Skip to main content
CVE-2023-1035 HIGH POC This Week

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Clinic S Patient Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1034 HIGH POC PATCH THREAT This Week

Path Traversal: '\..\filename' in GitHub repository salesagility/suitecrm prior to 7.12.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Suitecrm
NVD GitHub
CVSS 3.1
8.8
EPSS
28.1%
CVE-2023-26034 HIGH POC This Week

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Zoneminder
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-1033 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 2.0.11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Froxlor
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26544 HIGH POC This Week

In the Linux kernel 6.0.8, there is a use-after-free in run_unpack in fs/ntfs3/run.c, related to a difference between NTFS sector size and media sector size. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26104 HIGH POC This Week

All versions of the package lite-web-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Lite Web Server
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-26103 HIGH POC PATCH This Week

Versions of the package deno before 1.31.0 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the upgradeWebSocket function, which contains regexes in the form of /s*,s*/, used for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Deno
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-25821 HIGH POC PATCH This Week

Nextcloud is an Open Source private cloud software. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26039 HIGH PATCH This Week

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PHP Command Injection Zoneminder
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-26032 HIGH PATCH This Week

ZoneMinder is a free, open source Closed-circuit television software application for Linux which supports IP, USB and Analog cameras. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Zoneminder
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy