Skip to main content
CVE-2023-2215 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Campcodes Coffee Shop POS System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-2206 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Campcodes Retro Basketball Shoes Online Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1892 CRITICAL POC PATCH Act Now

Cross-site Scripting (XSS) - Reflected in GitHub repository sidekiq/sidekiq prior to 7.0.8. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Sidekiq
NVD GitHub
CVSS 3.1
9.6
EPSS
2.7%
CVE-2023-2227 CRITICAL POC PATCH THREAT Act Now

Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Modoboa
NVD GitHub
CVSS 3.1
9.1
EPSS
43.8%
CVE-2023-26876 HIGH POC This Week

SQL injection vulnerability found in Piwigo v.13.5.0 and before allows a remote attacker to execute arbitrary code via the filter_user_id parameter to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Piwigo
NVD GitHub
CVSS 3.1
8.8
EPSS
9.7%
CVE-2023-30620 HIGH POC PATCH This Week

mindsdb is a Machine Learning platform to help developers build AI solutions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mindsdb
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-2214 HIGH POC This Week

A vulnerability was found in Campcodes Coffee Shop POS System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2213 HIGH POC This Week

A vulnerability was found in Campcodes Coffee Shop POS System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2212 HIGH POC This Week

A vulnerability was found in Campcodes Coffee Shop POS System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2211 HIGH POC This Week

A vulnerability was found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2210 HIGH POC This Week

A vulnerability has been found in Campcodes Coffee Shop POS System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2209 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Coffee Shop POS System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2208 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Retro Basketball Shoes Online Store 1.0.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2207 HIGH POC This Week

A vulnerability classified as critical was found in Campcodes Retro Basketball Shoes Online Store 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2205 HIGH POC This Week

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2204 HIGH POC This Week

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Basketball Shoes Online Store
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2228 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Modoboa
NVD GitHub
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-2220 MEDIUM POC This Month

A vulnerability was found in Dream Technology mica up to 3.0.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mica
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2216 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Coffee Shop POS System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Coffee Shop Pos System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-30621 CRITICAL PATCH Act Now

Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Gipsy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-29924 CRITICAL Act Now

PowerJob V4.3.1 is vulnerable to Incorrect Access Control that allows for remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Powerjob
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2231 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Max G866Ac Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-2218 CRITICAL Act Now

A vulnerability has been found in SourceCodester Task Reminder System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Task Reminder System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2217 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Task Reminder System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Task Reminder System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-1998 MEDIUM POC PATCH This Month

The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. Rated medium severity (CVSS 5.6). Public exploit code available.

Code Injection Linux Linux Kernel Debian Linux
NVD GitHub Exploit-DB
CVSS 3.1
5.6
EPSS
1.4%
CVE-2023-29575 MEDIUM POC This Month

Bento4 v1.6.0-639 was discovered to contain an out-of-memory bug in the mp42aac component. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Bento4
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-26556 CRITICAL PATCH Act Now

io.finnet tss-lib before 2.0.0 can leak a secret key via a timing side-channel attack because it relies on the scalar-multiplication implementation in Go crypto/elliptic, which is not constant time. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tss Lib
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-2141 HIGH This Week

An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Delmia Apriso
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-29019 HIGH PATCH This Week

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Session Fixation Passport
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-30798 HIGH PATCH This Week

There MultipartParser usage in Encode's Starlette python framework before versions 0.25.0 allows an unauthenticated and remote attacker to specify any number of form fields or files which can cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Python Denial Of Service Starlette
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-26557 HIGH PATCH This Week

io.finnet tss-lib before 2.0.0 can leak the lambda value of a private key via a timing side-channel attack because it relies on Go big.Int, which is not constant time for Cmp, modular exponentiation,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Tss Lib
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2140 HIGH This Week

A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 could allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Delmia Apriso
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-26101 HIGH This Week

In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Flowmon Packet Investigator
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29020 MEDIUM PATCH This Month

@fastify/passport is a port of passport authentication library for the Fastify ecosystem. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Passport
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-2202 MEDIUM PATCH This Month

Improper Access Control in GitHub repository francoisjacquet/rosariosis prior to 10.9.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Rosariosis
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-2139 MEDIUM This Month

A reflected Cross-site Scripting (XSS) Vulnerability in DELMIA Apriso Release 2017 through Release 2022 allows an attacker to execute arbitrary script code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Delmia Apriso
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-26100 MEDIUM This Month

In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Flowmon Os
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-2219 MEDIUM This Month

A vulnerability was found in SourceCodester Task Reminder System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Task Reminder System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2118 MEDIUM This Month

Insufficient access control in support ticket feature in Devolutions Server 2023.1.5.0 and below allows an authenticated attacker to send support tickets and download diagnostic files via specific. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2226 MEDIUM This Month

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Velociraptor
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-29917 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via go parameter at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29916 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateWanParams interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29915 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via CMD parameter at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29914 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29913 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetAPWifiorLedInfoById interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29912 MEDIUM This Month

H3C Magic R200 R200V100R004 was discovered to contain a stack overflow via the DelvsList interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29911 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddMacList interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29910 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateMacClone interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29909 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the AddWlanMacList interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-29908 MEDIUM This Month

H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the SetMobileAPInfoById interface at /goform/aspForm. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R200 Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy