Skip to main content
CVE-2023-25344 CRITICAL POC Act Now

An issue was discovered in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to execute arbitrary code via crafted Object.prototype anonymous function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Swig Templates Swig
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-1416 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Simple Art Gallery 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Art Gallery
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1379 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Friendly Island Pizza Website And Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24726 CRITICAL POC Act Now

Art Gallery Management System v1.0 was discovered to contain a SQL injection vulnerability via the viewid parameter on the enquiry page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Art Gallery Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-27240 CRITICAL POC Act Now

Tenda AX3 V16.03.12.11 was discovered to contain a command injection vulnerability via the lanip parameter at /goform/AdvSetLanip. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-27239 CRITICAL POC Act Now

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27757 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the /admin/user/uploadImg component of PerfreeBlog v3.1.1 allows attackers to execute arbitrary code via a crafted JPG file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Perfreeblog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1389 HIGH POC KEV THREAT This Week

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Archer Ax21 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
100.0%
CVE-2023-25267 HIGH POC This Week

An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Kerio Connect
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1415 HIGH POC This Week

A vulnerability was found in Simple Art Gallery 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Art Gallery
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-27103 HIGH POC This Week

Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-24732 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gender parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24731 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24730 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the company parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24729 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the address parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24728 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the contact parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24229 HIGH POC This Week

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor2960 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
6.7%
CVE-2023-27781 HIGH POC This Week

jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jpegoptim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25345 HIGH POC This Week

Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Swig Templates Swig
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1407 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Study Center Desk Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-27235 HIGH POC This Week

An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Jizhicms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-25282 MEDIUM POC This Month

A heap overflow vulnerability in D-Link DIR820LA1_FW106B02 allows attackers to cause a denial of service via the config.log_to_syslog and log_opt_dropPackets parameters to mydlink_api.ccp. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Denial Of Service Dir 820L Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-27102 MEDIUM POC This Month

Libde265 v1.0.11 was discovered to contain a segmentation violation via the function decoder_context::process_slice_segment_header at decctx.cc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libde265
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-27234 MEDIUM POC This Month

A Cross-Site Request Forgery (CSRF) in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Jizhicms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1418 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Friendly Island Pizza Website and Ordering System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Friendly Island Pizza Website And Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-28461 CRITICAL KEV THREAT Act Now

Array Networks Array AG Series and vxAG (9.4.0.481 and earlier) allow remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Arrayos Ag
NVD
CVSS 3.1
9.8
EPSS
67.6%
CVE-2023-24468 CRITICAL Act Now

Broken access control in Advanced Authentication versions prior to 6.4.1.1 and 6.3.7.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Netiq Advanced Authentication
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28371 CRITICAL PATCH Act Now

In Stellarium through 1.2, attackers can write to files that are typically unintended, such as ones with absolute pathnames or .. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Stellarium
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-25804 MEDIUM POC This Month

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Path Traversal Nginx Roxy Wi
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-28337 HIGH This Week

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear File Upload Rax30 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-26912 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in xenv S-mall-ssm thru commit 3d9e77f7d80289a30f67aaba1ae73e375d33ef71 on Feb 17, 2020, allows local attackers to execute arbitrary code via the evaluate. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS S Mall Ssm
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26284 HIGH This Week

IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Mq Certified Container
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0100 HIGH PATCH This Week

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Business Intelligence And Reporting Tools
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25968 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal - Private user pages and login plugin <= 1.1.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Client Portal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25709 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Locatoraid
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25708 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR - 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Vr
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26484 HIGH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Authentication Bypass Kubevirt
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-28338 HIGH This Week

Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service Rax30 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28099 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-28098 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-28097 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-28096 HIGH PATCH This Week

OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-28095 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27601 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27600 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-28450 HIGH This Week

An issue was discovered in Dnsmasq before 2.90. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dnsmasq
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-27599 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27598 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27597 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27596 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy