Skip to main content
CVE-2022-45701 HIGH POC THREAT Act Now

Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 45.3%.

Command Injection RCE Arris Tg2482A Firmware Arris Tg2492 Firmware Arris Sbg10 Firmware
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
45.3%
Threat
4.6
CVE-2023-23279 CRITICAL POC Act Now

Canteen Management System 1.0 is vulnerable to SQL Injection via /php_action/getOrderReport.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24221 CRITICAL POC Act Now

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/DeptMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Luckyframeweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24220 CRITICAL POC Act Now

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/RoleMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Luckyframeweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24219 CRITICAL POC Act Now

LuckyframeWEB v3.5 was discovered to contain a SQL injection vulnerability via the dataScope parameter at /system/UserMapper.xml. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Luckyframeweb
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24078 HIGH POC THREAT This Week

Real Time Logic FuguHub v8.1 and earlier was discovered to contain a remote code execution (RCE) vulnerability via the component /FuguHub/cmsdocs/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Fuguhub
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
53.2%
CVE-2023-0877 HIGH POC PATCH This Week

Code Injection in GitHub repository froxlor/froxlor prior to 2.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Froxlor
NVD GitHub
CVSS 3.1
8.8
EPSS
3.9%
CVE-2023-24329 HIGH POC PATCH THREAT This Week

An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Authentication Bypass Fedora Active Iq Unified Manager Management Services For Element Software +2
NVD GitHub
CVSS 3.1
7.5
EPSS
20.5%
CVE-2023-23007 HIGH POC This Week

An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Espcms
NVD
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-24369 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in UJCMS v4.1.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter under the Add New Articles. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ujcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0878 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository nuxt/framework prior to 3.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Nuxt
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23064 CRITICAL Act Now

TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A720R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0883 CRITICAL Act Now

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-24785 MEDIUM POC This Month

An issue in Giorgio Tani peazip v.9.0.0 allows attackers to cause a denial of service via the End of Archive tag function of the peazip/pea UNPEA feature. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Peazip
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-24769 MEDIUM POC PATCH This Month

Changedetection.io before v0.40.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the main page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Changedetection
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0879 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Btcpay Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-22232 MEDIUM POC THREAT This Month

Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Adobe Authentication Bypass Connect
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
81.9%
CVE-2023-0882 HIGH PATCH This Week

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse.16. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Single Connect
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0822 HIGH This Week

The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization, which could allow an unauthorized user to bypass authorization and access privileged functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Diaenergie
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0880 MEDIUM POC PATCH This Month

Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-23923 HIGH PATCH This Week

The vulnerability was found Moodle which exists due to insufficient limitations on the "start page" preference. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Moodle
NVD
CVSS 3.1
8.2
EPSS
1.0%
CVE-2023-22246 HIGH This Week

Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22244 HIGH This Week

Adobe Premiere Rush version 2.6 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22243 HIGH This Week

Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Adobe RCE Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22239 HIGH This Week

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22238 HIGH This Week

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22237 HIGH This Week

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE After Effects
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22236 HIGH This Week

Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Heap Overflow Animate
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22234 HIGH This Week

Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Adobe RCE Premiere Rush
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22230 HIGH This Week

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22229 HIGH This Week

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22228 HIGH This Week

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Bridge
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22227 HIGH This Week

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22226 HIGH This Week

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Adobe RCE Bridge
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21622 HIGH This Week

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21621 HIGH This Week

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21619 HIGH This Week

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Framemaker
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21576 HIGH This Week

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21575 HIGH This Week

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21574 HIGH This Week

Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Photoshop
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-0887 HIGH This Week

A vulnerability was found in phjounin TFTPD64-SE 4.64 and classified as critical.exe. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Tftpd64
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24960 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-0895 HIGH PATCH This Week

The WP Coder - add custom html, css and js code plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in versions up to, and including, 2.5.3 due to insufficient. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

SQLi WordPress Wp Coder
NVD VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-26020 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Crafter Studio on Linux, MacOS, Windows, x86, ARM, 64 bit allows SQL Injection.0 from 4.0.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Apple SQLi Crafter Cms
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-23922 MEDIUM PATCH This Month

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in blog search. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-23921 MEDIUM PATCH This Month

The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-23695 MEDIUM This Month

Dell Secure Connect Gateway (SCG) version 5.14.00.12 contains a broken cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Dell Secure Connect Gateway
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-22233 MEDIUM This Month

After Affects versions 23.1 (and earlier), 22.6.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure After Effects
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-22231 MEDIUM This Month

Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Adobe Bridge
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-21620 MEDIUM This Month

FrameMaker 2020 Update 4 (and earlier), 2022 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Framemaker
NVD
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy