Skip to main content
CVE-2023-30013 CRITICAL POC THREAT Emergency

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
25.9%
CVE-2023-30122 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-30054 CRITICAL POC Act Now

TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-30053 CRITICAL POC Act Now

TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A7100Ru Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-30135 CRITICAL POC Act Now

Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac18 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-2531 CRITICAL POC PATCH Act Now

Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Azuracast
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30065 HIGH POC This Week

MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gpt 2741Gnac N2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-2552 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Bumsys
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-2551 HIGH POC PATCH This Week

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

LFI PHP Information Disclosure Bumsys
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-32235 HIGH POC PATCH THREAT This Week

Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Ghost
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
39.1%
CVE-2023-29963 HIGH POC This Week

S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP S Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2023-2554 HIGH POC PATCH THREAT This Week

External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Bumsys
NVD GitHub
CVSS 3.1
7.2
EPSS
29.1%
CVE-2023-29659 MEDIUM POC PATCH This Month

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libheif Fedora
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-30242 CRITICAL Act Now

NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30090 CRITICAL Act Now

Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload PHP Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2553 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Bumsys
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2516 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2550 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2427 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Phpmyfaq
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-28068 HIGH This Week

Dell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Command Monitor
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30243 HIGH This Week

Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Application Security Gateway
NVD VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-29350 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Microsoft Edge Chromium
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-32269 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 6.1.11. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-26285 MEDIUM PATCH This Month

IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
5.9
EPSS
0.9%
CVE-2023-30434 MEDIUM PATCH This Month

IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Elastic Information Disclosure IBM Elastic Storage System Spectrum Scale
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29942 MEDIUM PATCH This Month

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Llvm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29941 MEDIUM PATCH This Month

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Llvm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29939 MEDIUM PATCH This Month

llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Llvm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29935 MEDIUM PATCH This Month

llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Llvm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29934 MEDIUM PATCH This Month

llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Llvm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29933 MEDIUM PATCH This Month

llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Llvm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29932 MEDIUM PATCH This Month

llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Llvm
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-22874 MEDIUM PATCH This Month

IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service IBM Mq Appliance
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-29354 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google Microsoft Edge Chromium
NVD
CVSS 3.1
4.7
EPSS
1.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy