Skip to main content
CVE-2023-27253 HIGH POC PATCH THREAT Act Now

A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Pfsense
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
90.7%
CVE-2023-28115 CRITICAL POC PATCH Act Now

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE PHP Deserialization Snappy
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-1475 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Canteen Management System 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1474 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automatic Question Paper Generator System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1461 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Canteen Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1459 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Canteen Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Canteen Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1454 CRITICAL POC THREAT Act Now

A vulnerability classified as critical has been found in jeecg-boot 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
35.8%
CVE-2023-1441 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Automatic Question Paper Generator System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automatic Question Paper Generator System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1439 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracker System 1.0.php of the component GET Parameter Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Medicine Tracker System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1440 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Automatic Question Paper Generator System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Automatic Question Paper Generator System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1452 HIGH POC This Week

A vulnerability was found in GPAC 2.3-DEV-rev35-gbbca86917-master. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-1449 HIGH POC This Week

A vulnerability has been found in GPAC 2.3-DEV-rev35-gbbca86917-master and classified as problematic. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-1448 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in GPAC 2.3-DEV-rev35-gbbca86917-master. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Gpac
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-1443 HIGH POC This Week

A vulnerability was found in Filseclab Twister Antivirus 8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Twister Antivirus
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-1442 HIGH POC This Week

A vulnerability was found in Meizhou Qingyunke QYKCMS 4.3.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Qykcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-1453 HIGH POC This Week

A vulnerability was found in Watchdog Anti-Virus 1.4.214.0. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Anti Virus
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-1444 MEDIUM POC This Month

A vulnerability was found in Filseclab Twister Antivirus 8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Twister Antivirus
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-28531 CRITICAL Act Now

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSH Authentication Bypass Openssh Brocade Fabric Operating System Hci Bootstrap Os +1
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-1152 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies Persolus allows SQL Injection.03.93. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Persolus
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-28116 CRITICAL PATCH Act Now

Contiki-NG is an open-source, cross-platform operating system for internet of things (IoT) devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Contiki Ng
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27595 CRITICAL PATCH Act Now

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1468 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Student Study Center Desk Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1467 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal PHP Student Study Center Desk Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-1464 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Medicine Tracker System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Medicine Tracker System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1460 CRITICAL Act Now

A vulnerability was found in SourceCodester Online Pizza Ordering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Online Pizza Ordering System
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-1451 MEDIUM POC This Month

A vulnerability was found in MP4v2 2.1.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1450 MEDIUM POC This Month

A vulnerability was found in MP4v2 2.1.2 and classified as problematic.cpp. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1446 MEDIUM POC This Month

A vulnerability classified as problematic was found in Watchdog Anti-Virus 1.4.214.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Anti Virus
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1445 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Filseclab Twister Antivirus 8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Twister Antivirus
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1463 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1471 HIGH This Week

The WP Popup Banners plugin for WordPress is vulnerable to SQL Injection via the 'banner_id' parameter in versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Wp Popup Banners
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-28112 HIGH PATCH This Week

Discourse is an open-source discussion platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-1455 HIGH This Week

A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD VulDB
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-24678 HIGH This Week

A vulnerability in Centralite Pearl Thermostat 0x04075010 allows attackers to cause a Denial of Service (DoS) via a crafted Zigbee message. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Pearl Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-27591 HIGH PATCH This Week

Miniflux is a feed reader. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Miniflux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-28111 HIGH PATCH This Week

Discourse is an open-source discussion platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-27594 HIGH PATCH This Week

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
7.3
EPSS
0.6%
CVE-2023-1472 MEDIUM This Month

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Rapidload Power Up For Autoptimize
NVD VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-1466 MEDIUM This Month

A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Student Study Center Desk Management System
NVD VulDB
CVSS 3.1
6.3
EPSS
0.5%
CVE-2023-26040 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1172 MEDIUM PATCH This Month

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress XSS Bookly
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1447 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Medicine Tracker System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Medicine Tracker System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27593 MEDIUM PATCH This Month

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Cilium
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27592 MEDIUM PATCH This Month

Miniflux is a feed reader. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Miniflux
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-25172 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28107 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-1469 MEDIUM PATCH This Month

The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress XSS Wp Express Checkout
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1470 MEDIUM PATCH This Month

The eCommerce Product Catalog plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 3.3.8 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS Ecommerce Product Catalog
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-0027 MEDIUM This Month

Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Modbus Tcp Server Add On Instructions
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-23622 MEDIUM PATCH This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy