Skip to main content
CVE-2023-26360 HIGH POC KEV PATCH THREAT Act Now

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Adobe Authentication Bypass Coldfusion
NVD
CVSS 3.1
8.6
EPSS
97.3%
CVE-2023-27034 CRITICAL POC PATCH THREAT Act Now

PrestaShop jmsblog 2.5.5 was discovered to contain a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Jms Blog
NVD
CVSS 3.1
9.8
EPSS
58.7%
CVE-2023-1612 CRITICAL POC PATCH Act Now

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Rebuild
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1610 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Rebuild
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1608 CRITICAL POC Act Now

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Crmeb Java
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1606 CRITICAL POC Act Now

A vulnerability was found in novel-plus 3.6.2 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27135 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the enabled parameter at /setting/setWanIeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-27078 CRITICAL POC Act Now

A command injection issue was found in TP-Link MR3020 v.1_150921 that allows a remote attacker to execute arbitrary commands via a crafted request to the tftp endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Command Injection Tl Mr3020 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.5%
CVE-2023-1594 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-1590 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1589 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24655 CRITICAL POC Act Now

Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Profile Update function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simple Customer Relationship Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24788 HIGH POC This Week

NotrinosERP v0.7 was discovered to contain a SQL injection vulnerability via the OrderNumber parameter at /NotrinosERP/sales/customer_delivery.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Notrinoserp
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.1%
CVE-2023-1607 HIGH POC This Week

A vulnerability was found in novel-plus 3.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1605 HIGH POC PATCH This Week

Denial of Service in GitHub repository radareorg/radare2 prior to 5.8.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Radare2
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-27077 HIGH POC This Week

Stack Overflow vulnerability found in 360 D901 allows a remote attacker to cause a Distributed Denial of Service (DDOS) via a crafted HTTP package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service D901 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-27079 HIGH POC This Week

Command Injection vulnerability found in Tenda G103 v.1.0.05 allows an attacker to obtain sensitive information via a crafted package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda G103 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-1595 HIGH POC This Week

A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-23192 HIGH POC This Week

IS Decisions UserLock MFA 11.01 is vulnerable to authentication bypass using scheduled task. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Userlock
NVD GitHub
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-1050 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in As Koc Energy Web Report System allows SQL Injection.03.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Web Report System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-28611 CRITICAL Act Now

Incorrect authorization in OMICRON StationGuard 1.10 through 2.20 and StationScout 1.30 through 2.20 allows an attacker to bypass intended access restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Stationguard Stationscout
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-28333 CRITICAL PATCH Act Now

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Fedora
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-26359 CRITICAL KEV PATCH THREAT Act Now

Adobe ColdFusion versions 2018 Update 15 (and earlier) and 2021 Update 5 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
17.9%
CVE-2023-25655 CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25654 CRITICAL PATCH Act Now

baserCMS is a Content Management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Basercms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-28610 CRITICAL Act Now

The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Stationguard Stationscout
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1592 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester Automatic Question Paper Generator System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Automatic Question Paper Generator System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1591 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Automatic Question Paper Generator System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Automatic Question Paper Generator System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-26496 CRITICAL Act Now

An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos Modem 5300 Firmware Exynos Modem 5123 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
24.3%
CVE-2023-26498 CRITICAL Act Now

An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos Modem 5300 Firmware Exynos Modem 5123 Firmware +3
NVD
CVSS 3.1
9.8
EPSS
24.3%
CVE-2023-27249 MEDIUM POC This Month

swfdump v0.9.2 was discovered to contain a heap buffer overflow in the function swf_GetPlaceObject at swfobject.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Swftools
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1609 MEDIUM POC This Month

A vulnerability was found in Zhong Bang CRMEB Java up to 1.3.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java XSS Crmeb Java
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-26114 CRITICAL PATCH Act Now

Versions of the package code-server before 4.10.1 are vulnerable to Missing Origin Validation in WebSockets handshakes. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Code Server
NVD GitHub
CVSS 3.1
9.3
EPSS
0.3%
CVE-2023-28335 HIGH PATCH This Week

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Moodle
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-28329 HIGH PATCH This Week

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

SQLi Moodle
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-27094 HIGH This Week

An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Hippo4J
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-20055 HIGH This Week

A vulnerability in the management API of Cisco DNA Center could allow an authenticated, remote attacker to elevate privileges in the context of the web-based management interface on an affected. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cisco Catalyst Center
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-1410 MEDIUM POC PATCH This Month

Grafana is an open-source platform for monitoring and observability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Grafana XSS
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2023-20072 HIGH This Week

A vulnerability in the fragmentation handling code of tunnel protocol packets in Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected system to reload, resulting. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Apple Ios Xe
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2023-20027 HIGH This Week

A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Apple Cisco Memory Corruption +1
NVD
CVSS 3.1
8.6
EPSS
1.0%
CVE-2023-20113 HIGH This Week

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco CSRF Sd Wan
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2023-28436 HIGH PATCH This Week

Tailscale is software for using Wireguard and multi-factor authentication (MFA). Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Tailscale
NVD GitHub
CVSS 3.1
8.0
EPSS
0.5%
CVE-2023-24295 HIGH This Week

A stack overfow in SoftMaker Software GmbH FlexiPDF v3.0.3.0 allows attackers to execute arbitrary code after opening a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Flexipdf
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-1252 HIGH This Week

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20065 HIGH This Week

A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Authentication Bypass Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20035 HIGH This Week

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to execute arbitrary commands with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Apple Information Disclosure Ios Xe Sd Wan
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-20029 HIGH This Week

A vulnerability in the Meraki onboarding feature of Cisco IOS XE Software could allow an authenticated, local attacker to gain root level privileges on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Cisco Apple Heap Overflow Ios Xe
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28759 HIGH This Week

An issue was discovered in Veritas NetBackup before 10.0 on Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Netbackup
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26088 HIGH This Week

In Malwarebytes before 4.5.23, a symbolic link may be used delete any arbitrary file on the system by exploiting the local quarantine system. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Malwarebytes
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-20107 HIGH This Week

A vulnerability in the deterministic random bit generator (DRBG), also known as pseudorandom number generator (PRNG), in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Information Disclosure Adaptive Security Appliance Firepower Threat Defense
NVD
CVSS 3.1
7.5
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy