Skip to main content
CVE-2023-26482 HIGH POC PATCH Act Now

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
4.2%
CVE-2023-1740 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Air Cargo Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Air Cargo Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-25076 CRITICAL POC PATCH THREAT Act Now

A buffer overflow vulnerability exists in the handling of wildcard backend hosts of SNIProxy 0.6.0-2 and the master branch (commit: 822bb80df9b7b345cc9eba55df74a07b498819ba). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Sniproxy
NVD GitHub
CVSS 3.1
9.8
EPSS
65.5%
CVE-2023-28731 CRITICAL POC Act Now

AnyMailing Joomla Plugin is vulnerable to unauthenticated remote code execution, when being granted access to the campaign's creation on front-office due to unrestricted file upload allowing PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Microsoft Acymailing
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-1712 CRITICAL POC PATCH Act Now

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Haystack
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1744 HIGH POC This Week

A vulnerability classified as critical was found in IBOS 4.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ibos
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1742 HIGH POC This Week

A vulnerability was found in IBOS 4.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-27534 HIGH POC This Week

A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Curl Fedora Active Iq Unified Manager +6
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-27533 HIGH POC This Week

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Curl Fedora Active Iq Unified Manager Clustered Data Ontap +5
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-28643 HIGH POC PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1745 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in KMPlayer 4.2.2.73.dll. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kmplayer
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29059 HIGH POC This Week

3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Microsoft 3Cx
NVD
CVSS 3.1
7.8
EPSS
4.4%
CVE-2023-24473 HIGH POC This Week

An information disclosure vulnerability exists in the TGAInput::read_tga2_header functionality of OpenImageIO Project OpenImageIO v2.4.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openimageio
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24472 HIGH POC This Week

A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Openimageio
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-22845 HIGH POC This Week

An out-of-bounds read vulnerability exists in the TGAInput::decode_pixel() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Openimageio
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-1743 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Grade Point Average GPA Calculator 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Grade Point Average Gpa Calculator
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26692 MEDIUM POC This Month

ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zbbs Zcbs Zpbs
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
2.7%
CVE-2023-27537 MEDIUM POC This Month

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Libcurl Active Iq Unified Manager Clustered Data Ontap Brocade Fabric Operating System Firmware +5
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2023-27536 MEDIUM POC This Month

An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +6
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2023-27535 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +6
NVD
CVSS 3.1
5.9
EPSS
1.6%
CVE-2023-1725 CRITICAL Act Now

Server-Side Request Forgery (SSRF) vulnerability in Infoline Project Management System allows Server Side Request Forgery.09.31.125. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Project Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-1741 CRITICAL Act Now

A vulnerability was found in jeecg-boot 3.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java SQLi Jeecg Boot
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-1739 CRITICAL Act Now

A vulnerability was found in SourceCodester Simple and Beautiful Shopping Cart System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Simple And Beautiful Shopping Cart System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1738 CRITICAL Act Now

A vulnerability has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Young Entrepreneur E Negosyo System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-28462 CRITICAL PATCH Act Now

A JNDI rebind operation in the default ORB listener in Payara Server 4.1.2.191 (Enterprise), 5.20.0 and newer (Enterprise), and 5.2020.1 and newer (Community), when Java 1.8u181 and earlier is used,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Deserialization Payara Server
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1737 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Young Entrepreneur E Negosyo System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1735 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Young Entrepreneur E Negosyo System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-1734 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Young Entrepreneur E Negosyo System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1699 CRITICAL Act Now

Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Nexpose
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-27538 MEDIUM POC This Month

An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Libcurl Fedora Debian Linux Active Iq Unified Manager +7
NVD
CVSS 3.1
5.5
EPSS
1.2%
CVE-2023-1746 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Dreamer CMS up to 3.5.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dreamer Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26118 MEDIUM POC This Month

Versions of the package angular from 1.4.9 are vulnerable to Regular Expression Denial of Service (ReDoS) via the <input type="url"> element due to the usage of an insecure regular expression in the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Angularjs Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2023-26117 MEDIUM POC This Month

Versions of the package angular from 1.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the $resource service due to the usage of an insecure regular expression. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Angularjs Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2023-26116 MEDIUM POC This Month

Versions of the package angular from 1.2.21 are vulnerable to Regular Expression Denial of Service (ReDoS) via the angular.copy() utility function due to the usage of an insecure regular expression. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Angularjs Fedora
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2023-1736 HIGH This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Young Entrepreneur E Negosyo System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-28833 HIGH PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-28935 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache UIMA DUCC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Command Injection Unstructured Information Management Architecture
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2023-1670 HIGH This Week

A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1393 HIGH PATCH This Week

A flaw was found in X.Org Server Overlay Window. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Memory Corruption X Server Fedora
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-1014 HIGH This Week

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in Virames Vira-Investing allows Account Footprinting.0.84.86. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vira Investing
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-28846 HIGH PATCH This Week

Unpoly is a JavaScript framework for server-side web applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Unpoly Rails
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-28835 HIGH PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28644 HIGH PATCH This Week

Nextcloud server is an open source home cloud implementation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28732 HIGH This Week

Missing access control in AnyMailing Joomla Plugin allows to list and access files containing sensitive information from the plugin itself and access to system files via path traversal, when being. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Acymailing
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28647 MEDIUM PATCH This Month

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Apple Authentication Bypass Nextcloud
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-0620 MEDIUM PATCH This Month

HashiCorp Vault and Vault Enterprise versions 0.8.0 through 1.13.1 are vulnerable to an SQL injection attack when configuring the Microsoft SQL (MSSQL) Database Storage Backend. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity.

Microsoft SQLi Hashicorp Vault
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2023-0665 MEDIUM PATCH This Month

HashiCorp Vault's PKI mount issuer endpoints did not correctly authorize access to remove an issuer or modify issuer metadata, potentially resulting in denial of service of the PKI mount. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Authentication Bypass Hashicorp Vault
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1013 MEDIUM This Month

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Virames Vira-Investing allows Cross-Site Scripting (XSS).0.84.86. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Vira Investing
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-28733 MEDIUM This Month

AnyMailing Joomla Plugin is vulnerable to stored cross site scripting (XSS) in templates and emails of AcyMailing, exploitable without authentication when access is granted to the campaign's creation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft Acymailing
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23677 MEDIUM This Month

Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.5 versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Gtmetrix
NVD
CVSS 3.1
6.1
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy