Skip to main content
CVE-2022-45551 CRITICAL Act Now

An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.1% and no vendor patch available.

Authentication Bypass We1626 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
25.1%
CVE-2022-45553 CRITICAL POC Act Now

An issue discovered in Shenzhen Zhibotong Electronics WBT WE1626 Router v 21.06.18 allows attacker to execute arbitrary commands via serial connection to the UART port. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE We1626 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-26779 CRITICAL POC Act Now

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Deserialization which can lead to remote code execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Yf Exam
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-24643 CRITICAL POC Act Now

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateBlankTxtview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24642 CRITICAL POC Act Now

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateTxtview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24641 CRITICAL POC Act Now

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the sid parameter at /php-jms/updateview.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27290 CRITICAL POC Act Now

Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Docker Authentication Bypass IBM Observability With Instana
NVD Exploit-DB
CVSS 3.1
9.1
EPSS
8.6%
CVE-2023-1162 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor 2960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
26.0%
CVE-2023-0968 MEDIUM POC THREAT This Month

The Watu Quiz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘dn’, 'email', 'points', and 'date' parameters in versions up to, and including, 3.3.9 due to insufficient. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%.

XSS WordPress Watu Quiz
NVD VulDB
CVSS 3.1
6.1
EPSS
13.5%
CVE-2023-27566 HIGH POC This Week

Cubism Core in Live2D Cubism Editor 4.2.03 allows out-of-bounds write via a crafted Section Offset Table or Count Info Table in an MOC3 file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Cubism Editor
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-26604 HIGH POC This Week

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Debian Linux Systemd
NVD GitHub
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-1164 HIGH POC This Week

A vulnerability was found in KylinSoft kylin-activation on KylinOS and classified as critical. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kylin Os
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-45552 HIGH POC This Week

An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation We1626 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-25403 HIGH POC This Week

CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Yf Exam
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-25402 HIGH POC This Week

CleverStupidDog yf-exam 1.8.0 is vulnerable to File Upload. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Yf Exam
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26492 HIGH POC PATCH This Week

Directus is a real-time API and App dashboard for managing SQL database content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Information Disclosure Directus
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26213 HIGH POC This Week

On Barracuda CloudGen WAN Private Edge Gateway devices before 8 webui-sdwan-1089-8.3.1-174141891, an OS command injection vulnerability exists in /ajax/update_certificate - a crafted HTTP request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Barracuda Command Injection T100B Firmware T200C Firmware T400C Firmware +4
NVD
CVSS 3.1
7.2
EPSS
7.9%
CVE-2023-1165 HIGH POC This Week

A vulnerability was found in Zhong Bang CRMEB Java 1.3.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Crmeb
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-27561 HIGH POC PATCH This Week

runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Privilege Escalation Runc Openshift Container Platform Enterprise Linux Debian Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-1170 MEDIUM POC PATCH This Month

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1376. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim
NVD GitHub
CVSS 3.1
6.6
EPSS
0.5%
CVE-2023-1163 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in DrayTek Vigor 2960 1.5.1.4/1.5.1.5 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Vigor 2960 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-27574 CRITICAL PATCH Act Now

ShadowsocksX-NG 1.10.0 signs with com.apple.security.get-task-allow entitlements because of CODE_SIGNING_INJECT_BASE_ENTITLEMENTS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Apple Shadowsocksx Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-20078 CRITICAL Act Now

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Cisco Stack Overflow +17
NVD
CVSS 3.1
9.8
EPSS
10.4%
CVE-2023-0957 CRITICAL PATCH Act Now

An issue was discovered in Gitpod versions prior to release-2022.11.2.16. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Gitpod
NVD GitHub
CVSS 3.1
9.6
EPSS
0.4%
CVE-2023-1160 MEDIUM POC PATCH This Month

Use of Platform-Dependent Third Party Components in GitHub repository cockpit-hq/cockpit prior to 2.4.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Cockpit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-23927 MEDIUM POC PATCH This Month

Craft is a platform for creating digital experiences. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-27567 HIGH PATCH This Week

In OpenBSD 7.2, a TCP packet with destination port 0 that matches a pf divert-to rule can crash the kernel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Openbsd
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-20088 HIGH This Week

A vulnerability in the nginx configurations that are provided as part of the VPN-less reverse proxy for Cisco Finesse could allow an unauthenticated, remote attacker to create a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Nginx Cisco Denial Of Service Authentication Bypass Finesse
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-20079 HIGH This Week

Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service RCE Cisco Stack Overflow +21
NVD
CVSS 3.1
7.5
EPSS
10.3%
CVE-2023-27560 HIGH PATCH This Week

Math/PrimeField.php in phpseclib 3.x before 3.0.19 has an infinite loop with composite primefields. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service PHP Phpseclib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-0457 HIGH This Week

Plaintext Storage of a Password vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series, MELSEC iQ-R Series, MELSEC-Q Series and MELSEC-L Series allows a remote unauthenticated attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fx5Uc 32Mr Ds Ts Firmware Fx5Uc 32Mt D Firmware Fx5Uc 32Mt Dss Firmware Fx5Uc 32Mt Dss Ts Firmware +34
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-26488 MEDIUM PATCH This Month

OpenZeppelin Contracts is a library for secure smart contract development. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Contracts Contracts Upgradeable
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-20061 MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco Packaged Contact Center Enterprise Unified Contact Center Enterprise +2
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-0578 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies Book Cites allows Cross-Site Scripting (XSS).01.05. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bookcites
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-0577 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ASOS Information Technologies SOBIAD allows Cross-Site Scripting (XSS).02.01. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Sobiad
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-26491 MEDIUM PATCH This Month

RSSHub is an open source and extensible RSS feed generator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Rsshub
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26047 MEDIUM PATCH This Month

teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Teler Waf
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23313 MEDIUM This Month

Certain Draytek products are vulnerable to Cross Site Scripting (XSS) via the wlogin.cgi script and user_login.cgi script of the router's web application management portal. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vigor2860 Firmware Vigor2860N Firmware Vigor2860N Plus Firmware Vigor2860Vn Plus Firmware +87
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-20104 MEDIUM This Month

A vulnerability in the file upload functionality of Cisco Webex App for Web could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco XSS File Upload Webex Teams
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-20069 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to conduct a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Evolved Programmable Network Manager Prime Infrastructure
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26483 MEDIUM PATCH This Month

gosaml2 is a Pure Go implementation of SAML 2.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Gosaml2
NVD GitHub
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-20062 MEDIUM This Month

Multiple vulnerabilities in Cisco Unified Intelligence Center could allow an authenticated, remote attacker to collect sensitive information or perform a server-side request forgery (SSRF) attack on. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure SSRF Cisco Packaged Contact Center Enterprise Unified Contact Center Enterprise +2
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy