Skip to main content
CVE-2023-28110 CRITICAL POC PATCH Act Now

Jumpserver is a popular open source bastion host, and Koko is a Jumpserver component that is the Go version of coco, refactoring coco's SSH/SFTP service and Web Terminal service. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Kubernetes Command Injection Jumpserver Koko
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-27041 CRITICAL POC Act Now

School Registration and Fee System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at/bilal final/edit_user.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Registration And Fee System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27040 CRITICAL POC Act Now

Simple Image Gallery v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Simple Image Gallery Web App
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-27250 CRITICAL POC Act Now

Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Book Store Project
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25280 CRITICAL POC KEV THREAT Act Now

OS Command injection vulnerability in D-Link DIR820LA1_FW105B03 allows attackers to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 820L Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
98.1%
CVE-2023-27037 HIGH POC This Week

Qibosoft QiboCMS v7 was discovered to contain a remote code execution (RCE) vulnerability via the Get_Title function at label_set_rs.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Qibocms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-24760 HIGH POC This Week

An issue found in Ofcms v.1.1.4 allows a remote attacker to to escalate privileges via the respwd method in SysUserController. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ofcms
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27789 HIGH POC PATCH This Week

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tcpreplay
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-27788 HIGH POC This Week

An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tcpreplay
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-27787 HIGH POC This Week

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse_list function at the list.c:81 endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Tcpreplay
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-27786 HIGH POC PATCH This Week

An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the macinstring function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Tcpreplay
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-27785 HIGH POC This Week

An issue found in TCPreplay TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the parse endpoints function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Tcpreplay
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-27784 HIGH POC This Week

An issue found in TCPReplay v.4.4.3 allows a remote attacker to cause a denial of service via the read_hexstring function at the utils.c:309 endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Tcpreplay
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-27783 HIGH POC PATCH This Week

An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tcpreplay
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-26768 HIGH POC PATCH This Week

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the compileTranslationTable.c and lou_setDataPath functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Liblouis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-26767 HIGH POC PATCH This Week

Buffer Overflow vulnerability found in Liblouis v.3.24.0 allows a remote attacker to cause a denial of service via the lou_logFile function at logginc.c endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Denial Of Service Liblouis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-25281 HIGH POC This Week

A stack overflow vulnerability exists in pingV4Msg component in D-Link DIR820LA1_FW105B03, allows attackers to cause a denial of service via the nextPage parameter to ping.ccp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Denial Of Service Dir 820L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27709 HIGH POC This Week

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dedestory_catalog.php endpoint. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Dedecms
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-27707 HIGH POC This Week

SQL injection vulnerability found in DedeCMS v.5.7.106 allows a remote attacker to execute arbitrary code via the rank_* parameter in the /dede/group_store.php endpoint. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Dedecms
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-1433 HIGH POC This Week

A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Gadget Works Online Ordering System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-27095 MEDIUM POC This Month

Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Hippo4J
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28155 MEDIUM POC PATCH This Month

The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS, or HTTPS to HTTP). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js SSRF Request
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28113 MEDIUM POC PATCH This Month

russh is a Rust SSH client and server library. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Russh
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-21459 CRITICAL Act Now

Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-0598 CRITICAL Act Now

GE Digital Proficy iFIX 2022, GE Digital Proficy iFIX v6.1, and GE Digital Proficy iFIX v6.5 are vulnerable to code injection, which may allow an attacker to insert malicious configuration files in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Ifix
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1256 CRITICAL Act Now

The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper authorization exploit which could allow an unauthenticated user to remotely read data, cause denial. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aveva Plant Scada Telemetry Server
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26784 CRITICAL Act Now

SQL Injection vulnerability found in Kirin Fortress Machine v.1.7-2020-0610 allows attackers to execute arbitrary code via the /admin.php?controller=admin_commonuser parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP SQLi Kirin Fortress Machine
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-24795 CRITICAL Act Now

Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Jhr N916R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-23150 CRITICAL Act Now

SA-WR915ND router firmware v17.35.1 was discovered to be vulnerable to code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sa Wr915Nd Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27059 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the Edit Group function of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Group. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1429 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27084 MEDIUM POC This Month

Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. Rated medium severity (CVSS 5.3). Public exploit code available and no vendor patch available.

Information Disclosure Dreamer Cms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-21455 CRITICAL Act Now

Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Exynos Firmware
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-0811 CRITICAL Act Now

Omron CJ1M unit v4.0 and prior has improper access controls on the memory region where the UM password is stored. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sysmac Cj2H Cpu64 Firmware Sysmac Cj2H Cpu64 Eip Firmware Sysmac Cj2H Cpu65 Firmware Sysmac Cj2H Cpu65 Eip Firmware +124
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-28106 MEDIUM POC PATCH This Month

Pimcore is an open source data and experience management platform. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-28105 HIGH PATCH This Week

go-used-util has commonly used utility functions for Go. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Go Huge Util
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-27711 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via the Comment Manager /admin/manage-comments.php component. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Typecho
NVD GitHub
CVSS 3.1
4.8
EPSS
0.7%
CVE-2023-27131 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code viathe Post Editorparameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Typecho
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-27130 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability found in Typecho v.1.2.0 allows a remote attacker to execute arbitrary code via an arbitrarily supplied URL parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE XSS Typecho
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-21457 HIGH This Week

Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2023-22883 HIGH This Week

Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meetings
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28108 HIGH PATCH This Week

Pimcore is an open source data and experience management platform. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Pimcore
NVD GitHub
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-24671 HIGH This Week

VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Vx Search
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26769 HIGH PATCH This Week

Buffer Overflow vulnerability found in Liblouis Lou_Trace v.3.24.0 allows a remote attacker to cause a denial of service via the resolveSubtable function at compileTranslationTabel.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Denial Of Service Buffer Overflow Liblouis
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-22882 HIGH This Week

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zoom
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22881 HIGH This Week

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Zoom
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22880 HIGH This Week

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1390 HIGH PATCH This Week

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.5
EPSS
5.1%
CVE-2023-28104 HIGH PATCH This Week

`silverstripe/graphql` serves Silverstripe data as GraphQL representations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Graphql
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27875 HIGH PATCH This Week

IBM Aspera Faspex 5.0.4 could allow a user to change other user's credentials due to improper access controls. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy