Skip to main content
CVE-2023-27232 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the wanStrategy parameter at /setting/setWanIeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-27231 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the downBw parameter at /setting/setWanIeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-27229 CRITICAL POC Act Now

TOTOlink A7100RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the upBw parameter at /setting/setWanIeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-1675 CRITICAL POC Act Now

A vulnerability was found in SourceCodester School Registration and Fee System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Registration And Fee System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1674 CRITICAL POC Act Now

A vulnerability was found in SourceCodester School Registration and Fee System 1.0 and classified as critical.php of the component POST Parameter Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi School Registration And Fee System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27821 CRITICAL POC Act Now

Databasir v1.0.7 was discovered to contain a remote code execution (RCE) vulnerability via the mockDataScript parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Databasir
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-28637 HIGH POC This Week

DataEase is an open source data visualization analysis tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Dataease
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-27701 HIGH POC This Week

MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /database/sqldel.html. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Muyucms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-27700 HIGH POC This Week

MuYuCMS v2.2 was discovered to contain an arbitrary file deletion vulnerability via the component /accessory/picdel.html. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Muyucms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-1676 HIGH POC This Week

A vulnerability was found in DriverGenius 9.70.0.346. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Drivergenius
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25262 HIGH POC This Week

Stimulsoft GmbH Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Server Side Request Forgery (SSRF). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Designer
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-25260 HIGH POC This Week

Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Path Traversal Designer
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1681 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in Xunrui CMS 4.61. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Xunruicms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-26923 HIGH POC This Week

Musescore 3.0 to 4.0.1 has a stack buffer overflow vulnerability that occurs when reading misconfigured midi files. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Musescore
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%
CVE-2023-27008 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the function encrypt_password() in login.tmpl.php in ATutor 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the token parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Atutor
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-28712 CRITICAL Act Now

Osprey Pump Controller version 1.01 contains an unauthenticated command injection vulnerability that could allow system access with www-data permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28654 CRITICAL Act Now

Osprey Pump Controller version 1.01 has a hidden administrative account that has the hardcoded password that allows full access to the web management interface configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28631 CRITICAL PATCH Act Now

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Comrak
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-28398 CRITICAL Act Now

Osprey Pump Controller version 1.01 could allow an unauthenticated user to create an account and bypass authentication, thereby gaining unauthorized access to the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27886 CRITICAL Act Now

Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-27394 CRITICAL Act Now

Osprey Pump Controller version 1.01 is vulnerable an unauthenticated OS command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Command Injection Osprey Pump Controller Firmware
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2023-28326 CRITICAL PATCH Act Now

Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.0.0 Description: Attacker can elevate their privileges in any room. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Openmeetings
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-27246 HIGH This Week

An arbitrary file upload vulnerability in the Virtual Disk of MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted .htaccess file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE File Upload Mk Auth
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27247 MEDIUM POC This Month

Cynet Client Agent v4.6.0.8010 allows attackers with Administrator rights to disable the EDR functions by disabling process privilege tokens. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Client Agent
NVD GitHub
CVSS 3.1
4.4
EPSS
0.3%
CVE-2023-28427 HIGH PATCH This Week

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Javascript Sdk
NVD GitHub
CVSS 3.1
8.2
EPSS
1.2%
CVE-2023-28103 HIGH PATCH This Week

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Prototype Pollution Matrix React Sdk
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-25195 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache Fineract. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache SSRF Fineract
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-28718 HIGH This Week

Osprey Pump Controller version 1.01 allows users to perform certain actions via HTTP requests without performing any checks to verify the requests. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF Osprey Pump Controller Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2023-1679 HIGH This Week

A vulnerability classified as critical was found in DriverGenius 9.70.0.346. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Drivergenius
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1678 HIGH This Week

A vulnerability classified as critical has been found in DriverGenius 9.70.0.346. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Drivergenius
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24308 HIGH This Week

A potential memory vulnerability due to insufficient input validation in PDFXEditCore.x64.dll in PDF-XChange Editor version 9.3 by Tracker Software may allow attackers to execute code when a user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pdf Xchange Editor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24304 HIGH This Week

Improper input validation in the PDF.dll plugin of IrfanView v4.60 allows attackers to execute arbitrary code via opening a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Irfanview
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-1516 HIGH This Week

RoboDK versions 5.5.3 and prior contain an insecure permission assignment to critical directories vulnerability, which could allow a local user to escalate privileges and write files to the RoboDK. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Robodk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26337 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Adobe RCE Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26336 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26335 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26334 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption RCE Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26333 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26332 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26331 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26330 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26329 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26328 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26327 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25907 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25906 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25905 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Memory Corruption Buffer Overflow Adobe RCE Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-25904 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25903 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25902 HIGH PATCH This Week

Adobe Dimension versions 3.4.7 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Adobe Dimension
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy