Skip to main content
CVE-2023-27488 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-26921 CRITICAL POC Act Now

OS Command Injection vulnerability in quectel AG550QCN allows attackers to execute arbitrary commands via ql_atfwd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ag550Qcn Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-26750 CRITICAL POC Act Now

SQL injection vulnerability found in Yii Framework Yii 2 Framework before v.2.0.47 allows the a remote attacker to execute arbitrary code via the runAction function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Yii
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-1827 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Centralized Covid Vaccination Records System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Centralized Covid Vaccination Records System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1671 CRITICAL POC KEV THREAT Act Now

A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Sophos Web Appliance
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-1826 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Computer And Laptop Store
NVD VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
4.4%
CVE-2023-27493 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-27491 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-27487 CRITICAL POC Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Envoy
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-0480 HIGH POC This Week

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance administrator's account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Vitalpbx
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-29003 HIGH POC PATCH This Week

SvelteKit is a web development framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass CSRF Sveltekit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0265 HIGH POC This Week

Uvdesk version 1.1.1 allows an authenticated remote attacker to execute commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Community Skeleton
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-25356 HIGH POC This Week

CoreDial sipXcom up to and including 21.04 is vulnerable to Improper Neutralization of Argument Delimiters in a Command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Sipxcom
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-25355 HIGH POC This Week

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sipxcom
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-28840 HIGH POC PATCH This Week

Moby is an open source container framework developed by Docker Inc. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Linux Docker Moby
NVD GitHub
CVSS 3.1
8.7
EPSS
2.7%
CVE-2023-0835 HIGH POC This Week

markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Markdown Pdf
NVD
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-27089 HIGH POC This Week

Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of service via a crafted payload in the login parameter. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service XSS Ehuacui Bbs
NVD GitHub
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-27771 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Creative Centerr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27770 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Edraw-max v.12.0.4 allows a remote attacker to execute arbitrary commands via the edraw-max_setup_full5371.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Edraw Max
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-27769 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd PDF Reader v.1.0.1 allows a remote attacker to execute arbitrary commands via the pdfreader_setup_full13143.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pdf Reader
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27768 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd PDFelement v9.1.1 allows a remote attacker to execute arbitrary commands via the pdfelement-pro_setup_full5239.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pdfelement
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27767 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Dr.Fone v.12.4.9 allows a remote attacker to execute arbitrary commands via the drfone_setup_full3360.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Dr Fone
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27766 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Anireel
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27765 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Recoverit
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27764 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Repairit
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27763 HIGH POC This Week

An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mobiletrans
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27762 HIGH POC This Week

An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Democreator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27761 HIGH POC This Week

An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Uniconverter
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27760 HIGH POC This Week

An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filmora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27759 HIGH POC This Week

An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Edrawmind
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-26991 HIGH POC This Week

SWFTools v0.9.2 was discovered to contain a stack-use-after-scope in the swf_ReadSWF2 function in lib/rfxswf.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Swftools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26733 HIGH POC This Week

Buffer Overflow vulnerability found in tinyTIFF v.3.0 allows a local attacker to cause a denial of service via the TinyTiffReader_readNextFrame function in tinytiffreader.c file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tinytiff
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27496 HIGH POC This Week

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-26976 HIGH POC THREAT This Week

Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
15.9%
CVE-2023-26855 HIGH POC This Week

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Churchcrm
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27091 HIGH POC This Week

An unauthorized access issue found in XiaoBingby TeaCMS 2.3.3 allows attackers to escalate privileges via the id and keywords parameter(s). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Teacms
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-25305 HIGH POC PATCH This Week

PolyMC Launcher <= 1.4.3 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Path Traversal Polymc
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-25303 HIGH POC This Week

ATLauncher <= 3.4.26.0 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atlauncher
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-28841 MEDIUM POC PATCH This Month

Moby is an open source container framework developed by Docker Inc. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Information Disclosure Linux Docker Moby
NVD GitHub
CVSS 3.1
6.8
EPSS
0.7%
CVE-2023-28853 MEDIUM POC PATCH This Month

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Code Injection LDAP Mastodon
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-27492 MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-28997 MEDIUM POC PATCH This Month

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-28999 MEDIUM POC PATCH This Month

Nextcloud is an open-source productivity platform. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Apple Google Nextcloud Desktop
NVD GitHub
CVSS 3.1
6.4
EPSS
0.7%
CVE-2021-28235 CRITICAL Act Now

Authentication vulnerability found in Etcd-io v.3.4.10 allows remote attackers to escalate privileges via the debug function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Etcd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2020-29312 CRITICAL Act Now

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization Zend Framework
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-1728 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in Fernus Informatics LMS allows OS Command Injection, Server Side Include (SSI) Injection.04.03. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Command Injection Learning Management Systems
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-0738 MEDIUM POC This Month

OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Orangescrum
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-0486 MEDIUM POC This Month

VitalPBX version 3.2.3-8 allows an unauthenticated external attacker to obtain the instance's administrator account via a malicious link. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vitalpbx
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-0357 MEDIUM POC This Month

Helpy version 2.8.0 allows an unauthenticated remote attacker to exploit an XSS stored in the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Helpy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-0325 MEDIUM POC This Month

Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Community Skeleton
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy