Skip to main content
CVE-2023-24258 CRITICAL POC Act Now

SPIP v4.1.5 and earlier was discovered to contain a SQL injection vulnerability via the _oups parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Spip
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-25234 CRITICAL POC THREAT Act Now

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromAddressNat via parameters entrys and mitInterface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac500 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
16.6%
CVE-2023-25233 CRITICAL POC Act Now

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac500 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25231 CRITICAL POC Act Now

Tenda Router W30E V1.0.1.25(633) is vulnerable to Buffer Overflow in function fromRouteStatic via parameters entrys and mitInterface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda W30e Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-23156 CRITICAL POC Act Now

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the pid parameter in the single-product page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.7%
CVE-2023-23155 CRITICAL POC Act Now

Art Gallery Management System Project in PHP 1.0 was discovered to contain a SQL injection vulnerability via the username parameter in the Admin Login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-23080 CRITICAL POC Act Now

Certain Tenda products are vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda It7 Lcs Firmware It7 Pcs Firmware It7 Prs Firmware +2
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-24206 CRITICAL POC Act Now

Davinci v0.3.0-rc was discovered to contain a SQL injection vulnerability via the copyDisplay function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Davinci
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26762 HIGH POC This Week

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Erp
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-26759 HIGH POC This Week

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Erp
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-24656 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24654 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24653 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24652 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24364 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0381 HIGH POC This Week

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Gigpress
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-1063 HIGH POC This Week

A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1062 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1058 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1057 HIGH POC This Week

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1056 HIGH POC This Week

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-26760 HIGH POC This Week

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Erp
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26758 HIGH POC This Week

Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Erp
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-25235 HIGH POC THREAT This Week

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac500 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
11.1%
CVE-2023-0331 HIGH POC This Week

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Correos Oficial
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23108 HIGH POC PATCH This Week

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Crasm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26257 HIGH POC PATCH This Week

An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dlt Daemon
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-24249 HIGH POC This Week

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Laravel Admin
NVD GitHub
CVSS 3.1
7.2
EPSS
2.4%
CVE-2023-0487 HIGH POC This Week

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi My Sticky Elements
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-26609 HIGH POC THREAT This Week

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tvip 20000 21150 Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
38.7%
CVE-2023-1070 HIGH POC PATCH This Week

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2023-26043 MEDIUM POC PATCH This Month

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XXE Geonode
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-32302 MEDIUM POC This Month

Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ruh2 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-0334 MEDIUM POC This Month

The ShortPixel Adaptive Images WordPress plugin before 3.6.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortpixel Adaptive Images
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-0043 MEDIUM POC This Month

The Custom Add User WordPress plugin through 2.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Add User
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23513 CRITICAL Act Now

A buffer overflow issue was addressed with improved memory handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-24253 CRITICAL Act Now

Domotica Labs srl Ikon Server before v2.8.6 was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ikon Server
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1054 CRITICAL Act Now

A vulnerability was found in SourceCodester Music Gallery Site 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Music Gallery Site
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1053 CRITICAL Act Now

A vulnerability was found in SourceCodester Music Gallery Site 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Music Gallery Site
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-24651 MEDIUM POC This Month

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-24251 MEDIUM POC This Month

WangEditor v5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /dist/index.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wangeditor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23158 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Art Gallery Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-23157 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Art Gallery Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0552 MEDIUM POC THREAT This Month

The Registration Forms WordPress plugin before 3.8.2.3 does not properly validate the redirection URL when logging in and login out, leading to an Open Redirect vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Open Redirect Pie Register
NVD WPScan
CVSS 3.1
5.4
EPSS
24.3%
CVE-2023-0539 MEDIUM POC This Month

The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gs Insever Portfolio
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0535 MEDIUM POC This Month

The Donation Block For PayPal WordPress plugin before 2.1.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Donation Block For Paypal
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0230 MEDIUM POC This Month

The VK All in One Expansion Unit WordPress plugin before 9.86.0.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Vk All In One Expansion Unit
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0168 MEDIUM POC This Month

The Olevmedia Shortcodes WordPress plugin through 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Olevmedia Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1067 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.18. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1061 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy