Skip to main content
CVE-2023-1800 CRITICAL POC PATCH Act Now

A vulnerability, which was classified as critical, has been found in sjqzhang go-fastdfs up to 1.4.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal File Upload Go Fastdfs
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.5%
CVE-2023-1797 CRITICAL POC Act Now

A vulnerability classified as critical was found in OTCMS 6.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Otcms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1793 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Police Crime Record Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1792 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Mobile Comparison Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27025 HIGH POC PATCH This Week

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ruoyi
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-1795 MEDIUM POC This Month

A vulnerability was found in SourceCodester Gadget Works Online Ordering System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Gadget Works Online Ordering System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1794 MEDIUM POC This Month

A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Police Crime Record Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-28677 CRITICAL Act Now

Jenkins Convert To Pipeline Plugin 1.0 and earlier uses basic string concatenation to convert Freestyle projects' Build Environment, Build Steps, and Post-build Actions to the equivalent Pipeline. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Command Injection Convert To Pipeline
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28668 CRITICAL PATCH Act Now

Jenkins Role-based Authorization Strategy Plugin 587.v2872c41fa_e51 and earlier grants permissions even after they've been disabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Role Based Authorization Strategy
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27286 CRITICAL PATCH Act Now

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27284 CRITICAL PATCH Act Now

IBM Aspera Cargo 4.2.5 and IBM Aspera Connect 4.2.5 are vulnerable to a buffer overflow, caused by improper bounds checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE IBM Aspera Cargo Aspera Connect
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1791 CRITICAL Act Now

A vulnerability has been found in SourceCodester Simple Task Allocation System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Simple Task Allocation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1799 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in EyouCMS up to 1.5.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1798 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in EyouCMS up to 1.5.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-1796 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Employee Payslip Generator 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Employee Payslip Generator System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28676 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Convert To Pipeline Plugin 1.0 and earlier allows attackers to create a Pipeline based on a Freestyle project, potentially leading to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Jenkins CSRF Convert To Pipeline
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-28674 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Octoperf Load Testing
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-20559 HIGH This Week

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware +85
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-20558 HIGH This Week

Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ryzen 7 5700G Firmware Ryzen 7 5700Ge Firmware Ryzen 5 5600G Firmware Ryzen 5 5600Ge Firmware +85
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28683 HIGH This Week

Jenkins Phabricator Differential Plugin 2.1.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Phabricator Differential
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-28682 HIGH This Week

Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Performance Publisher
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-28681 HIGH This Week

Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Visual Studio Code Metrics
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-28680 HIGH This Week

Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins XXE Crap4J
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1580 HIGH This Week

Uncontrolled resource consumption in the logging feature in Devolutions Gateway 2023.1.1 and earlier allows an attacker to cause a denial of service by filling up the disk and render the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Devolutions Gateway
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28684 MEDIUM This Month

Jenkins remote-jobs-view-plugin Plugin 0.0.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XXE Remote Jobs View
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28672 MEDIUM PATCH This Month

Jenkins OctoPerf Load Testing Plugin Plugin 4.5.1 and earlier does not perform a permission check in a connection test HTTP endpoint, allowing attackers with Overall/Read permission to connect to an. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Octoperf Load Testing
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-1603 MEDIUM This Month

Permission bypass when importing or synchronizing entries in User vault in Devolutions Server 2022.3.13 and prior versions allows users with restricted rights to bypass entry permission via id. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Devolutions Server
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1574 MEDIUM This Month

Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-1202 MEDIUM This Month

Permission bypass when importing or synchronizing entries in User vault in Devolutions Remote Desktop Manager 2023.1.9 and prior versions allows users with restricted rights to bypass entry. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hashicorp Remote Desktop Manager
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-28679 MEDIUM This Month

Jenkins Mashup Portlets Plugin 1.1.2 and earlier provides the "Generic JS Portlet" feature that lets a user populate a portlet using a custom JavaScript expression, resulting in a stored cross-site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Mashup Portlets
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-28678 MEDIUM This Month

Jenkins Cppcheck Plugin 1.26 and earlier does not escape file names from Cppcheck report files before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Cppcheck
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28670 MEDIUM PATCH This Month

Jenkins Pipeline Aggregator View Plugin 1.13 and earlier does not escape a variable representing the current view's URL in inline JavaScript, resulting in a stored cross-site scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Pipeline Aggregator View
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-28669 MEDIUM PATCH This Month

Jenkins JaCoCo Plugin 3.3.2 and earlier does not escape class and method names shown on the UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins XSS Jacoco
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-26283 MEDIUM PATCH This Month

IBM WebSphere Application Server 9.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Websphere Application Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-28675 MEDIUM PATCH This Month

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers to connect to a previously configured Octoperf server using attacker-specified credentials. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Octoperf Load Testing
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-28673 MEDIUM PATCH This Month

A missing permission check in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Octoperf Load Testing
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-28671 MEDIUM PATCH This Month

A cross-site request forgery (CSRF) vulnerability in Jenkins OctoPerf Load Testing Plugin Plugin 4.5.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Octoperf Load Testing
NVD
CVSS 3.1
4.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy