Skip to main content
CVE-2023-29199 CRITICAL POC PATCH Act Now

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass `handleException()` and leak unsanitized host. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Vm2
NVD GitHub
CVSS 3.1
10.0
EPSS
3.9%
CVE-2023-27654 CRITICAL POC Act Now

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Who
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2056 CRITICAL POC Act Now

A vulnerability was found in DedeCMS up to 5.7.87 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Dedecms
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29805 CRITICAL POC Act Now

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the pro_stor_canceltrans_handler_part_19 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wfs Sr03W Firmware Wfs Sr03K Firmware
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-29803 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the pid parameter in the disconnectVPN function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-29802 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-29801 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain multiple command injection vulnerabilities via the rtLogEnabled and rtLogServer parameters in the setSyslogCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-29800 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-29799 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-29798 CRITICAL POC Act Now

TOTOLINK X18 V9.1.0cu.2024_B20220329 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X18 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-27648 CRITICAL POC Act Now

Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277 allows a remote attacker to execute arbitrary code via the dex file in the internal storage. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Change Color Of Keypad
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-2037 CRITICAL POC Act Now

A vulnerability was found in Campcodes Video Sharing Website 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Campcodes Video Sharing Website
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29622 CRITICAL POC Act Now

Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Purchase Order Management
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-26918 CRITICAL POC Act Now

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation File Replication Pro
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
6.1%
CVE-2023-29804 HIGH POC THREAT This Week

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wfs Sr03W Firmware Wfs Sr03K Firmware
NVD
CVSS 3.1
8.8
EPSS
17.5%
CVE-2023-29584 HIGH POC This Week

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2041 HIGH POC This Week

A vulnerability classified as critical was found in novel-plus 3.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2040 HIGH POC This Week

A vulnerability classified as critical has been found in novel-plus 3.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2039 HIGH POC This Week

A vulnerability was found in novel-plus 3.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-29627 HIGH POC This Week

Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Pizza Ordering
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-29625 HIGH POC This Week

Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Employee Performance Evaluation System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-29621 HIGH POC This Week

Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Purchase Order Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-2034 HIGH POC PATCH THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Froxlor
NVD GitHub
CVSS 3.1
8.8
EPSS
73.2%
CVE-2023-27651 HIGH POC This Week

Privilege escalation vulnerability in Ego Studio SuperClean Android app versions 1.1.5 and 1.1.9, where attackers can gain elevated privileges by manipulating the update_info field in the _default_.xml file. A public proof-of-concept exploit is available on GitHub, though the EPSS score indicates low real-world exploitation probability at 0.04%.

Privilege Escalation Super Clean
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-27193 HIGH POC This Week

An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Space Clean Super Cleaner
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29491 HIGH POC PATCH This Week

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Ncurses
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-29850 HIGH POC This Week

SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Senayan Library Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27653 HIGH POC This Week

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Who
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27649 HIGH POC This Week

SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Trusted Tools Free Music
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-27643 HIGH POC This Week

An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poweramp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-26756 HIGH POC This Week

The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Adserver
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-2038 HIGH POC This Week

A vulnerability was found in Campcodes Video Sharing Website 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Campcodes Video Sharing Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2036 HIGH POC This Week

A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP SQLi Campcodes Video Sharing Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2035 HIGH POC This Week

A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Campcodes Video Sharing Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29626 HIGH POC This Week

Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Yoga Class Registration System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26969 HIGH POC This Week

Atropim 1.5.26 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atropim
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-2073 HIGH POC This Week

A critical SQL injection vulnerability exists in the Login.php file of Campcodes Online Traffic Offense Management System 1.0, specifically in the password parameter handling. The vulnerability allows remote attackers to bypass authentication and manipulate database queries without requiring any privileges or user interaction. A public proof-of-concept exploit is available on GitHub, though the EPSS score of 0.07% (20th percentile) suggests relatively low observed exploitation activity in the wild.

SQLi PHP Authentication Bypass Online Traffic Offense Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-30459 HIGH POC This Week

SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Smartptt Scada
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2023-27647 HIGH POC This Week

An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service Google Lock Master
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-26980 HIGH POC This Week

PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Google Authentication Bypass Paydroid
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-2050 MEDIUM POC This Month

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2023-2074 MEDIUM POC This Month

A SQL injection vulnerability exists in Campcodes Online Traffic Offense Management System version 1.0 within the /classes/Master.php file, where the 'id' parameter is not properly sanitized, allowing authenticated attackers to execute arbitrary SQL queries remotely. An attacker with valid credentials can leverage this vulnerability to read, modify, or delete database contents, potentially compromising sensitive traffic offense records. Public proof-of-concept code is available, increasing real-world exploitation risk.

SQLi PHP Online Traffic Offense Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2051 MEDIUM POC This Month

A vulnerability classified as critical has been found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2052 MEDIUM POC This Month

A vulnerability classified as critical was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2075 MEDIUM POC This Month

A SQL injection vulnerability exists in Campcodes Online Traffic Offense Management System version 1.0, specifically in the /admin/offenses/view_details.php file where the 'id' parameter is improperly sanitized. An authenticated attacker with low privileges can exploit this remotely without user interaction to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. A public proof-of-concept has been disclosed, though the EPSS score of 0.07% (20th percentile) suggests real-world exploitation remains relatively unlikely despite the theoretical severity.

SQLi PHP Online Traffic Offense Management System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2054 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2053 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2049 MEDIUM POC This Month

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2048 MEDIUM POC This Month

A vulnerability was found in Campcodes Advanced Online Voting System 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2023-2047 MEDIUM POC This Month

A vulnerability was found in Campcodes Advanced Online Voting System 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Advanced Online Voting System
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy