Skip to main content
CVE-2023-27159 HIGH POC THREAT Act Now

Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 36.2%.

SSRF Appwrite
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
36.2%
Threat
4.1
CVE-2023-26858 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaSHp faqs v.3.1.6 allows a remote attacker to escalate privileges via the faqsBudgetModuleFrontController::displayAjaxGenerateBudget component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Frequently Asked Questions Page
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1785 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Earnings and Expense Tracker App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Earnings And Expense Tracker App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28843 CRITICAL POC PATCH Act Now

PrestaShop/paypal is an open source module for the PrestaShop web commerce ecosystem which provides paypal payment support. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Paypal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28879 CRITICAL POC Act Now

In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Ghostscript Debian Linux
NVD
CVSS 3.1
9.8
EPSS
6.3%
CVE-2023-28862 CRITICAL POC Act Now

An issue was discovered in LemonLDAP::NG before 2.16.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lemonldap
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-26829 CRITICAL POC Act Now

An authentication bypass vulnerability in the Password Reset component of Gladinet CentreStack before 13.5.9808 allows remote attackers to set a new password for any valid user account, without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Centrestack
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-1770 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Grade Point Average Gpa Calculator
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1753 CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27162 CRITICAL POC Act Now

{language}. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Openapi Generator
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-1762 HIGH POC PATCH This Week

Improper Privilege Management in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Phpmyfaq
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-1747 HIGH POC This Week

A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-27163 MEDIUM POC This Month

{name}. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Request Baskets
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
7.5%
CVE-2023-26485 HIGH POC PATCH This Week

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cmark Gfm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-24824 HIGH POC PATCH This Week

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Cmark Gfm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-26925 HIGH POC This Week

An information disclosure vulnerability exists in the Syslog functionality of D-LINK DIR-882 1.30. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 882 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-27160 HIGH POC This Week

{id}. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Forem
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-26830 HIGH POC This Week

An unrestricted file upload vulnerability in the administrative portal branding component of Gladinet CentreStack before 13.5.9808 allows authenticated attackers to execute arbitrary code by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Centrestack
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-1771 MEDIUM POC This Month

A vulnerability was found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Grade Point Average Gpa Calculator
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1784 CRITICAL Act Now

A vulnerability was found in jeecg-boot 3.5.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Jeecg Boot
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29141 CRITICAL PATCH Act Now

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Mediawiki Fedora
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-23594 CRITICAL Act Now

An authentication bypass vulnerability in the web client interface for the CL4NX printer before firmware version 1.13.3-u724_r2 provides remote unauthenticated attackers with access to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cl4Nx Plus Firmware
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-1773 CRITICAL Act Now

A vulnerability was found in Rockoa 2.3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP Rockoa
NVD VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-1761 MEDIUM POC PATCH This Month

Cross-site Scripting in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-1755 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1258 MEDIUM POC This Month

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Abb Information Disclosure Flow X M Firmware Flow X C Firmware Flow X K Firmware +5
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
3.9%
CVE-2023-0432 CRITICAL PATCH Act Now

The web configuration service of the affected device contains an authenticated command injection vulnerability. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Command Injection Dx 2100L1 Cn Firmware
NVD
CVSS 3.1
9.0
EPSS
1.1%
CVE-2023-1772 MEDIUM POC This Month

A vulnerability was found in DataGear up to 4.5.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Datagear
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-28727 HIGH This Week

Panasonic AiSEG2 versions 2.00J through 2.93A allows adjacent attackers bypass authentication due to mishandling of X-Forwarded-For headers. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Aiseg2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-28726 HIGH This Week

Panasonic AiSEG2 versions 2.80F through 2.93A allows remote attackers to execute arbitrary OS commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Aiseg2 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-1760 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1759 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-1754 MEDIUM POC PATCH This Month

Improper Neutralization of Input During Web Page Generation in GitHub repository thorsten/phpmyfaq prior to 3.1.12. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.7
EPSS
0.6%
CVE-2023-28464 HIGH PATCH This Week

hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Linux Linux Kernel H300s Firmware H410c Firmware +3
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28877 HIGH This Week

The VTEX apps-graphql@2.x GraphQL API module does not properly restrict unauthorized access to private configuration data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apps Graphql
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0344 HIGH This Week

Akuvox E11 appears to be using a custom version of dropbear SSH server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0343 HIGH This Week

Akuvox E11 contains a function that encrypts messages which are then forwarded. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E11 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1769 HIGH This Week

A vulnerability, which was classified as problematic, was found in SourceCodester Grade Point Average GPA Calculator 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Grade Point Average Gpa Calculator
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28844 MEDIUM PATCH This Month

Nextcloud server is an open source home cloud implementation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28645 MEDIUM PATCH This Month

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Authentication Bypass Nextcloud Richdocuments
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-29139 MEDIUM PATCH This Month

An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Mediawiki
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1775 MEDIUM PATCH This Month

When running in a High Availability configuration, Mattermost fails to sanitize some of the user_updated and post_deleted events broadcast to all users, leading to disclosure of sensitive information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-1060 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YKM YKM CRM allows Reflected XSS.03.30. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ykm Crm
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-1776 MEDIUM PATCH This Month

Boards in Mattermost allows an attacker to upload a malicious SVG image file as an attachment to a card and share it using a direct link to the file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost XSS Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-1774 MEDIUM PATCH This Month

When processing an email invite to a private channel on a team, Mattermost fails to validate the inviter's permission to that channel, allowing an attacker to invite themselves to a private channel. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-29140 MEDIUM PATCH This Month

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Mediawiki
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-1777 MEDIUM PATCH This Month

Mattermost allows an attacker to request a preview of an existing message when creating a new message via the createPost API call, disclosing the contents of the linked message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-28756 MEDIUM PATCH This Month

A ReDoS issue was discovered in the Time component through 0.2.1 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ruby Time Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
2.5%
CVE-2023-28755 MEDIUM PATCH This Month

A ReDoS issue was discovered in the URI component through 0.12.0 in Ruby through 3.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Uri Debian Linux Fedora
NVD GitHub
CVSS 3.1
5.3
EPSS
2.6%
CVE-2023-29137 MEDIUM PATCH This Month

An issue was discovered in the GrowthExperiments extension for MediaWiki through 1.39.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Mediawiki
NVD
CVSS 3.1
4.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy