Skip to main content
CVE-2023-24238 CRITICAL POC Act Now

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the city parameter at setting/delStaticDhcpRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-24236 CRITICAL POC Act Now

TOTOlink A7100RU(V7.4cu.2313_B20191024) was discovered to contain a command injection vulnerability via the province parameter at setting/delStaticDhcpRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-23926 HIGH POC PATCH This Week

APOC (Awesome Procedures on Cypher) is an add-on library for Neo4j. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE Awesome Procedures On Cyper
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-0568 HIGH POC This Week

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, core path resolution function allocate buffer one byte too small. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

PHP Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-0866 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-25173 HIGH POC PATCH This Week

containerd is an open source container runtime. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Containerd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-0860 HIGH POC PATCH This Week

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Installer
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-23558 MEDIUM POC PATCH This Month

In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. Rated medium severity (CVSS 6.3). Public exploit code available.

Information Disclosure Eternal Terminal
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-22578 CRITICAL PATCH Act Now

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Sequelize
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23936 MEDIUM POC PATCH This Month

Undici is an HTTP/1.1 client for Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Code Injection Node Js Undici
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-23752 MEDIUM POC KEV THREAT This Month

An issue was discovered in Joomla!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Joomla
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
99.8%
CVE-2023-23781 HIGH This Week

A stack-based buffer overflow vulnerability [CWE-121] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below SAML server configuration may allow an authenticated attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet RCE Fortiweb
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-23780 HIGH This Week

A stack-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, Fortinet FortiWeb version 6.3.6 through 6.3.19, Fortinet FortiWeb 6.4 all versions allows attacker to escalation of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet Privilege Escalation Fortiweb
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-23779 HIGH This Week

Multiple improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerabilities [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiweb
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-22579 HIGH PATCH This Week

Due to improper parameter filtering in the sequalize js library, can a attacker peform injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Code Injection Sequelize
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0862 HIGH This Week

The NetModule NSRW web administration interface is vulnerable to path traversals, which could lead to arbitrary file uploads and deletion. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Netmodule Router Software
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-0861 HIGH This Week

NetModule NSRW web administration interface executes an OS command constructed with unsanitized user input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Netmodule Router Software
NVD
CVSS 3.1
8.8
EPSS
28.7%
CVE-2023-23947 HIGH PATCH This Week

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Kubernetes Authentication Bypass Argo Cd
NVD GitHub
CVSS 3.1
8.5
EPSS
0.7%
CVE-2023-25602 HIGH This Week

A stack-based buffer overflow in Fortinet FortiWeb 6.4 all versions, FortiWeb versions 6.3.17 and earlier, FortiWeb versions 6.2.6 and earlier, FortiWeb versions 6.1.2 and earlier, FortiWeb versions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet Fortiweb
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23783 HIGH This Week

A use of externally-controlled format string in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb 6.4 all versions allows attacker to execute unauthorized code or commands via specially crafted. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiweb
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23782 HIGH This Week

A heap-based buffer overflow in Fortinet FortiWeb version 7.0.0 through 7.0.1, FortiWeb version 6.3.0 through 6.3.19, FortiWeb 6.4 all versions, FortiWeb 6.2 all versions, FortiWeb 6.1 all versions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Fortinet Heap Overflow Fortiweb
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24485 HIGH PATCH This Week

Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Citrix Workspace
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24483 HIGH This Week

A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Citrix Virtual Apps And Desktops
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25653 HIGH PATCH This Week

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Denial Of Service Node Jose
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24807 HIGH PATCH This Week

Undici is an HTTP/1.1 client for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Denial Of Service Undici
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-22580 HIGH PATCH This Week

Due to improper input filtering in the sequalize js library, can malicious queries lead to sensitive information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Sequelize
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0662 HIGH This Week

In PHP 8.0.X before 8.0.28, 8.1.X before 8.1.16 and 8.2.X before 8.2.3, excessive number of parts in HTTP form upload can cause high resource consumption and excessive number of log entries. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service PHP
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-0821 MEDIUM PATCH This Month

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Nomad
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-22380 MEDIUM This Month

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed arbitrary file reading when building a GitHub Pages site. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-23784 MEDIUM This Month

A relative path traversal in Fortinet FortiWeb version 7.0.0 through 7.0.2, FortiWeb version 6.3.6 through 6.3.20, FortiWeb 6.4 all versions allows attacker to information disclosure via specially. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Information Disclosure Fortiweb
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-23778 MEDIUM PATCH This Month

A relative path traversal vulnerability [CWE-23] in FortiWeb version 7.0.1 and below, 6.4 all versions, 6.3 all versions, 6.2 all versions may allow an authenticated user to obtain unauthorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Fortinet Path Traversal Authentication Bypass Fortiweb
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-0475 MEDIUM PATCH This Month

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Go Getter
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-24484 MEDIUM PATCH This Month

A malicious user can cause log files to be written to a directory that they do not have permission to write to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Workspace
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25153 MEDIUM PATCH This Month

containerd is an open source container runtime. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Containerd
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-22638 MEDIUM PATCH This Month

Several improper neutralization of inputs during web page generation vulnerability [CWE-79] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.11 and below, 8.7.6 and below, 8.6.5 and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fortinac
NVD
CVSS 3.1
5.4
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy