Skip to main content
CVE-2023-24189 CRITICAL POC Act Now

An XML External Entity (XXE) vulnerability in urule v2.1.7 allows attackers to execute arbitrary code via uploading a crafted XML file to /urule/common/saveFile. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XXE Urule
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-0999 HIGH POC This Week

A vulnerability classified as problematic was found in SourceCodester Sales Tracker Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Sales Tracker Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-0997 HIGH POC This Week

A vulnerability was found in SourceCodester Moosikay E-Commerce System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Moosikay E Commerce System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-26102 HIGH POC This Week

All versions of the package rangy are vulnerable to Prototype Pollution when using the extend() function in file rangy-core.js.The function uses recursive merge which can lead an attacker to modify. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Rangy
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2023-1007 HIGH POC This Week

A vulnerability was found in Twister Antivirus 8.17. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Twister Antivirus
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-1005 HIGH POC This Week

A vulnerability was found in JP1016 Markdown-Electron and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Markdown Electron
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-1004 HIGH POC This Week

A vulnerability has been found in MarkText up to 0.17.1 on Windows and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Microsoft Marktext
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-0994 HIGH POC PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository francoisjacquet/rosariosis prior to 10.8.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Rosariosis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1002 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in MuYuCMS 2.2.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Muyucms
NVD VulDB GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-33224 CRITICAL Act Now

File upload vulnerability in Umbraco Forms v.8.7.0 allows unauthenticated attackers to execute arbitrary code via a crafted web.config and asp file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Umbraco Forms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2021-4105 CRITICAL Act Now

Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.24.0.R.20180630 before 5.24.0.R.20210727. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coslat Bx5S1D3 Firmware Coslat Bx5S1D4 Firmware Coslat Bx5S1D5 Firmware Coslat Rm1Ds1000 Firmware +4
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-25696 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in the Apache Airflow Hive Provider.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Apache Hive
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-25693 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider.1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Apache Sqoop
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-25691 CRITICAL PATCH Act Now

Improper Input Validation vulnerability in the Apache Airflow Google Provider.10.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Google Apache Airflow Providers Google
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-23205 MEDIUM POC This Month

An issue was discovered in lib60870 v2.3.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lib60870
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1010 MEDIUM POC This Month

A vulnerability classified as critical was found in vox2png 1.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Vox2Png
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1009 MEDIUM POC THREAT This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vigor2960 Firmware
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
15.7%
CVE-2023-1008 MEDIUM POC This Month

A vulnerability was found in Twister Antivirus 8.17. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Twister Antivirus
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-22425 MEDIUM POC This Month

Stored cross-site scripting vulnerability in Schedule function of SHIRASAGI v1.16.2 and earlier versions allows a remote authenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shirasagi
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-0995 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to v2.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Business Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0998 MEDIUM POC This Month

A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Alphaware Simple E Commerce System
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.9%
CVE-2023-1030 MEDIUM POC This Month

A vulnerability has been found in SourceCodester/code-projects Online Boat Reservation System 1.0 and classified as problematic. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Boat Reservation System
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.7%
CVE-2023-26468 CRITICAL PATCH Act Now

Cerebrate 1.12 does not properly consider organisation_id during creation of API keys. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Cerebrate
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-22427 MEDIUM POC This Month

Stored cross-site scripting vulnerability in Theme switching function of SHIRASAGI v1.16.2 and earlier versions allows a remote attacker with an administrative privilege to inject an arbitrary script. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Shirasagi
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2023-0996 HIGH PATCH This Week

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Libheif
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25956 HIGH PATCH This Week

Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Apache Airflow Providers Amazon
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-25692 HIGH PATCH This Week

Improper Input Validation vulnerability in the Apache Airflow Google Provider.10.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Google Apache Airflow Providers Google
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-0586 MEDIUM This Month

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS All In One Seo
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-1006 MEDIUM This Month

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Medical Certificate Generator App
NVD VulDB
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-0595 MEDIUM This Month

A CWE-117: Improper Output Neutralization for Logs vulnerability exists that could cause the misinterpretation of log files when malicious packets are sent to the Geo SCADA server's database web port. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clearscada Ecostruxure Geo Scada Expert 2019 Ecostruxure Geo Scada Expert 2020 Ecostruxure Geo Scada Expert 2021
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-0585 MEDIUM This Month

The All in One SEO Pack plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions up to, and including, 4.2.9 due to insufficient input sanitization and. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.

XSS WordPress All In One Seo
NVD VulDB
CVSS 3.1
4.4
EPSS
4.0%
CVE-2023-1029 MEDIUM This Month

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Meta Seo
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-0481 LOW PATCH Monitor

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Quarkus
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy