Skip to main content
CVE-2023-2451 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical.php of the component GET Parameter Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Dj Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30859 CRITICAL POC Act Now

Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Triton
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2236 HIGH POC This Week

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27035 HIGH POC This Week

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Obsidian
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-30063 HIGH POC This Week

D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 890L Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-30061 HIGH POC This Week

D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 879 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-26987 MEDIUM POC This Month

An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Konga
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-29641 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Editor Md
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29637 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qbian61 Forum Java
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-29635 CRITICAL PATCH Act Now

File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload Antabot White Jotter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-29681 MEDIUM POC This Month

Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda N301 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-29680 MEDIUM POC This Month

Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tenda N301 Firmware
NVD
CVSS 3.1
5.7
EPSS
0.4%
CVE-2023-29643 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Perfreeblog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-29639 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Blog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29638 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in WinterChenS my-site before commit 3f0423da6d5200c7a46e200da145c1f54ee18548, allows attackers to inject arbitrary web script or HTML via editing blog. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Site
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-29636 MEDIUM POC This Month

Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Blog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27108 MEDIUM POC This Month

An issue was discovered in KaiOS 3.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Kaios
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-22919 HIGH PATCH This Week

The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Zyxel Nbg6604 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-25492 HIGH This Week

A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-0683 HIGH This Week

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx Enclosure Firmware +105
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0896 HIGH This Week

A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Lenovo Authentication Bypass Smart Clock Essential With Alexa Built In Firmware
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-2235 HIGH PATCH This Week

A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22922 HIGH PATCH This Week

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22921 HIGH PATCH This Week

A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

XSS Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28092 MEDIUM This Month

A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Integrated Lights Out Firmware Proliant Rl300 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2023-22923 MEDIUM PATCH This Month

A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-30639 MEDIUM This Month

Archer Platform 6.8 before 6.12 P6 HF1 (6.12.0.6.1) contains a stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Archer
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-22503 MEDIUM This Month

Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Atlassian Confluence Data Center Confluence Server
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-22924 MEDIUM PATCH This Month

A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Zyxel Nbg 418N Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-2197 LOW Monitor

HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. Rated low severity (CVSS 2.5). No vendor patch available.

Oracle Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
2.5
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy