Skip to main content
CVE-2023-24212 CRITICAL POC Act Now

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the timeType function at /goform/SetSysTimeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-24205 CRITICAL POC Act Now

Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Clash
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-26326 CRITICAL POC Act Now

The BuddyForms WordPress plugin, in versions prior to 2.7.8, was affected by an unauthenticated insecure deserialization issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Buddyforms
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-24104 CRITICAL POC Act Now

Ubiquiti Networks UniFi Dream Machine Pro v7.2.95 allows attackers to bypass domain restrictions via crafted packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Authentication Bypass Unifi Dream Machine Pro Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23914 CRITICAL POC Act Now

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-23295 HIGH POC This Week

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Jetwave 2212G Firmware Jetwave 2212X Firmware Jetwave 2212S Firmware Jetwave 2211C Firmware +11
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2023-23294 HIGH POC This Week

Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Jetwave 2212G Firmware Jetwave 2212X Firmware Jetwave 2212S Firmware Jetwave 2211C Firmware +11
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-26325 HIGH POC This Week

The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Reviewx
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0988 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0.php?action=save_user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25824 HIGH POC PATCH This Week

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Denial Of Service Mod Gnutls
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-23919 HIGH POC PATCH This Week

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js OpenSSL Denial Of Service Node Js
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-23296 MEDIUM POC This Month

Korenix JetWave 4200 Series 1.3.0 and JetWave 3200 Series 1.6.0 are vulnerable to Denial of Service via /goform/formDefault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jetwave 2212G Firmware Jetwave 2212X Firmware Jetwave 2212S Firmware Jetwave 2211C Firmware +11
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-23916 MEDIUM POC This Month

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Debian Linux H300s Firmware +5
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2022-2504 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SDD Computer Software SDD-Baro allows SQL Injection.8.432. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sdd Baro
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-0939 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NTN Information Technologies Online Services Software allows SQL Injection.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Online Services
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-25823 CRITICAL PATCH Act Now

Gradio is an open-source Python library to build machine learning and data science demos and web applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Gradio
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-0755 CRITICAL Act Now

The affected products are vulnerable to an improper validation of array index, which could allow an attacker to crash the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Digital Industrial Gateway Server Kepware Server Kepware Serverex Thingworx Net Sdk +5
NVD
CVSS 3.1
9.8
EPSS
11.8%
CVE-2023-0754 CRITICAL Act Now

The affected products are vulnerable to an integer overflow or wraparound, which could allow an attacker to crash the server and remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Digital Industrial Gateway Server Kepware Server Kepware Serverex +6
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-0986 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Sales Tracker Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Sales Tracker Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0982 CRITICAL Act Now

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Yoga Class Registration System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0981 CRITICAL Act Now

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Yoga Class Registration System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0980 CRITICAL Act Now

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as critical.php of the component Status Update Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Yoga Class Registration System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0987 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Pizza Ordering System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-23917 HIGH This Week

A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection XSS Rocket Chat
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-20011 HIGH This Week

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Application Policy Infrastructure Controller Cloud Network Controller
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-24415 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Chatbot
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24384 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Organization Chart
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23659 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Motomo
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24317 HIGH This Week

Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Judging Management System
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-22476 MEDIUM POC PATCH This Month

Mantis Bug Tracker (MantisBT) is an open source issue tracker. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Mantisbt
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-26462 HIGH This Week

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Authentication Bypass Thingsboard
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-20050 HIGH This Week

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23918 HIGH PATCH This Week

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Node.js Authentication Bypass Node Js
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2023-20015 MEDIUM This Month

A vulnerability in the CLI of Cisco Firepower 4100 Series, Cisco Firepower 9300 Security Appliances, and Cisco UCS 6200, 6300, 6400, and 6500 Series Fabric Interconnects could allow an authenticated,. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Ucs Central Software Ucs 6536 Firmware Ucs 64108 Firmware +9
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-23915 MEDIUM This Month

A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Curl Active Iq Unified Manager Clustered Data Ontap H300s Firmware +4
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-20089 MEDIUM This Month

A vulnerability in the Link Layer Discovery Protocol (LLDP) feature for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) Mode could allow an unauthenticated,. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Nx Os
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-20016 MEDIUM This Month

A vulnerability in the backup configuration feature of Cisco UCS Manager Software and in the configuration export feature of Cisco FXOS Software could allow an unauthenticated attacker with access to. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Ucs Central Software Ucs 6536 Firmware Ucs 64108 Firmware +9
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-0815 MEDIUM PATCH This Month

Potential Insertion of Sensitive Information into Jetty Log Files in multiple versions of OpenNMS Meridian and Horizon could allow disclosure of usernames and passwords if the logging level is set to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Horizon Meridian
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-25621 MEDIUM PATCH This Month

Privilege Escalation vulnerability in Apache Software Foundation Apache Sling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Apache Sling I18N
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-0044 MEDIUM PATCH This Month

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure XSS CSRF Quarkus Build Of Quarkus
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0869 MEDIUM PATCH This Month

Cross-site scripting in outage/list.htm in multiple versions of OpenNMS Meridian and Horizon allows an attacker access to confidential session information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0868 MEDIUM PATCH This Month

Reflected cross-site scripting in graph results in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to steal session cookies. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0867 MEDIUM PATCH This Month

Multiple stored and reflected cross-site scripting vulnerabilities in webapp jsp pages in multiple versions of OpenNMS Meridian and Horizon could allow an attacker access to confidential session. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Horizon Meridian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0597 MEDIUM PATCH This Month

A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26303 MEDIUM PATCH This Month

Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Markdown It Py
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-20012 MEDIUM This Month

A vulnerability in the CLI console login authentication of Cisco Nexus 9300-FX3 Series Fabric Extender (FEX) when used in UCS Fabric Interconnect deployments could allow an unauthenticated attacker. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Authentication Bypass Nexus 93180Yc Fx3S Firmware Nexus 93180Yc Fx3 Firmware +4
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-23920 MEDIUM PATCH This Month

An untrusted search path vulnerability exists in Node.js. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity.

Node.js Information Disclosure Node Js Debian Linux
NVD
CVSS 3.1
4.2
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy