Skip to main content
CVE-2023-26762 HIGH POC This Week

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an arbitrary file upload vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Erp
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-26759 HIGH POC This Week

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an OS command injection vulnerability via calls made to the XMService component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Erp
NVD
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-24656 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24654 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24653 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24652 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24364 HIGH POC This Week

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0381 HIGH POC This Week

The GigPress WordPress plugin through 2.3.28 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Gigpress
NVD WPScan
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-1063 HIGH POC This Week

A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1062 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1058 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1057 HIGH POC This Week

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1056 HIGH POC This Week

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctors Appointment System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-26760 HIGH POC This Week

Sme.UP ERP TOKYO V6R1M220406 was discovered to contain an information disclosure vulnerability via the /debug endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Erp
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26758 HIGH POC This Week

Sme.UP TOKYO V6R1M220406 was discovered to contain an arbitrary file download vulnerabilty via the component /ResourceService. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Erp
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-25235 HIGH POC THREAT This Week

Tenda AC500 V2.0.1.9(1307) is vulnerable to Buffer Overflow in function formOneSsidCfgSet via parameter ssid. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac500 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
11.1%
CVE-2023-0331 HIGH POC This Week

The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user input validation when generating a file path, allowing unauthenticated attackers to download arbitrary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Correos Oficial
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-23108 HIGH POC PATCH This Week

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a NULL pointer dereference in the function Xasc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Crasm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-26257 HIGH POC PATCH This Week

An issue was discovered in the Connected Vehicle Systems Alliance (COVESA; formerly GENIVI) dlt-daemon through 2.18.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dlt Daemon
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-24249 HIGH POC This Week

An arbitrary file upload vulnerability in laravel-admin v1.8.19 allows attackers to execute arbitrary code via a crafted PHP file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Laravel Admin
NVD GitHub
CVSS 3.1
7.2
EPSS
2.4%
CVE-2023-0487 HIGH POC This Week

The My Sticky Elements WordPress plugin before 2.0.9 does not properly sanitise and escape a parameter before using it in a SQL statement when deleting messages, leading to a SQL injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi My Sticky Elements
NVD WPScan
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-26609 HIGH POC THREAT This Week

ABUS TVIP 20000-21150 devices allows remote attackers to execute arbitrary code via shell metacharacters in the /cgi-bin/mft/wireless_mft ap field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Tvip 20000 21150 Firmware
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
38.7%
CVE-2023-1070 HIGH POC PATCH This Week

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Teampass
NVD GitHub
CVSS 3.1
7.1
EPSS
0.8%
CVE-2023-23529 HIGH KEV THREAT This Week

A type confusion issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Apple Safari Ipados +2
NVD
CVSS 3.1
8.8
EPSS
9.4%
CVE-2023-23518 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Safari +5
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-23517 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-23496 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-23531 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +2
NVD
CVSS 3.1
8.6
EPSS
1.8%
CVE-2023-23530 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2022-45697 HIGH This Week

Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Razer Central
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23514 HIGH This Week

A use after free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Apple RCE Memory Corruption +3
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-23507 HIGH This Week

The issue was addressed with improved bounds checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23504 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Apple Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23497 HIGH This Week

A logic issue was addressed with improved state management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23524 HIGH This Week

A denial-of-service issue was addressed with improved input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23519 HIGH This Week

A memory corruption issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Apple Ipados Iphone Os +3
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-23109 HIGH PATCH This Week

In crasm 1.8-3, invalid input validation, specific files passed to the command line application, can lead to a divide by zero fault in the function opdiv. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Crasm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-0279 HIGH This Week

The Media Library Assistant WordPress plugin before 3.06 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Media Library Assistant
NVD WPScan
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-0278 HIGH This Week

The GeoDirectory WordPress plugin before 2.2.24 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress SQLi Geodirectory
NVD WPScan
CVSS 3.1
7.2
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy