Skip to main content
CVE-2023-2160 CRITICAL POC PATCH Act Now

Weak Password Requirements in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Brute Force Modoboa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-2152 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-2151 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Student Study Center Desk Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Study Center Desk Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2149 CRITICAL POC Act Now

A vulnerability classified as critical was found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2148 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2147 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2146 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2145 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online Thesis Archiving System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2144 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online Thesis Archiving System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Thesis Archiving System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-45836 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Download Manager
NVD
CVSS 3.1
6.3
EPSS
7.2%
CVE-2023-29887 HIGH POC This Week

A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Spreadsheet Reader
NVD
CVSS 3.1
7.5
EPSS
4.7%
CVE-2023-21931 HIGH POC PATCH THREAT This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Oracle Authentication Bypass Weblogic Server
NVD GitHub
CVSS 3.1
7.5
EPSS
82.3%
CVE-2023-29855 HIGH POC This Week

WBCE CMS 1.5.3 has a command execution vulnerability via admin/languages/install.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Wbce Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-2154 HIGH POC This Week

A vulnerability was found in SourceCodester Task Reminder System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Task Reminder System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-2150 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in SourceCodester Task Reminder System 1.0.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Task Reminder System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2022-46640 CRITICAL Act Now

Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Nanoleaf Desktop
NVD VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-29854 MEDIUM POC This Month

DirCMS 6.0.0 has a Cross Site Scripting (XSS) vulnerability in the foreground. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dircms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2153 MEDIUM POC This Month

A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Complaint Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-27092 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Jbootfly allows attackers to obtain sensitive information via the username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jbootfly
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-28004 CRITICAL PATCH Act Now

A CWE-129: Improper validation of an array index vulnerability exists where a specially crafted Ethernet request could result in denial of service or remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE Denial Of Service Powerlogic Hdpm6000 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-29412 CRITICAL PATCH Act Now

Injection') vulnerability exists that could cause remote code execution when manipulating internal methods through Java RMI interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Java RCE Command Injection Apc Easy Ups Online Monitoring Software Easy Ups Online Monitoring Software
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29411 CRITICAL PATCH Act Now

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow changes to administrative credentials, leading to potential remote code execution without requiring prior. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java RCE Authentication Bypass Apc Easy Ups Online Monitoring Software Easy Ups Online Monitoring Software
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-28839 CRITICAL PATCH Act Now

Shoppingfeed PrestaShop is an add-on to the PrestaShop ecommerce platform to synchronize data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Shoppingfeed
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25550 CRITICAL Act Now

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows remote code execution via the “hostname” parameter when maliciously crafted hostname syntax is. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Struxureware Data Center Expert
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-25549 CRITICAL Act Now

A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that allows for remote code execution when using a parameter of the DCE network settings endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Struxureware Data Center Expert
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-2138 CRITICAL PATCH Act Now

Use of Hard-coded Credentials in GitHub repository nuxtlabs/github-module prior to 1.6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nuxt
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28863 CRITICAL Act Now

AMI MegaRAC SPx12 and SPx13 devices have Insufficient Verification of Data Authenticity. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Megarac Sp X
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-29410 HIGH PATCH This Week

A CWE-20: Improper Input Validation vulnerability exists that could allow an authenticated attacker to gain the same privilege as the application on the server when a malicious payload is provided. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Insighthome Firmware Insightfacility Firmware Conext Gateway Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-28003 HIGH This Week

A CWE-613: Insufficient Session Expiration vulnerability exists that could allow an attacker to maintain unauthorized access over a hijacked session in PME after the legitimate user has signed out of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ecostruxure Power Monitoring Expert
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25547 HIGH This Week

A CWE-863: Incorrect Authorization vulnerability exists that could allow remote code execution on upload and install packages when a hacker is using a low privileged user account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Authentication Bypass Struxureware Data Center Expert
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-22294 HIGH This Week

Privilege escalation in Tribe29 Checkmk Appliance before 1.6.4 allows authenticated site users to escalate privileges via incorrectly set permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-25556 HIGH This Week

A CWE-287: Improper Authentication vulnerability exists that could allow a device to be compromised when a key of less than seven digits is entered and the attacker has access to the KNX installation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Merten Instabus Tastermodul 1Fach System M Firmware Merten Instabus Tastermodul 2Fach System M Firmware Merten Tasterschnittstelle 4Fach Plus Firmware Merten Knx Argus 180 2 20M Up System Firmware +3
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-27976 HIGH This Week

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Ecostruxure Control Expert
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2155 MEDIUM POC This Month

A vulnerability was found in SourceCodester Air Cargo Management System 1.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Air Cargo Management System
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-21923 HIGH PATCH This Week

Vulnerability in the Oracle Health Sciences InForm product of Oracle Health Sciences Applications (component: Core). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Denial Of Service Authentication Bypass Health Sciences Inform
NVD
CVSS 3.1
8.3
EPSS
0.6%
CVE-2023-21990 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Oracle Vm Virtualbox
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2023-25555 HIGH This Week

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could allow a user that knows the credentials to execute unprivileged. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Command Injection Struxureware Data Center Expert
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-25552 HIGH This Week

A CWE-862: Missing Authorization vulnerability exists that could allow viewing of unauthorized content, changes or deleting of content, or performing unauthorized functions when tampering the Device. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Struxureware Data Center Expert
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-25554 HIGH This Week

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that allows a local privilege escalation on the appliance when a maliciously. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Command Injection Struxureware Data Center Expert
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-21987 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Oracle Vm Virtualbox
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-21948 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Core). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Oracle Information Disclosure Solaris
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21985 HIGH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

Oracle Authentication Bypass Solaris
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2023-30608 HIGH PATCH This Week

sqlparse is a non-validating SQL parser module for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Denial Of Service Sqlparse Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-29413 HIGH PATCH This Week

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause Denial-of-Service when accessed by an unauthenticated user on the Schneider UPS Monitor service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Schneider Electric Authentication Bypass Apc Easy Ups Online Monitoring Software Easy Ups Online Monitoring Software
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-21996 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-21979 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-21964 HIGH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-21912 HIGH PATCH This Week

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Denial Of Service Mysql Server
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-21930 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Java Oracle Authentication Bypass Graalvm Jdk +8
NVD
CVSS 3.1
7.4
EPSS
1.3%
CVE-2023-21932 HIGH This Week

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Denial Of Service Authentication Bypass Hospitality Opera 5 Property Services
NVD
CVSS 3.1
7.2
EPSS
44.7%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy