Skip to main content
CVE-2023-30404 CRITICAL POC Act Now

Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Wireless N Repeater Mini Router Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-30845 CRITICAL POC PATCH Act Now

ESPv2 is a service proxy that provides API management capabilities using Google Service Infrastructure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Espv2
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-30363 CRITICAL POC PATCH Act Now

vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Vconsole
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30211 CRITICAL POC Act Now

OURPHP <= 7.2.0 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ourphp
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27843 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ask For A Quote
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-27107 HIGH POC This Week

Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Central Server Print Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2291 HIGH POC This Week

Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Zoho PostgreSQL Authentication Bypass Manageengine Access Manager Plus Manageengine Pam360 +1
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-29835 HIGH POC This Week

Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Dr Fone
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29596 HIGH POC This Week

Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Cmix
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-27978 HIGH POC This Week

Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tooljet
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-1387 HIGH POC This Week

Grafana is an open-source platform for monitoring and observability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Grafana Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-29836 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Exelysis Unified Communications Solution
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-30212 MEDIUM POC This Month

OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ourphp
NVD
CVSS 3.1
6.1
EPSS
8.1%
CVE-2023-30210 MEDIUM POC This Month

OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ourphp
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-2294 MEDIUM POC This Month

A vulnerability was found in UCMS 1.6.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ucms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-30280 CRITICAL Act Now

Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Netgear R6900 Firmware R6700 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29268 CRITICAL Act Now

The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Spotfire Statistics Services
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24796 CRITICAL Act Now

Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Wr Ac1200 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-30841 MEDIUM POC PATCH This Month

Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Baremetal Operator
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26930 MEDIUM POC This Month

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Xpdf
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-27979 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tooljet
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-30266 HIGH This Week

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Cltphp
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2307 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0.

CSRF Qwik
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-28009 HIGH This Week

HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Workload Automation
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-28008 HIGH This Week

HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Workload Automation
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-26567 HIGH This Week

Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Freepbx Linux 7
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-30269 HIGH This Week

CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Cltphp
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-26286 HIGH This Week

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-26735 HIGH This Week

blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Blackbox Exporter
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-30846 HIGH PATCH This Week

typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Typed Rest Client
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-27559 HIGH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft IBM Db2
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-30546 HIGH PATCH This Week

Contiki-NG is an operating system for Internet of Things devices. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Contiki Ng
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-30112 HIGH This Week

Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Medicine Tracker System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2273 HIGH This Week

Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Insight Agent
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29257 HIGH PATCH This Week

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

RCE Microsoft IBM Db2
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-30843 MEDIUM PATCH This Month

Payload is a free and open source headless content management system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Payload
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-31250 MEDIUM PATCH This Month

The file download facility doesn't sufficiently sanitize file paths in certain situations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Drupal
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-30265 MEDIUM This Month

CLTPHP <=6.0 is vulnerable to Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cltphp
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-26560 MEDIUM This Month

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cfengine
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-29442 MEDIUM This Month

Zoho ManageEngine Applications Manager before 16400 allows proxy.html DOM XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Applications Manager
NVD
CVSS 3.1
6.1
EPSS
9.4%
CVE-2023-22729 MEDIUM PATCH This Month

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Framework
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30267 MEDIUM This Month

CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Cltphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30111 MEDIUM This Month

Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Medicine Tracker System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30106 MEDIUM This Month

Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Medicine Tracker System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1786 MEDIUM PATCH This Month

Sensitive data could be exposed in logs of cloud-init before version 23.1.2. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Cloud Init Ubuntu Linux Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29443 MEDIUM This Month

Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE Zoho Manageengine Assetexplorer Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
4.9
EPSS
3.0%
CVE-2023-0458 MEDIUM PATCH This Month

A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. Rated medium severity (CVSS 4.7). This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
4.7
EPSS
0.7%
CVE-2023-22728 MEDIUM PATCH This Month

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Framework
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy