Skip to main content
CVE-2023-30328 CRITICAL POC Act Now

An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apple Authentication Bypass Shimo
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2523 CRITICAL POC THREAT Act Now

A vulnerability was found in Weaver E-Office 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft E Office
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
32.9%
CVE-2023-30203 CRITICAL POC Act Now

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29827 CRITICAL POC Act Now

ejs v3.1.9 is vulnerable to server-side template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Ejs
NVD GitHub
CVSS 3.1
9.8
EPSS
5.6%
CVE-2023-30331 CRITICAL POC Act Now

An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Beetl
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-30077 CRITICAL POC Act Now

Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29842 HIGH POC This Week

ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Churchcrm
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-27568 HIGH POC This Week

SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]=. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure SQLi Commerce Os
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-30399 HIGH POC This Week

Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wallbox Glb Firmware Wallbox Gtb Firmware Wallbox Gtc Firmware
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-25438 HIGH POC This Week

An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Millegpg
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-25289 HIGH POC This Week

Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Digital Reciptie
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
7.7%
CVE-2023-29996 HIGH POC This Week

In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29995 HIGH POC This Week

In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-29994 HIGH POC This Week

In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nanomq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-26125 HIGH POC PATCH This Week

Versions of the package github.com/gin-gonic/gin before 1.9.0 are vulnerable to Improper Input Validation by allowing an attacker to use a specially crafted request via the X-Forwarded-Prefix header,. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gin
NVD GitHub
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-2522 HIGH POC THREAT This Week

A vulnerability was found in Chengdu VEC40G 3.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Vec40G Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
33.7%
CVE-2023-30093 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Open Networking Foundation ONOS from version v1.9.0 to v2.7.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Onos
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-23059 CRITICAL Act Now

An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft RCE Gv Edge Recording Manager
NVD VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-22651 CRITICAL PATCH Act Now

Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Rancher
NVD GitHub
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-21504 CRITICAL Act Now

Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-21503 CRITICAL Act Now

Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-21494 CRITICAL Act Now

Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30268 CRITICAL Act Now

CLTPHP <=6.0 is vulnerable to Improper Input Validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Cltphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30264 CRITICAL Act Now

CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Cltphp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-20126 CRITICAL Act Now

A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Cisco Authentication Bypass Spa112 Firmware
NVD
CVSS 3.1
9.8
EPSS
38.1%
CVE-2023-2524 CRITICAL Act Now

A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rhid
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-2520 CRITICAL Act Now

A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical.cgi?action=Command of the component Ping Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Caton Prime
NVD VulDB
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-2519 CRITICAL Act Now

A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ctp Relay Server
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-30216 MEDIUM POC This Month

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Newbee Mall
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-30097 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Messenger
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-30096 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Messenger
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-30095 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Messenger
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-30094 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Flow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-30184 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Typecho
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27075 MEDIUM POC PATCH This Month

A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microbin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-31415 HIGH This Week

Kibana version 8.7.0 contains an arbitrary code execution flaw. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Elastic Kibana
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-31414 HIGH This Week

Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Elastic Kibana
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-24958 HIGH This Week

A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE Command Injection IBM 3957 Vec Firmware +2
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-31099 HIGH This Week

Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Zoho Manageengine Opmanager
NVD
CVSS 3.1
8.8
EPSS
81.6%
CVE-2023-21505 HIGH This Week

Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Core Services
NVD
CVSS 3.1
8.6
EPSS
0.3%
CVE-2023-30550 MEDIUM POC This Month

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
CVSS 3.1
4.5
EPSS
0.7%
CVE-2023-21509 HIGH This Week

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Samsung Samsung Blockchain Keystore
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21508 HIGH This Week

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Samsung Samsung Blockchain Keystore
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21506 HIGH This Week

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Samsung Samsung Blockchain Keystore
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21502 HIGH This Week

Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21501 HIGH This Week

Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21499 HIGH This Week

Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21498 HIGH This Week

Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21497 HIGH This Week

Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-21491 HIGH This Week

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy