Skip to main content
CVE-2023-23295 HIGH POC This Week

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Jetwave 2212G Firmware Jetwave 2212X Firmware Jetwave 2212S Firmware Jetwave 2211C Firmware +11
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2023-23294 HIGH POC This Week

Korenix JetWave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Jetwave 2212G Firmware Jetwave 2212X Firmware Jetwave 2212S Firmware Jetwave 2211C Firmware +11
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-26325 HIGH POC This Week

The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Reviewx
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0988 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Pizza Ordering System 1.0.php?action=save_user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25824 HIGH POC PATCH This Week

Mod_gnutls is a TLS module for Apache HTTPD based on GnuTLS. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Denial Of Service Mod Gnutls
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-23919 HIGH POC PATCH This Week

A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack after operations that may set it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js OpenSSL Denial Of Service Node Js
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-23917 HIGH This Week

A prototype pollution vulnerability exists in Rocket.Chat server <5.2.0 that could allow an attacker to a RCE under the admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection XSS Rocket Chat
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-20011 HIGH This Week

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Application Policy Infrastructure Controller Cloud Network Controller
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-24415 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.2.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Chatbot
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24384 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WpDevArt Organization chart <= 1.4.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Organization Chart
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23659 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in MainWP Matomo Extension <= 4.0.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Motomo
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24317 HIGH This Week

Judging Management System 1.0 was discovered to contain an arbitrary file upload vulnerability via the component edit_organizer.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Judging Management System
NVD
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-26462 HIGH This Week

ThingsBoard 3.4.1 could allow a remote attacker to gain elevated privileges because hard-coded service credentials (usable for privilege escalation) are stored in an insecure format. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Authentication Bypass Thingsboard
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-20050 HIGH This Week

A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system of an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Command Injection Nx Os
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23918 HIGH PATCH This Week

A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Privilege Escalation Node.js Authentication Bypass Node Js
NVD
CVSS 3.1
7.5
EPSS
2.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy