Skip to main content
CVE-2023-1301 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Friendly Island Pizza Website And Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1300 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester COVID 19 Testing Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Testing Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27214 CRITICAL POC Act Now

Online Student Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the fromdate and todate parameters at /eduauth/student/between-date-reprtsdetails.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Student Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27213 CRITICAL POC Act Now

Online Student Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /eduauth/student/search.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Student Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27210 CRITICAL POC Act Now

Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/view_order.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27207 CRITICAL POC Act Now

Online Pizza Ordering System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/manage_user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27205 CRITICAL POC Act Now

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /kruxton/sales_report.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Pos Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27204 CRITICAL POC Act Now

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/manage_user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Pos Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27203 CRITICAL POC Act Now

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /billing/home.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Pos Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27202 CRITICAL POC Act Now

Best POS Management System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /kruxton/receipt.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Pos Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1294 CRITICAL POC Act Now

A vulnerability was found in SourceCodester File Tracker Manager System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi File Tracker Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1292 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Sales Tracker Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales Tracker Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1291 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Sales Tracker Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales Tracker Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1290 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Sales Tracker Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sales Tracker Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-26110 CRITICAL POC Act Now

All versions of the package node-bluetooth are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Node Bluetooth
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26109 CRITICAL POC Act Now

All versions of the package node-bluetooth-serial-port are vulnerable to Buffer Overflow via the findSerialPortChannel method due to improper user input length validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Node Bluetooth Serial Port
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26957 CRITICAL POC Act Now

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the component \admin\controller\plugins. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Onekeyadmin
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-27490 HIGH POC PATCH This Week

NextAuth.js is an open source authentication solution for Next.js applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Next Auth
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25573 HIGH POC THREAT This Week

metersphere is an open source continuous testing platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
CVSS 3.1
7.5
EPSS
49.9%
CVE-2023-26948 HIGH POC This Week

onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the component /admin1/file/download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Onekeyadmin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-27974 HIGH POC This Week

Bitwarden through 2023.2.1 offers password auto-fill when the second-level domain matches, e.g., a password stored for an example.com hosting provider when customer-website.example.com is visited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitwarden
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25814 MEDIUM POC This Month

metersphere is an open source continuous testing platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Metersphere
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-1302 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester File Tracker Manager System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS File Tracker Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27212 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /php-opos/signup.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Pizza Ordering System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-27211 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /admin/navbar.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Pizza Ordering System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27208 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /php-opos/login.php of Online Pizza Ordering System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Pizza Ordering System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-27206 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best Pos Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1251 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Akinsoft Wolvox.02.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Wolvox
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-1303 CRITICAL Act Now

A vulnerability was found in UCMS 1.6 and classified as critical.php of the component System File Management Module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Ucms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1287 CRITICAL Act Now

An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Enovia Live Collaboration
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-1286 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.19. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1293 HIGH This Week

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0 and classified as critical.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-0623 HIGH This Week

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cscape Envision Rv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0622 HIGH This Week

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Cscape Envision Rv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0621 HIGH This Week

Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Cscape Envision Rv
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27986 HIGH PATCH This Week

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to Emacs Lisp code injections through a crafted mailto: URI with unescaped double-quote characters. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Code Injection Emacs
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-27985 HIGH PATCH This Week

emacsclient-mail.desktop in Emacs 28.1 through 28.2 is vulnerable to shell command injections through a crafted mailto: URI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Emacs
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-20049 HIGH This Week

A vulnerability in the bidirectional forwarding detection (BFD) hardware offload feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers, ASR 9902 Compact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xr
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27483 HIGH PATCH This Week

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Kubernetes Information Disclosure Crossplane Runtime
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1288 HIGH This Week

An XML External Entity injection (XXE) vulnerability in ENOVIA Live Collaboration V6R2013xE allows an attacker to read local files on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Enovia Live Collaboration
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0845 MEDIUM PATCH This Month

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference HashiCorp Consul
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-0050 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
92.4%
CVE-2023-1072 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-0223 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-26209 MEDIUM This Month

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiDeceptor 3.1.x and before allows a remote unauthenticated attacker to partially exhaust CPU and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortideceptor
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2023-26208 MEDIUM This Month

A improper restriction of excessive authentication attempts vulnerability [CWE-307] in Fortinet FortiAuthenticator 6.4.x and before allows a remote unauthenticated attacker to partially exhaust CPU. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Information Disclosure Fortiauthenticator
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2023-27484 MEDIUM PATCH This Month

crossplane-runtime is a set of go libraries used to build Kubernetes controllers in Crossplane and its related stacks. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Information Disclosure Crossplane
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-20064 MEDIUM This Month

A vulnerability in the GRand Unified Bootloader (GRUB) for Cisco IOS XR Software could allow an unauthenticated attacker with physical access to the device to view sensitive files on the console. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass Ios Xr
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-0483 LOW Monitor

An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
3.8
EPSS
0.6%
CVE-2023-1084 LOW Monitor

An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy