Skip to main content
CVE-2023-24114 CRITICAL POC Act Now

typecho 1.1/17.10.30 was discovered to contain a remote code execution (RCE) vulnerability via install.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Typecho
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-24093 CRITICAL POC Act Now

An access control issue in H3C A210-G A210-GV100R005 allows attackers to authenticate without a password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A210 G Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25813 CRITICAL POC PATCH Act Now

Sequelize is a Node.js ORM tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js SQLi Sequelize
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-0963 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Music Gallery Site
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
4.7%
CVE-2023-0961 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Music Gallery Site
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-0960 CRITICAL POC Act Now

A vulnerability was found in SeaCMS 11.6 and classified as problematic. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Seacms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24108 CRITICAL POC Act Now

MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Mvctools
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-24107 CRITICAL POC Act Now

hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Hour Of Code Python 2015
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-0947 CRITICAL POC PATCH Act Now

Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Flatpress
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-22973 HIGH POC PATCH This Week

A Local File Inclusion (LFI) vulnerability in interface/forms/LBF/new.php in OpenEMR < 7.0.0 allows remote authenticated users to execute code via the formname parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal PHP Openemr
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-0966 HIGH POC This Week

A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Eyewear Shop
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-0962 HIGH POC This Week

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Music Gallery Site
NVD GitHub VulDB Exploit-DB
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-22974 HIGH POC PATCH This Week

A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read arbitrary files by controlling a connection to an attacker-controlled MySQL server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure PHP Openemr
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-23063 HIGH POC This Week

Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nvt Web Server
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-24812 CRITICAL PATCH Act Now

Misskey is an open source, decentralized social media platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Misskey
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26314 HIGH This Week

The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Debian RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-0941 HIGH This Week

Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0933 HIGH This Week

Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0932 HIGH This Week

Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Use After Free Microsoft Memory Corruption +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0931 HIGH This Week

Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0930 HIGH This Week

Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0929 HIGH This Week

Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0928 HIGH This Week

Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0927 HIGH This Week

Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0949 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository modoboa/modoboa prior to 2.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Modoboa
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-20855 HIGH PATCH This Week

VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

XXE VMware Vrealize Automation Vrealize Orchestrator
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-0964 HIGH This Week

A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP SQLi Sales Tracker Management System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-0104 HIGH This Week

The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Easybuilder Pro
NVD
CVSS 3.1
7.8
EPSS
21.8%
CVE-2023-25579 HIGH PATCH This Week

Nextcloud server is a self hosted home cloud product. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-23040 HIGH PATCH This Week

TP-Link router TL-WR940N V6 3.19.1 Build 180119 uses a deprecated MD5 algorithm to hash the admin password used for basic authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure TP-Link Tl Wr940n Firmware
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20858 HIGH PATCH This Week

VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Code Injection VMware Carbon Black App Control
NVD
CVSS 3.1
7.2
EPSS
16.9%
CVE-2023-24811 MEDIUM PATCH This Month

Misskey is an open source, decentralized social media platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Misskey
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24810 MEDIUM This Month

Misskey is an open source, decentralized social media platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Misskey
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25154 MEDIUM This Month

Misskey is an open source, decentralized social media platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Misskey
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0846 MEDIUM PATCH This Month

Unauthenticated, stored cross-site scripting in the display of alarm reduction keys in multiple versions of OpenNMS Horizon and Meridian could allow an attacker access to confidential session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23039 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 6.2.0-rc2. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required.

Race Condition Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-26302 MEDIUM PATCH This Month

Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Markdown It Py
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22972 MEDIUM PATCH This Month

A Reflected Cross-site scripting (XSS) vulnerability in interface/forms/eye_mag/php/eye_mag_functions.php in OpenEMR < 7.0.0 allows remote authenticated users to inject arbitrary web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

PHP XSS Openemr
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26214 MEDIUM This Month

The BusinessConnect UI component of TIBCO Software Inc.'s TIBCO BusinessConnect contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Businessconnect
NVD
CVSS 3.1
5.4
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy