2023-0641 CRITICAL POC Act Now

A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Brute Force Employee Leaves Management System
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-46965 HIGH POC This Week

PrestaShop module, totadministrativemandate before v1.7.1 was discovered to contain a SQL injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Administrative Mandate
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0649 HIGH POC This Week

A vulnerability has been found in dst-admin 1.5.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dst Admin
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-0648 HIGH POC This Week

A vulnerability, which was classified as critical, was found in dst-admin 1.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dst Admin
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
3.1%
CVE-2023-0647 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in dst-admin 1.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dst Admin
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
3.1%
CVE-2023-0646 HIGH POC This Week

A vulnerability classified as critical was found in dst-admin 1.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Dst Admin
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-23110 HIGH POC This Week

An exploitable firmware modification vulnerability was discovered in certain Netgear products. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Netgear Authentication Bypass Wnr612V2 Firmware Dgn1000V3 Firmware D6100 Firmware +6
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2023-0642 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository squidex/squidex prior to 7.4.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Squidex
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-0637 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tew 811dru Firmware
NVD VulDB
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-0643 MEDIUM POC PATCH This Month

Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Squidex
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-23120 MEDIUM POC This Month

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes TRENDnet TV-IP651WI Network Camera firmware version v1.07.01 and earlier vulnerable to firmware. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Tv Ip651Wi Firmware
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-23119 MEDIUM POC This Month

The use of the cyclic redundancy check (CRC) algorithm for integrity check during firmware update makes Ubiquiti airFiber AF2X Radio firmware version 3.2.2 and earlier vulnerable to firmware. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Ubiquiti Authentication Bypass Af 2X Firmware
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-0638 CRITICAL Act Now

A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Tew 811dru Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-0650 MEDIUM POC PATCH This Month

A vulnerability was found in YAFNET up to 3.1.11 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Yaf Net
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-25012 MEDIUM POC This Month

The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
4.6
EPSS
0.8%
CVE-2023-0400 HIGH This Week

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Data Loss Prevention
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-24574 HIGH This Week

Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Dell Enterprise Sonic Distribution
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-25014 HIGH PATCH This Week

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Femanager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-25013 HIGH PATCH This Week

An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Femanager
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-25015 MEDIUM PATCH This Month

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Clockwork Web
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-0639 MEDIUM This Month

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic.ccp of the component Web Management Interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tew 652Brp Firmware
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-46842 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Js Help Desk
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-46815 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Conditional Shipping For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-45807 MEDIUM This Month

Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Mail Log
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-40692 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Sunshine Photo Cart
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-0651 MEDIUM This Month

A vulnerability was found in FastCMS 0.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Fastcms
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
CVE-2022-45067 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Exclusive Addons For Elementor Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy