Skip to main content
CVE-2023-29804 HIGH POC THREAT This Week

WFS-SR03 v1.0.3 was discovered to contain a command injection vulnerability via the sys_smb_pwdmod function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Wfs Sr03W Firmware Wfs Sr03K Firmware
NVD
CVSS 3.1
8.8
EPSS
17.5%
CVE-2023-29584 HIGH POC This Week

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the MP4GetVideoProfileLevel function at /src/mp4.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2041 HIGH POC This Week

A vulnerability classified as critical was found in novel-plus 3.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2040 HIGH POC This Week

A vulnerability classified as critical has been found in novel-plus 3.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2039 HIGH POC This Week

A vulnerability was found in novel-plus 3.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-29627 HIGH POC This Week

Online Pizza Ordering v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Online Pizza Ordering
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-29625 HIGH POC This Week

Employee Performance Evaluation System v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Employee Performance Evaluation System
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-29621 HIGH POC This Week

Purchase Order Management v1.0 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file uploaded to the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Purchase Order Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-2034 HIGH POC PATCH THREAT This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository froxlor/froxlor prior to 2.0.14. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Froxlor
NVD GitHub
CVSS 3.1
8.8
EPSS
73.2%
CVE-2023-27651 HIGH POC This Week

Privilege escalation vulnerability in Ego Studio SuperClean Android app versions 1.1.5 and 1.1.9, where attackers can gain elevated privileges by manipulating the update_info field in the _default_.xml file. A public proof-of-concept exploit is available on GitHub, though the EPSS score indicates low real-world exploitation probability at 0.04%.

Privilege Escalation Super Clean
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2023-27193 HIGH POC This Week

An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Space Clean Super Cleaner
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29491 HIGH POC PATCH This Week

ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Ncurses
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-29850 HIGH POC This Week

SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Senayan Library Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-27653 HIGH POC This Week

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a denial of service via the SharedPreference files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Who
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-27649 HIGH POC This Week

SQL injection vulnerability found in Trusted Tools Free Music v.2.1.0.47, v.2.0.0.46, v.1.9.1.45, v.1.8.2.43 allows a remote attacker to cause a denial of service via the search history table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Trusted Tools Free Music
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-27643 HIGH POC This Week

An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Poweramp
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-26756 HIGH POC This Week

The login page of Revive Adserver v5.4.1 is vulnerable to brute force attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Adserver
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-2038 HIGH POC This Week

A vulnerability was found in Campcodes Video Sharing Website 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Campcodes Video Sharing Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2036 HIGH POC This Week

A vulnerability was found in Campcodes Video Sharing Website 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP SQLi Campcodes Video Sharing Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2035 HIGH POC This Week

A vulnerability has been found in Campcodes Video Sharing Website 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Campcodes Video Sharing Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29626 HIGH POC This Week

Yoga Class Registration System 1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at /admin/login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Yoga Class Registration System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26969 HIGH POC This Week

Atropim 1.5.26 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Atropim
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-2073 HIGH POC This Week

A critical SQL injection vulnerability exists in the Login.php file of Campcodes Online Traffic Offense Management System 1.0, specifically in the password parameter handling. The vulnerability allows remote attackers to bypass authentication and manipulate database queries without requiring any privileges or user interaction. A public proof-of-concept exploit is available on GitHub, though the EPSS score of 0.07% (20th percentile) suggests relatively low observed exploitation activity in the wild.

SQLi PHP Authentication Bypass Online Traffic Offense Management System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-30459 HIGH POC This Week

SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Smartptt Scada
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2023-27647 HIGH POC This Week

An issue found in DUALSPACE Lock Master v.2.2.4 allows a local attacker to cause a denial of service or gain sensitive information via the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Denial Of Service Google Lock Master
NVD GitHub
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-26980 HIGH POC This Week

PAX Technology PAX A920 Pro PayDroid 8.1suffers from a Race Condition vulnerability, which allows attackers to bypass the payment software and force the OS to boot directly to Android during the boot. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Google Authentication Bypass Paydroid
NVD
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-30535 HIGH PATCH This Week

Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java RCE Command Injection Snowflake Jdbc
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-2033 HIGH KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
40.8%
CVE-2023-29018 HIGH PATCH This Week

The OpenFeature Operator allows users to expose feature flags to applications. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Information Disclosure Openfeature
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2008 HIGH PATCH This Week

A flaw was found in the Linux kernel's udmabuf device driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Linux Kernel
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-29067 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by write access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-27915 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 could lead to memory corruption vulnerability by read access violation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27914 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to write beyond the allocated buffer causing a Stack Buffer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Information Disclosure Autocad +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27913 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can be used to cause an Integer Overflow. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Information Disclosure Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27912 HIGH This Week

A maliciously crafted X_B file when parsed through Autodesk® AutoCAD® 2023 can force an Out-of-Bound Read. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Autocad Autocad Advance Steel +8
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-29091 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29090 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29089 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29088 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29087 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29086 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29085 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 5300 Firmware Exynos 5123 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29193 HIGH PATCH This Week

SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critical application permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Spicedb
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29013 HIGH PATCH This Week

Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer for deploying microservices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Traefik
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-30638 HIGH This Week

Atos Unify OpenScape SBC 10 before 10R3.1.3, OpenScape Branch 10 before 10R3.1.2, and OpenScape BCF 10 before 10R10.7.0 allow remote authenticated admins to inject commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape Bcf Unify Openscape Branch Unify Openscape Session Border Controller
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy