Skip to main content
CVE-2023-1283 CRITICAL POC PATCH Act Now

Code injection in Qwik framework before 0.21.0. PoC and patch available.

Code Injection Qwik
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-27482 CRITICAL POC THREAT Act Now

homeassistant is an open source home automation tool. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Authentication Bypass Docker Home Assistant Supervisor
NVD GitHub
CVSS 3.1
10.0
EPSS
72.0%
CVE-2023-24777 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24782 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26922 CRITICAL POC Act Now

SQL injection vulnerability found in Varisicte matrix-gui v.2 allows a remote attacker to execute arbitrary code via the shell_exect parameter to the \www\pages\matrix-gui-2.0 endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Matrix Gui
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-24773 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/database/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-25395 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 router was discovered to contain a command injection vulnerability via the ou parameter at /setting/delStaticDhcpRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-1269 CRITICAL POC PATCH Act Now

Use of Hard-coded Credentials in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Easyappointments
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24780 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the id parameter at /databases/table/columns. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27486 HIGH POC PATCH This Week

xCAT is a toolkit for deployment and administration of computer clusters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xcat
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-27088 HIGH POC This Week

feiqu-opensource Background Vertical authorization vulnerability exists in IndexController.java. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Feiqu Opensource
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-1277 HIGH POC This Week

A vulnerability, which was classified as critical, was found in kylin-system-updater up to 1.4.20kord on Ubuntu Kylin. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Ubuntu Command Injection Kylin System Updater
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
1.8%
CVE-2023-26956 HIGH POC This Week

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/curd/code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Onekeyadmin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1276 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SUL1SS_shop.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sul1Ss Shop
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-1278 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in IBOS up to 4.5.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ibos
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1275 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Phone Shop Sales Managements System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phone Shop Sales Managements System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24657 MEDIUM POC This Month

phpipam v1.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the closeClass parameter at /subnet-masks/popup.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpipam
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
3.9%
CVE-2023-26489 CRITICAL PATCH Act Now

wasmtime is a fast and secure runtime for WebAssembly. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Cranelift Codegen Wasmtime
NVD GitHub
CVSS 3.1
9.9
EPSS
1.3%
CVE-2023-1267 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ulkem Company PtteM Kart.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Pttem Kart
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-22889 CRITICAL Act Now

SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Zephyr Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-26261 CRITICAL Act Now

In UBIKA WAAP Gateway/Cloud through 6.10, a blind XPath injection leads to an authentication bypass by stealing the session of another connected user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Waap Cloud Waap Gateway
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23638 CRITICAL PATCH Act Now

A deserialization vulnerability existed when dubbo generic invoke, which could lead to malicious code execution.7.x version 2.7.21 and prior versions; Apache Dubbo 3.0.x version 3.0.13 and prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache RCE Deserialization Dubbo
NVD
CVSS 3.1
9.8
EPSS
4.8%
CVE-2023-0090 CRITICAL Act Now

The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Enterprise Protection
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24282 MEDIUM POC This Month

An arbitrary file upload vulnerability in Poly Trio 8800 7.2.2.1094 allows attackers to execute arbitrary code via a crafted ringtone file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE File Upload Trio 8800 Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-26952 MEDIUM POC This Month

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Menu module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onekeyadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1270 MEDIUM POC PATCH This Month

Cross-site Scripting in GitHub repository btcpayserver/btcpayserver prior to 1.8.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Btcpayserver
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26950 MEDIUM POC This Month

onekeyadmin v1.3.9 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Title parameter under the Adding Categories module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onekeyadmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-23760 HIGH This Week

A path traversal vulnerability was identified in GitHub Enterprise Server that allowed remote code execution when building a GitHub Pages site. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-0089 HIGH This Week

The webutils in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows an authenticated user to execute remote code through 'eval injection'. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Enterprise Protection
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22891 HIGH This Week

There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Zephyr Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-0030 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s nouveau driver in how a user triggers a memory overflow that causes the nvkm_vma_tail function to fail. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22892 HIGH This Week

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22890 HIGH This Week

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Zephyr Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24533 HIGH PATCH This Week

Multiplication of certain unreduced P-256 scalars produce incorrect results. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nistec
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27476 HIGH PATCH This Week

OWSLib is a Python package for client programming with Open Geospatial Consortium (OGC) web service interface standards, and their related content models. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Python XXE Owslib
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-24532 MEDIUM PATCH This Month

The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Go
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-27477 MEDIUM PATCH This Month

wasmtime is a fast and secure runtime for WebAssembly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Cranelift Codegen Wasmtime
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy