Skip to main content
CVE-2023-24774 CRITICAL POC Act Now

Funadmin v3.2.0 was discovered to contain a SQL injection vulnerability via the selectFields parameter at \controller\auth\Auth.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Funadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1311 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Friendly Island Pizza Website And Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1310 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1309 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1308 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1307 CRITICAL POC PATCH Act Now

Authentication Bypass by Primary Weakness in GitHub repository froxlor/froxlor prior to 2.0.13. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Froxlor
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-23328 HIGH POC This Week

A File Upload vulnerability exists in AvantFAX 3.3.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Avantfax
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-1313 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository cockpit-hq/cockpit prior to 2.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Cockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-27117 HIGH POC This Week

WebAssembly v1.0.29 was discovered to contain a heap overflow via the component component wabt::Node::operator. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Webassembly
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27161 HIGH POC This Week

Jellyfin up to v10.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /Repositories. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Jellyfin
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1328 HIGH POC This Week

A vulnerability was found in Guizhou 115cms 4.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload 115Cms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2022-48111 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the check_login function of SIPE s.r.l WI400 between version 8 and 11 included allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wi400
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-1320 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1091 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alpata Licensed Warehousing Automation System allows Command Line Execution through SQL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Licensed Warehousing Automation System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1198 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saysis Starcities allows SQL Injection.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Starcities
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-25143 CRITICAL Act Now

An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Trend Micro Apex One
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-27853 CRITICAL Act Now

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a format string vulnerability in a SOAP service that could allow an attacker to execute arbitrary code on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear Rax30 Firmware
NVD
CVSS 3.1
9.8
EPSS
19.7%
CVE-2023-27852 CRITICAL Act Now

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a buffer overflow vulnerability in various CGI mechanisms that could allow an attacker to execute arbitrary code on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear Rax30 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-26075 CRITICAL Act Now

An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos 850 Firmware Exynos 980 Firmware Exynos 1080 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1322 CRITICAL Act Now

A vulnerability was found in lmxcms 1.41 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Lmxcms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1321 CRITICAL Act Now

A vulnerability has been found in lmxcms 1.41 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Lmxcms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-27905 CRITICAL PATCH Act Now

Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS Update Center2
NVD
CVSS 3.1
9.6
EPSS
1.5%
CVE-2023-27898 CRITICAL PATCH Act Now

Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XSS
NVD
CVSS 3.1
9.6
EPSS
1.8%
CVE-2023-23326 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in AvantFAX 3.3.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Avantfax
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-27119 MEDIUM POC This Month

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::Decompiler::WrapChild. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wabt
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27116 MEDIUM POC This Month

WebAssembly v1.0.29 discovered to contain an abort in CWriter::MangleType. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webassembly
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27115 MEDIUM POC This Month

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webassembly
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-27114 MEDIUM POC This Month

radare2 v5.8.3 was discovered to contain a segmentation fault via the component wasm_dis at p/wasm/wasm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Radare2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1318 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-1317 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-1316 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1315 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-23327 MEDIUM POC This Month

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Avantfax
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-27164 MEDIUM POC This Month

An arbitrary file upload vulnerability in Halo up to v1.6.1 allows attackers to execute arbitrary code via a crafted .md file. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Halo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-27851 HIGH This Week

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 contains a file sharing mechanism that unintentionally allows users with upload permissions to execute arbitrary code on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear RCE Rax30 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1205 HIGH This Week

NETGEAR Nighthawk WiFi6 Router prior to V1.0.10.94 is vulnerable to cross-site request forgery attacks on all endpoints due to improperly implemented CSRF protections. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear CSRF Rax30 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-1319 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository osticket/osticket prior to v1.16.6. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Osticket
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1312 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-25148 HIGH This Week

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25146 HIGH This Week

A security agent link following vulnerability in the Trend Micro Apex One agent could allow a local attacker to quarantine a file, delete the original folder and replace with a junction to an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25145 HIGH This Week

A link following vulnerability in the scanning function of Trend Micro Apex One agent could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25144 HIGH This Week

An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22436 HIGH This Week

The kernel subsystem function check_permission_for_set_tokenid within OpenHarmony-v3.1.5 and prior versions has an UAF vulnerability which local attackers can exploit this vulnerability to escalate. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-1246 HIGH This Week

Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows Collect Data from Common Resource Locations.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Starcities
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-27532 HIGH KEV THREAT This Week

Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Veeam Backup Replication
NVD
CVSS 3.1
7.5
EPSS
77.6%
CVE-2023-27530 HIGH PATCH This Week

A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Rack Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-23911 HIGH This Week

An improper access control vulnerability exists prior to v6 that could allow an attacker to break the E2E encryption of a chat room by a user changing the group key of a chat room. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rocket Chat
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-27901 HIGH PATCH This Week

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Jenkins Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27900 HIGH PATCH This Week

Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Jenkins Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26464 HIGH PATCH This Week

** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Deserialization Log4J
NVD
CVSS 3.1
7.5
EPSS
1.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy