Skip to main content
CVE-2023-27524 CRITICAL POC KEV PATCH THREAT Act Now

Session Validation attacks in Apache Superset versions up to and including 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Information Disclosure Superset
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
97.4%
CVE-2023-1020 CRITICAL POC Act Now

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Live Chat Shoutbox
NVD WPScan
CVSS 3.1
9.8
EPSS
5.0%
CVE-2023-29566 CRITICAL POC PATCH Act Now

huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Command Injection Dawnsparks Node Tesseract Huedawn Tesseract
NVD GitHub
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-27849 CRITICAL POC Act Now

rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Rails Routes To Json
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-27848 CRITICAL POC Act Now

broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Broccoli Compass
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-26865 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bdroppy
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31060 CRITICAL POC Act Now

Repetier Server through 1.4.10 executes as SYSTEM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Repetier Server
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-30613 CRITICAL POC PATCH Act Now

Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
9.0
EPSS
1.0%
CVE-2023-30628 HIGH POC PATCH This Week

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Kiwi Tcms
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-30623 HIGH POC PATCH This Week

`embano1/wip` is a GitHub Action written in Bash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Wip
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2023-2260 HIGH POC PATCH This Week

Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Alf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2258 HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0388 HIGH POC This Week

The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Random Text
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-29849 HIGH POC This Week

Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bang Resto
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.2%
CVE-2023-29578 HIGH POC This Week

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-31061 HIGH POC This Week

Repetier Server through 1.4.10 does not have CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Repetier Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-30626 HIGH POC PATCH This Week

Jellyfin is a free-software media system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal XSS Jellyfin
NVD GitHub
CVSS 3.1
8.1
EPSS
2.0%
CVE-2023-30629 HIGH POC PATCH This Week

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-29780 HIGH POC This Week

Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 3Rsb015Bz Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-2251 HIGH POC PATCH This Week

Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yaml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-24818 HIGH POC PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31059 HIGH POC This Week

Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Repetier Server
NVD
CVSS 3.1
7.5
EPSS
5.6%
CVE-2023-2259 HIGH POC PATCH This Week

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Ssti Alf
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-28484 MEDIUM POC This Month

In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Libxml2 Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-1624 MEDIUM POC This Month

The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Wpcode
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-1623 MEDIUM POC This Month

The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Custom Post Type Ui
NVD WPScan
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-1129 MEDIUM POC This Month

The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wp Fevents Book
NVD WPScan
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-1435 MEDIUM POC This Month

The Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape various parameters before outputting them back in pages, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1420 MEDIUM POC This Month

The Ajax Search Lite WordPress plugin before 4.11.1, Ajax Search Pro WordPress plugin before 4.26.2 does not sanitise and escape a parameter before outputting it back in a response of an AJAX action,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ajax Search
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1324 MEDIUM POC This Month

The Easy Forms for Mailchimp WordPress plugin before 6.8.8 does not sanitise and escape some parameters before outputting them back in the response, leading to a Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Easy Forms For Mailchimp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-0899 MEDIUM POC This Month

The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before outputting it back in the Shoutbox, leading to Stored Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Live Chat Shoutbox
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-26494 MEDIUM POC PATCH This Month

lorawan-stack is an open source LoRaWAN network server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Lorawan Stack
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-24823 CRITICAL PATCH Act Now

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Denial Of Service Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30378 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "sub_8EE8" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30376 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "henan_pppoe_user" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30375 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "getIfIp" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30373 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "xian_pppoe_user" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30372 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, The function "xkjs_ver32" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30371 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function "sub_ED14" contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30370 CRITICAL Act Now

In Tenda AC15 V15.03.05.19, the function GetValue contains a stack-based buffer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24819 CRITICAL PATCH Act Now

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow RCE Denial Of Service Riot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30369 CRITICAL Act Now

Tenda AC15 V15.03.05.19 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac15 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30368 CRITICAL Act Now

Tenda AC5 V15.03.06.28 is vulnerable to Buffer Overflow via the initWebs function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac5 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-25133 CRITICAL Act Now

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25132 CRITICAL Act Now

Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-25131 CRITICAL Act Now

Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Powerpanel
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-22581 CRITICAL Act Now

White Rabbit Switch contains a vulnerability which makes it possible for an attacker to perform system commands under the context of the web application (the default installation makes the webserver. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure White Rabbit Switch Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-28131 CRITICAL PATCH Act Now

A vulnerability in the expo.io framework allows an attacker to take over accounts and steal credentials on an application/website that configured the "Expo AuthSession Redirect Proxy" for social. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Expo Software Development Kit
NVD
CVSS 3.1
9.6
EPSS
23.0%
CVE-2023-30414 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30410 MEDIUM POC This Month

Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy