Skip to main content
CVE-2023-28343 CRITICAL POC THREAT Act Now

OS command injection affects Altenergy Power Control Software C1.2.5 via shell metacharacters in the index.php/management/set_timezone timezone parameter, because of set_timezone in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Energy Communication Unit Firmware
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
85.3%
CVE-2023-1394 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Graduate Tracer System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Graduate Tracer System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1392 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Online Pizza Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25206 HIGH POC This Week

PrestaShop ws_productreviews < 3.6.2 is vulnerable to SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Advanced Reviews
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1398 HIGH POC This Week

A vulnerability classified as critical was found in XiaoBingBy TeaCMS 2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Teacms
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24892 HIGH POC PATCH This Week

Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Microsoft Open Redirect Edge Chromium
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
3.5%
CVE-2023-23410 HIGH POC PATCH This Week

Windows HTTP.sys Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
7.8
EPSS
8.0%
CVE-2023-23399 HIGH POC PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Buffer Overflow Information Disclosure Microsoft 365 Apps +5
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.5%
CVE-2023-26262 HIGH POC This Week

An issue was discovered in Sitecore XP/XM 10.3. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Experience Manager Experience Platform
NVD GitHub
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-28144 HIGH POC This Week

KDAB Hotspot 1.3.x and 1.4.x through 1.4.1, in a non-default configuration, allows privilege escalation because of race conditions involving symlinks and elevate_perf_privileges.sh chown calls. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Privilege Escalation Hotspot
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-27589 MEDIUM POC This Month

Minio is a Multi-Cloud Object Storage framework. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Minio
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-24180 MEDIUM POC This Month

Libelfin v0.3 was discovered to contain an integer overflow in the load function at elf/mmap_loader.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Libelfin
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1397 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Online Student Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Student Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1396 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Tours Travels Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1395 MEDIUM POC This Month

A vulnerability was found in SourceCodester Yoga Class Registration System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Yoga Class Registration System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24279 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onos
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1327 CRITICAL Act Now

Netgear RAX30 (AX2400), prior to version 1.0.6.74, was affected by an authentication bypass vulnerability, allowing an unauthenticated attacker to gain administrative access to the device's web. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Authentication Bypass Rax30 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26511 CRITICAL Act Now

A Hard Coded Admin Credentials issue in the Web-UI Admin Panel in Propius MachineSelector 6.6.0 and 6.6.1 allows remote attackers to gain access to the admin panel Propiusadmin.php, which allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Machineselector
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23415 CRITICAL PATCH Act Now

Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Windows 10 1507 Windows 10 1607 +11
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2023-23397 CRITICAL KEV PATCH THREAT Act Now

Microsoft Outlook Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft 365 Apps Office Office Long Term Servicing Channel +1
NVD
CVSS 3.1
9.8
EPSS
97.4%
CVE-2023-23392 CRITICAL PATCH Act Now

HTTP Protocol Stack Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Windows 11 21H2 Windows 11 22h2 +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-21708 CRITICAL PATCH Act Now

Remote Procedure Call Runtime Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow RCE Windows 10 1507 Windows 10 1607 Windows 10 1809 +10
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-27074 CRITICAL Act Now

BP Monitoring Management System v1.0 was discovered to contain a SQL injection vulnerability via the emailid parameter in the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Bp Monitoring Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1391 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27501 CRITICAL Act Now

SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker to exploit insufficient validation of path information. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Application Server Abap
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2023-27269 CRITICAL Act Now

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker with non-administrative authorizations. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Path Traversal Netweaver Application Server Abap
NVD
CVSS 3.1
9.6
EPSS
1.0%
CVE-2023-27070 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openplatform
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-27069 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TotalJS OpenPlatform commit b80b09d allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the account name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openplatform
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28339 HIGH This Week

OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Linux Opendoas
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-24913 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-24909 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-24907 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-24876 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-24872 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Microsoft Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-24871 HIGH PATCH This Week

Windows Bluetooth Service Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Microsoft Windows 10 20H2 Windows 10 21h2 +4
NVD
CVSS 3.1
8.8
EPSS
3.2%
CVE-2023-24868 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-24867 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-24864 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Integer Overflow Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 +10
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-23413 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

RCE Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +9
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-23406 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-23403 HIGH PATCH This Week

Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow Windows 10 1507 +11
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-23388 HIGH PATCH This Week

Windows Bluetooth Driver Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 1507 Windows 10 1607 Windows 10 1809 +8
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-1299 HIGH PATCH This Week

HashiCorp Nomad and Nomad Enterprise 1.5.0 allow a job submitter to escalate to management-level privileges using workload identity and task API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Nomad
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-27463 HIGH This Week

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.3). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Ruggedcom Crossbow
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27310 HIGH This Week

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ruggedcom Crossbow
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-27309 HIGH This Week

A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.2). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ruggedcom Crossbow
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-27893 HIGH This Week

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP RCE Code Injection Solution Manager
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-25617 HIGH This Week

SAP Business Object (Adaptive Job Server) - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Java Command Injection Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-25616 HIGH This Week

In some scenario, SAP Business Objects Business Intelligence Platform (CMC) - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Code Injection Business Objects Business Intelligence Platform
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-23857 HIGH This Week

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Java Authentication Bypass Netweaver Application Server For Java
NVD
CVSS 3.1
8.6
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy