Skip to main content
CVE-2023-26949 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin1/config/update of onekeyadmin v1.3.9 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Onekeyadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-24736 CRITICAL POC Act Now

PMB v7.4.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /sauvegarde/restaure_act.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Pmb
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-24734 CRITICAL POC THREAT Act Now

An arbitrary file upload vulnerability in the camera_upload.php component of PMB v7.4.6 allows attackers to execute arbitrary code via a crafted image file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free File Upload RCE Memory Corruption PHP +1
NVD GitHub
CVSS 3.1
9.8
EPSS
20.7%
CVE-2023-24776 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a remote code execution (RCE) vulnerability via the component \controller\Addon.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-24217 HIGH POC This Week

AgileBio Electronic Lab Notebook v4.234 was discovered to contain a local file inclusion vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure Electronic Lab Notebook
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.5%
CVE-2023-24763 HIGH POC This Week

In the module "Xen Forum" (xenforum) for PrestaShop, an authenticated user can perform SQL injection in versions up to 2.13.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xen Forum
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-24789 HIGH POC This Week

jeecg-boot v3.4.4 was discovered to contain an authenticated SQL injection vulnerability via the building block report component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1190 HIGH POC This Week

A vulnerability was found in xiaozhuai imageinfo up to 3.0.3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imageinfo
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26107 HIGH POC This Week

All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Sketchsvg
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26111 HIGH POC This Week

All versions of the package @nubosoftware/node-static; all versions of the package node-static are vulnerable to Directory Traversal due to improper file path sanitization in the startsWith() method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Nubosoftware Node Static Node Static
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-26106 HIGH POC This Week

All versions of the package dot-lens are vulnerable to Prototype Pollution via the set() function in index.js file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Dot Lens
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-1191 HIGH POC This Week

A vulnerability classified as problematic has been found in fastcms. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Fastcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-26054 MEDIUM POC PATCH This Month

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Buildkit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-24737 MEDIUM POC This Month

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pmb
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-24735 MEDIUM POC This Month

PMB v7.4.6 was discovered to contain an open redirect vulnerability via the component /opac_css/pmb.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Pmb
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-24733 MEDIUM POC This Month

PMB v7.4.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the query parameter at /admin/convert/export_z3950_new.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pmb
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-22432 MEDIUM POC PATCH This Month

Open redirect vulnerability exists in web2py versions prior to 2.23.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Web2Py
NVD
CVSS 3.1
6.1
EPSS
2.4%
CVE-2023-0839 CRITICAL Act Now

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Inscada
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-0979 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MedData MedDataPACS allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Meddatapacs
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-22344 CRITICAL Act Now

Use of hard-coded credentials vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to obtain the password of the debug tool and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Rakuraku Pc Cloud Agent Ss1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-22336 CRITICAL Act Now

Path traversal vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to upload a specially crafted file to an arbitrary directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Path Traversal Rakuraku Pc Cloud Agent Ss1
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-22481 MEDIUM POC PATCH This Month

FreshRSS is a self-hosted RSS feed aggregator. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

PHP Authentication Bypass Freshrss
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-1189 MEDIUM POC This Month

A vulnerability was found in WiseCleaner Wise Folder Hider 4.4.3.202. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wise Folder Hider
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1188 MEDIUM POC This Month

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webcam For Remote Desktop
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1187 MEDIUM POC This Month

A vulnerability was found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic.sys of the component Global Variable Handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webcam For Remote Desktop
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1186 MEDIUM POC This Month

A vulnerability has been found in FabulaTech Webcam for Remote Desktop 2.8.42 and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Webcam For Remote Desktop
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1200 MEDIUM POC This Month

A vulnerability was found in ehuacui bbs. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ehuacui Bbs
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-0377 MEDIUM POC This Month

The Scriptless Social Sharing WordPress plugin before 3.2.2 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Scriptless Social Sharing
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-0212 MEDIUM POC This Month

The Advanced Recent Posts WordPress plugin through 0.6.14 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Advanced Recent Posts
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0165 MEDIUM POC This Month

The Cost Calculator WordPress plugin through 1.8 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Cost Calculator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0078 MEDIUM POC This Month

The Resume Builder WordPress plugin through 3.1.1 does not sanitize and escape some parameters related to Resume, which could allow users with a role as low as subscriber to perform Stored XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Resume Builder
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-0069 MEDIUM POC This Month

The WPaudio MP3 Player WordPress plugin through 4.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wpaudio Mp3 Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-0068 MEDIUM POC This Month

The Product GTIN (EAN, UPC, ISBN) for WooCommerce WordPress plugin through 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Gtin Ean Upc Isbn For Woocommerce
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0065 MEDIUM POC This Month

The i2 Pros & Cons WordPress plugin through 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS I2 Pros Cons
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0064 MEDIUM POC This Month

The eVision Responsive Column Layout Shortcodes WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Evision Responsive Column Layout Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0063 MEDIUM POC This Month

The WordPress Shortcodes WordPress plugin through 1.6.36 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Shortcodes
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-26108 MEDIUM POC PATCH This Month

Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nest
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-0093 HIGH This Week

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Advanced Server Access
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-1197 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository uvdesk/community-skeleton prior to 1.1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Community Skeleton
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1185 HIGH This Week

A vulnerability, which was classified as problematic, was found in ECshop up to 4.1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Ecshop
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1184 HIGH This Week

A vulnerability, which was classified as problematic, has been found in ECshop up to 4.1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Ecshop
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0328 MEDIUM POC This Month

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Wpcode
NVD WPScan
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-25304 HIGH This Week

An issue in Prism Launcher up to v6.1 allows attackers to perform a directory traversal via importing a crafted .mrpack file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Prism Launcher
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-22424 HIGH This Week

Use-after-free vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free RCE Information Disclosure Memory Corruption Kostac Plc Programming Software
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22421 HIGH This Week

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Kostac Plc Programming Software
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22419 HIGH This Week

Out-of-bounds read vulnerability exists in Kostac PLC Programming Software (Former name: Koyo PLC Programming Software) Version 1.6.9.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Kostac Plc Programming Software
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27891 HIGH PATCH This Week

rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pretix
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26601 HIGH This Week

Zoho ManageEngine ServiceDesk Plus through 14104, Asset Explorer through 6987, ServiceDesk Plus MSP before 14000, and Support Center Plus before 14000 allow Denial-of-Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Zoho Manageengine Assetexplorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
7.5
EPSS
34.1%
CVE-2023-22335 HIGH This Week

Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Rakuraku Pc Cloud Agent Ss1
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1161 HIGH This Week

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.1
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy