Skip to main content
CVE-2023-28503 CRITICAL POC THREAT Emergency

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from an authentication bypass vulnerability, where a special. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Unidata Universe
NVD GitHub
CVSS 3.1
9.8
EPSS
62.1%
CVE-2023-28502 CRITICAL POC THREAT Emergency

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow in the "udadmin" service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Unidata Universe
NVD GitHub
CVSS 3.1
9.8
EPSS
61.1%
CVE-2023-26968 CRITICAL POC Act Now

In Atrocore 1.5.25, the Create Import Feed option with glyphicon-glyphicon-paperclip function is vulnerable to Unauthenticated File upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Atrocore
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-1684 CRITICAL POC Act Now

A vulnerability was found in HadSky 7.7.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Hadsky
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26984 HIGH POC This Week

An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Peppermint
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-27167 MEDIUM POC This Month

Suprema BioStar 2 v2.8.16 was discovered to contain a SQL injection vulnerability via the values parameter at /users/absence?search_month=1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Biostar 2
NVD Exploit-DB VulDB
CVSS 3.1
6.5
EPSS
7.5%
CVE-2023-1680 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in Xunrui CMS 4.61.html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xunruicms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1683 HIGH POC This Week

A vulnerability was found in Xunrui CMS 4.61 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xunruicms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1682 HIGH POC This Week

A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xunruicms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1685 HIGH POC This Week

A vulnerability was found in HadSky up to 7.11.8. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Hadsky
NVD VulDB
CVSS 3.1
7.2
EPSS
4.1%
CVE-2023-25809 MEDIUM POC PATCH This Month

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Docker Runc
NVD GitHub
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-1686 MEDIUM POC This Month

A vulnerability was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Young Entrepreneur E Negosyo System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28507 CRITICAL Act Now

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a memory-exhaustion issue, where a decompression routine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Unidata Universe
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28504 CRITICAL Act Now

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Unidata Universe
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-28501 CRITICAL Act Now

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based buffer overflow in the unirpcd daemon that,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Unidata Universe
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-1704 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1703 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1702 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1701 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.20. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26982 MEDIUM POC This Month

Trudesk v1.2.6 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Add Tags parameter under the Create Ticket function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Trudesk
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-1509 HIGH This Week

The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE WordPress CSRF Gmace
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-28508 HIGH This Week

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a heap-based overflow vulnerability, where certain input. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Unidata Universe
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28506 HIGH This Week

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Unidata Universe
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-28505 HIGH This Week

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a buffer overflow in an API function, where a string is. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Unidata Universe
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-23861 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in German Mesky GMAce plugin <= 1.5.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Gmace
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0664 HIGH PATCH This Week

A flaw was found in the QEMU Guest Agent service for Windows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Microsoft Qemu Enterprise Linux Fedora
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28642 HIGH PATCH This Week

runc is a CLI tool for spawning and running containers according to the OCI specification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Runc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28892 HIGH This Week

Malwarebytes AdwCleaner 8.4.0 runs as Administrator and performs an insecure file delete operation on C:\AdwCleaner\Logs\AdwCleaner_Debug.log in which the target location is user-controllable,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Adwcleaner
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-0213 HIGH This Week

Elevation of privilege issue in M-Files Installer versions before 22.6 on Windows allows user to gain SYSTEM privileges via DLL hijacking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft M Files
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28509 HIGH This Week

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 use weak encryption for packet-level security and passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Unidata Universe
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-0836 HIGH This Week

An information leak vulnerability was discovered in HAProxy 2.1, 2.2 before 2.2.27, 2.3, 2.4 before 2.4.21, 2.5 before 2.5.11, 2.6 before 2.6.8, 2.7 before 2.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-1656 HIGH This Week

Cleartext Transmission of Sensitive Information vulnerability in ForgeRock Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Apple Microsoft Ldap Connector
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23355 HIGH This Week

An OS command injection vulnerability has been reported to affect QNAP operating systems. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr Qts Quts Hero +8
NVD
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-1652 HIGH PATCH This Week

A use-after-free flaw was found in nfsd4_ssc_setup_dul in fs/nfsd/nfs4proc.c in the NFS filesystem in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Linux Linux Kernel +1
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2023-22705 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Welcart E Commerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26292 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Security Gateway Web Security
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26291 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Security Gateway Web Security
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26290 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cloud Security Gateway Web Security
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1690 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Earnings and Expense Tracker App 1.0.php?a=register_user. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Earnings And Expense Tracker App
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1689 MEDIUM This Month

A vulnerability classified as problematic was found in SourceCodester Earnings and Expense Tracker App 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Earnings And Expense Tracker App
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1688 MEDIUM This Month

A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Earnings And Expense Tracker Application
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1687 MEDIUM This Month

A vulnerability classified as problematic has been found in SourceCodester Simple Task Allocation System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Task Allocation System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1575 MEDIUM This Month

The Mega Main Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via some of its settings parameters in versions up to, and including, 2.2.2 due to insufficient input sanitization. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Mega Main Menu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-1550 MEDIUM This Month

Insertion of Sensitive Information into log file vulnerability in NGINX Agent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nginx Nginx Agent Nginx Instance Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27489 MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28158 MEDIUM PATCH This Month

Privilege escalation via stored XSS using the file upload service to upload malicious content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation File Upload XSS Archiva
NVD
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-1663 MEDIUM This Month

Coverity versions prior to 2023.3.2 are vulnerable to forced browsing, which exposes authenticated resources to unauthorized actors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Authentication Bypass Coverity
NVD
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy