Skip to main content
CVE-2023-0386 HIGH POC KEV PATCH THREAT Act Now

A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Debian Linux H300s Firmware H500s Firmware +5
NVD
CVSS 3.1
7.8
EPSS
7.9%
CVE-2023-27100 CRITICAL POC PATCH Act Now

Improper restriction of excessive authentication attempts in the SSHGuard component of Netgate pfSense Plus software v22.05.1 and pfSense CE software v2.6.0 allows attackers to bypass brute force. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Pfsense Plus Pfsense
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
9.8%
CVE-2023-27060 CRITICAL POC Act Now

LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Lightcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-28667 CRITICAL POC Act Now

The Lead Generated WordPress Plugin, version <= 1.23, was affected by an unauthenticated insecure deserialization issue. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Deserialization Lead Generated
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-28662 CRITICAL POC THREAT Act Now

The Gift Cards (Gift Vouchers and Packages) WordPress Plugin, version <= 4.3.1, is affected by an unauthenticated SQL injection vulnerability in the template parameter in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Gift Vouchers
NVD
CVSS 3.1
9.8
EPSS
42.2%
CVE-2023-27224 CRITICAL POC Act Now

An issue found in NginxProxyManager v.2.9.19 allows an attacker to execute arbitrary code via a lua script to the configuration file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Nginx Proxy Manager
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1571 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in DataGear up to 4.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Datagear
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1566 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Medical Certificate Generator App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-27638 CRITICAL POC Act Now

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Custom Product Designer
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-27637 CRITICAL POC Act Now

An issue was discovered in the tshirtecommerce (aka Custom Product Designer) component 2.1.4 for PrestaShop. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Custom Product Designer
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-1564 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Air Cargo Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Air Cargo Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1563 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1556 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Judging Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27855 CRITICAL POC THREAT Act Now

In affected versions, a path traversal exists when processing a message in Rockwell Automation's ThinManager ThinServer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rockwell Path Traversal Thinmanager
NVD
CVSS 3.1
9.8
EPSS
13.5%
CVE-2023-28725 CRITICAL POC THREAT Act Now

General Bytes Crypto Application Server (CAS) 20230120, as distributed with General Bytes BATM devices, allows remote attackers to execute arbitrary Java code by uploading a Java application to the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java File Upload Crypto Application Server
NVD
CVSS 3.1
9.1
EPSS
20.6%
CVE-2023-28663 HIGH POC This Week

The Formidable PRO2PDF WordPress Plugin, version < 3.11, is affected by an authenticated SQL injection vulnerability in the ‘fieldmap’ parameter in the fpropdf_export_file action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Formidable Pro2Pdf
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28661 HIGH POC This Week

The WP Popup Banners WordPress Plugin, version <= 1.2.5, is affected by an authenticated SQL injection vulnerability in the 'value' parameter in the get_popup_data action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Popup Banners
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28660 HIGH POC This Week

The Events Made Easy WordPress Plugin, version <= 2.3.14 is affected by an authenticated SQL injection vulnerability in the 'search_name' parameter in the eme_recurrences_list action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Events Made Easy
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28659 HIGH POC This Week

The Waiting: One-click Countdowns WordPress Plugin, version <= 0.6.2, is affected by an authenticated SQL injection vulnerability in the pbc_down[meta][id] parameter of the pbc_save_downs action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Waiting
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28434 HIGH POC KEV PATCH THREAT This Week

Minio is a Multi-Cloud Object Storage framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
6.7%
CVE-2023-1578 HIGH POC PATCH THREAT This Week

SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
65.1%
CVE-2023-28432 HIGH POC KEV THREAT This Week

Minio is a Multi-Cloud Object Storage framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Minio
NVD GitHub
CVSS 3.1
7.5
EPSS
84.0%
CVE-2023-1436 HIGH POC PATCH This Week

An infinite recursion is triggered in Jettison when constructing a JSONArray from a Collection that contains a self-reference in one of its elements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Jettison
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1370 HIGH POC PATCH This Week

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Json Smart
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27856 HIGH POC THREAT This Week

In affected versions, path traversal exists when processing a message of type 8 in Rockwell Automation's ThinManager ThinServer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Path Traversal Thinmanager
NVD
CVSS 3.1
7.5
EPSS
76.1%
CVE-2023-1559 HIGH POC This Week

A vulnerability classified as problematic was found in SourceCodester Storage Unit Rental Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Storage Unit Rental Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-27054 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in MiroTalk P2P before commit f535b35 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mirotalk P2P
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1573 MEDIUM POC This Month

A vulnerability was found in DataGear up to 1.11.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Datagear
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-26913 MEDIUM POC This Month

EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ecs Imaging
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1567 MEDIUM POC This Month

A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-1561 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in code-projects Simple Online Hotel Reservation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple Online Hotel Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1558 CRITICAL Act Now

A vulnerability classified as critical has been found in Simple and Beautiful Shopping Cart System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Beautiful Shopping Cart System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1557 CRITICAL Act Now

A vulnerability was found in SourceCodester E-Commerce System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass E Commerce System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-25589 CRITICAL Act Now

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27754 MEDIUM POC This Month

vox2mesh 1.0 has stack-overflow in main.cpp, this is stack-overflow caused by incorrect use of memcpy() funciton. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Vox2Mesh
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-1570 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Tinydng
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1560 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in TinyTIFF 3.0.0.0.c of the component File Handler. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tinytiff
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-28666 MEDIUM POC This Month

The InPost Gallery WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'imgurl' parameter to the add_inpost_gallery_slide_item action, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Inpost Gallery
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28665 MEDIUM POC This Month

The Woo Bulk Price Update WordPress plugin, in versions < 2.2.2, is affected by a reflected cross-site scripting vulnerability in the 'page' parameter to the techno_get_products action, which can. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bulk Price Update For Woocommerce
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-28664 MEDIUM POC This Month

The Meta Data and Taxonomies Filter WordPress plugin, in versions < 1.3.1, is affected by a reflected cross-site scripting vulnerability in the 'tax_name' parameter of the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wordpress Meta Data And Taxonomies Filter
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1569 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester E-Commerce System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Commerce System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1568 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Student Study Center Desk Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1572 MEDIUM POC PATCH This Month

A vulnerability has been found in DataGear up to 1.11.1 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Datagear
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1565 MEDIUM POC This Month

A vulnerability was found in FeiFeiCMS 2.7.130201. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Feifeicms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28433 HIGH PATCH This Week

Minio is a Multi-Cloud Object Storage framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Microsoft Minio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-25924 HIGH PATCH This Week

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1 could allow an authenticated user to perform actions that they should not have access to due to improper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Security Key Lifecycle Manager
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-25594 HIGH This Week

A vulnerability in the web-based management interface of ClearPass Policy Manager allows an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Clearpass Policy Manager
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25069 HIGH This Week

TXOne StellarOne has an improper access control privilege escalation vulnerability in every version before V2.0.1160 that could allow a malicious, falsely authenticated user to escalate his. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Txone Stellarone
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-1168 HIGH This Week

An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Command Injection Arubaos Cx
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28438 HIGH PATCH This Week

Pimcore is an open source data and experience management platform. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

CSRF SQLi Pimcore
NVD GitHub
CVSS 3.1
8.0
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy