Skip to main content
CVE-2023-2058 MEDIUM POC This Month

A vulnerability was found in EyouCms up to 1.6.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2057 MEDIUM POC This Month

A vulnerability was found in EyouCms 1.5.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-26123 MEDIUM POC PATCH This Month

Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting (XSS) such that the SetClipboardText API does not properly escape the ' character, allowing. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Raylib
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-29623 MEDIUM POC This Month

Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Purchase Order Management
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-1863 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eskom Water Metering Software allows Command Line Execution through SQL Injection.04.06. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi El Terminali Su Okuma Uygulamalarimiz
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-1833 CRITICAL Act Now

Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Router Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-1803 CRITICAL Act Now

Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Router Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-1617 CRITICAL Act Now

Improper Authentication vulnerability in B&R Industrial Automation B&R VC4 (VNC-Server modules). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Vc4
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2043 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Control Id Rhid
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-29569 MEDIUM POC This Month

Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Mjs
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29847 MEDIUM POC This Month

AeroCMS v0.0.1 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the comment_author and comment_content parameters at /post.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Aerocms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2059 MEDIUM POC This Month

A vulnerability was found in DedeCMS 5.7.87. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
2.4%
CVE-2023-2042 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in DataGear up to 4.7.0/5.1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Datagear
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
1.1%
CVE-2023-22949 MEDIUM POC This Month

An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloud Tigergraph Enterprise
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-30535 HIGH PATCH This Week

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Command Injection Snowflake Jdbc
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-2033 HIGH KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
40.8%
CVE-2023-29018 HIGH PATCH This Week

The OpenFeature Operator allows users to expose feature flags to applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Information Disclosure Openfeature
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2008 HIGH PATCH This Week

A flaw was found in the Linux kernel's udmabuf device driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-29067 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27915 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27914 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Autocad +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27913 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Information Disclosure Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27912 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-2076 LOW POC Monitor

A vulnerability classified as problematic was found in Campcodes Online Traffic Offense Management System 1.0.

XSS
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2023-2055 LOW POC Monitor

A vulnerability has been found in Campcodes Advanced Online Voting System 1.0 and classified as problematic. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2023-2077 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in Campcodes Online Traffic Offense Management System 1.0.

PHP XSS
NVD GitHub VulDB
CVSS 3.1
3.5
EPSS
0.1%
CVE-2023-29091 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29090 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29089 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29088 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29087 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29086 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29085 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29193 HIGH PATCH This Week

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Spicedb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29013 HIGH PATCH This Week

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Traefik
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-29383 LOW POC PATCH Monitor

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Shadow
NVD GitHub
CVSS 3.1
3.3
EPSS
0.4%
CVE-2023-30638 HIGH This Week

Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape Bcf Unify Openscape Branch Unify Openscape Session Border Controller
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-27666 MEDIUM This Month

Auto Dealer Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the name parameter at /classes/SystemSettings.php?f=update_settings. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Auto Dealer Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2044 MEDIUM This Month

A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Control Id Idsecure
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-25597 MEDIUM This Month

A vulnerability in the web conferencing component of Mitel MiCollab through 9.6.2.9 could allow an unauthenticated attacker to download a shared file via a crafted request - including the exact path. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Micollab
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-1285 MEDIUM This Month

Signal Handler Race Condition vulnerability in Mitsubishi Electric India GC-ENET-COM whose first 2 digits of 11-digit serial number of unit are "16" allows a remote unauthenticated attacker to cause. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Gc Enet Com Firmware
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-24934 MEDIUM PATCH This Month

Microsoft Defender Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Microsoft Authentication Bypass Malware Protection Platform
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-28091 MEDIUM This Month

HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-28085 MEDIUM This Month

An HPE OneView Global Dashboard (OVGD) appliance dump may expose OVGD user account credentials. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oneview Global Dashboard
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-27890 MEDIUM This Month

The Export User plugin through 2.0 for MyBB allows XSS during the process of an admin generating DSGVO data for a user, via the Custom User Title, Location, or Bio field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Export User
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-29529 MEDIUM PATCH This Month

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Javascript Sdk
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-26559 MEDIUM This Month

A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Oxygen Content Fusion Oxygen Xml Web Author
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-29132 MEDIUM This Month

Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Information Disclosure Memory Corruption Irssi
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-29194 LOW PATCH Monitor

Vitess is a database clustering system for horizontal scaling of MySQL. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Vitess
NVD GitHub
CVSS 3.1
2.7
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy