Skip to main content
CVE-2023-28528 HIGH POC PATCH Act Now

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Command Injection IBM Vios Aix
NVD GitHub
CVSS 3.1
7.8
EPSS
1.5%
CVE-2023-31470 CRITICAL POC PATCH Act Now

SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Smartdns
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-26813 CRITICAL POC Act Now

SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java SQLi Wangmarket
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-26781 CRITICAL POC Act Now

SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mccms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2371 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2370 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2369 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2368 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2367 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2366 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2365 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2363 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Resort Reservation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-24269 HIGH POC This Week

An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Textpattern
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-30854 HIGH POC PATCH This Week

AVideo is an open source video platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
5.2%
CVE-2023-29815 HIGH POC This Week

mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mccms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2375 HIGH POC This Week

A weakness has been identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
6.6%
CVE-2023-2374 HIGH POC This Week

A security flaw has been discovered in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.5%
CVE-2023-2378 HIGH POC This Week

A flaw has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.3%
CVE-2023-2377 HIGH POC This Week

A vulnerability was detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.3%
CVE-2023-2376 HIGH POC This Week

A security vulnerability has been detected in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.3%
CVE-2023-2373 HIGH POC This Week

A vulnerability was identified in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Command Injection Edgemax Edgerouter Firmware
NVD GitHub VulDB
CVSS 4.0
7.3
EPSS
4.3%
CVE-2022-38583 HIGH POC This Week

On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Sage 300
NVD VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31483 HIGH POC PATCH This Week

tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Cbang
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-30858 HIGH POC PATCH This Week

The Denosaurs emoji package provides emojis for dinosaurs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Emoji
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-2379 HIGH POC This Week

A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ubiquiti Denial Of Service Er X Firmware Er X Sfp Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-2356 HIGH POC PATCH This Week

Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
7.5
EPSS
4.1%
CVE-2023-30024 MEDIUM POC This Month

The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation A921 Firmware
NVD
CVSS 3.1
6.6
EPSS
0.5%
CVE-2023-2411 MEDIUM POC This Month

A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ac Repair And Services System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2410 MEDIUM POC This Month

A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ac Repair And Services System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2409 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ac Repair And Services System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-2408 MEDIUM POC This Month

A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ac Repair And Services System
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-26782 MEDIUM POC This Month

An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Denial Of Service Mccms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2380 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear Denial Of Service Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-2396 MEDIUM POC This Month

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-2395 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-30125 MEDIUM POC This Month

EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27973 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Heap Overflow and/or Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware +37
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-27972 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware Laserjet Pro M304 M305 W1A47A Firmware +36
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-30856 CRITICAL Act Now

eDEX-UI is a science fiction terminal emulator. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Edex Ui
NVD GitHub
CVSS 3.1
10.0
EPSS
0.3%
CVE-2023-27971 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to Buffer Overflow and/or Elevation of Privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

HP Buffer Overflow Laserjet Pro M304 M305 W1A46A Firmware Laserjet Pro M304 M305 W1A47A Firmware Laserjet Pro M304 M305 W1A48A Firmware +35
NVD VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-1966 CRITICAL Act Now

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Iscan Firmware Iseq 100 Firmware Miniseq Firmware +8
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0834 CRITICAL Act Now

Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.12 before 8.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple Workforce Access
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-30467 CRITICAL Act Now

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Authentication Bypass Ms N5008 Uc Firmware Ms N1008 Unc Firmware Ms N1008 Uc Firmware +18
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-30466 CRITICAL Act Now

This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Ms N5008 Uc Firmware Ms N1008 Unc Firmware Ms N1008 Uc Firmware Ms N1004 Uc Firmware +17
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-30405 MEDIUM POC THREAT This Month

A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wireless N Repeater Mini Router Firmware
NVD
CVSS 3.1
5.4
EPSS
29.3%
CVE-2023-30123 MEDIUM POC This Month

wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wuzhicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2364 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Resort Reservation System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-2361 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2397 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0.php?f=save_field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Mobile Comparison Website
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-2394 MEDIUM POC This Month

A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Netgear XSS Srx5308 Firmware
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy