Skip to main content
CVE-2023-1389 HIGH POC KEV THREAT This Week

TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 Build 20230219 contained a command injection vulnerability in the country form of the /cgi-bin/luci;stok=/locale endpoint on the web. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Archer Ax21 Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
100.0%
CVE-2023-25267 HIGH POC This Week

An issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Kerio Connect
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1415 HIGH POC This Week

A vulnerability was found in Simple Art Gallery 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Simple Art Gallery
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-27103 HIGH POC This Week

Libde265 v1.0.11 was discovered to contain a heap buffer overflow via the function derive_collocated_motion_vectors at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-24732 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gender parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24731 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24730 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the company parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24729 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the address parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24728 HIGH POC This Week

Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the contact parameter in the user profile update function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-24229 HIGH POC This Week

DrayTek Vigor2960 v1.5.1.4 allows an authenticated attacker with network access to the web management interface to inject operating system commands via the mainfunction.cgi 'parameter' parameter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vigor2960 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
6.7%
CVE-2023-27781 HIGH POC This Week

jpegoptim v1.5.2 was discovered to contain a heap overflow in the optimize function at jpegoptim.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jpegoptim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25345 HIGH POC This Week

Directory traversal vulnerability in swig-templates thru 2.0.4 and swig thru 1.4.2, allows attackers to read arbitrary files via the include or extends tags. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Swig Templates Swig
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1407 HIGH POC This Week

A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Study Center Desk Management System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-27235 HIGH POC This Week

An arbitrary file upload vulnerability in the \admin\c\CommonController.php component of Jizhicms v2.4.5 allows attackers to execute arbitrary code via a crafted phtml file. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Jizhicms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-28337 HIGH This Week

When uploading a firmware image to a Netgear Nighthawk Wifi6 Router (RAX30), a hidden “forceFWUpdate” parameter may be provided to force the upgrade to complete and bypass certain validation checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear File Upload Rax30 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-26284 HIGH This Week

IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Mq Certified Container
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0100 HIGH PATCH This Week

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure Business Intelligence And Reporting Tools
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25968 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal - Private user pages and login plugin <= 1.1.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Client Portal
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25709 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Locatoraid
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25708 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR - 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Vr
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26484 HIGH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable. No vendor patch available.

Kubernetes Authentication Bypass Kubevirt
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-28338 HIGH This Week

Any request send to a Netgear Nighthawk Wifi6 Router (RAX30)'s web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Netgear Denial Of Service Rax30 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28099 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-28098 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-28097 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Information Disclosure Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-28096 HIGH PATCH This Week

OpenSIPS, a Session Initiation Protocol (SIP) server implementation, has a memory leak starting in the 2.3 branch and priot to versions 3.1.8 and 3.2.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-28095 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27601 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27600 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-28450 HIGH This Week

An issue was discovered in Dnsmasq before 2.90. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dnsmasq
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-27599 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27598 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27597 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27596 HIGH PATCH This Week

OpenSIPS is a Session Initiation Protocol (SIP) server implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Opensips
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-28460 HIGH This Week

A command injection vulnerability was discovered in Array Networks APV products. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Array Os
NVD
CVSS 3.1
7.2
EPSS
1.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy