Skip to main content
CVE-2023-30628 HIGH POC PATCH This Week

Kiwi TCMS is an open source test management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Kiwi Tcms
NVD GitHub
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-30623 HIGH POC PATCH This Week

`embano1/wip` is a GitHub Action written in Bash. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Wip
NVD GitHub
CVSS 3.1
8.8
EPSS
3.7%
CVE-2023-2260 HIGH POC PATCH This Week

Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Alf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2258 HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Alf
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-0388 HIGH POC This Week

The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Random Text
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-29849 HIGH POC This Week

Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Bang Resto
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
3.2%
CVE-2023-29578 HIGH POC This Week

mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Mp4V2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-31061 HIGH POC This Week

Repetier Server through 1.4.10 does not have CSRF protection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Repetier Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-30626 HIGH POC PATCH This Week

Jellyfin is a free-software media system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Path Traversal XSS Jellyfin
NVD GitHub
CVSS 3.1
8.1
EPSS
2.0%
CVE-2023-30629 HIGH POC PATCH This Week

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-29780 HIGH POC This Week

Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service 3Rsb015Bz Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-2251 HIGH POC PATCH This Week

Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Yaml
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-24818 HIGH POC PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-31059 HIGH POC This Week

Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Repetier Server
NVD
CVSS 3.1
7.5
EPSS
5.6%
CVE-2023-2259 HIGH POC PATCH This Week

Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Ssti Alf
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-27991 HIGH This Week

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Atp200 Firmware Atp100 Firmware Atp700 Firmware +16
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-26060 HIGH This Week

An issue was discovered in Nokia NetAct before 22 FP2211. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Nokia CSRF Netact
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-30622 HIGH PATCH This Week

Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Clusternet
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-22916 HIGH This Week

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +15
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-22913 HIGH This Week

A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +8
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-2007 HIGH PATCH This Week

The specific flaw exists within the DPT I2O Controller driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Linux Kernel Debian Linux H300s Firmware H500s Firmware +4
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-2257 HIGH This Week

Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Authentication Bypass Workspace
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30533 HIGH This Week

SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Prototype Pollution Sheetjs
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-22917 HIGH This Week

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +15
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22915 HIGH This Week

A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +9
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-24822 HIGH PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-24821 HIGH PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-29480 HIGH This Week

Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rnp
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-24820 HIGH PATCH This Week

RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Denial Of Service Riot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22577 HIGH This Week

Within White Rabbit Switch it's possible as an unauthenticated user to retrieve sensitive information such as password hashes and the SNMP community strings. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure White Rabbit Switch Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22914 HIGH This Week

A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Zyxel Usg Flex 100 Firmware Usg Flex 100W Firmware Usg Flex 200 Firmware +8
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-1731 HIGH This Week

In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Lantime Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-26099 HIGH This Week

An issue was discovered in Telindus Apsal 3.14.2022.235 b. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apsal
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-2006 HIGH PATCH This Week

A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. Rated high severity (CVSS 7.0).

Race Condition RCE Linux Linux Kernel Hci Baseboard Management Controller
NVD GitHub
CVSS 3.1
7.0
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy