Skip to main content
CVE-2023-2661 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2659 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2658 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2656 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ac Repair And Services System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31498 CRITICAL POC Act Now

A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote attacker to execute arbitrary code and access sensitive information via the session token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP RCE Session Fixation Hospital Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-31475 CRITICAL POC THREAT Act Now

An issue was discovered on GL.iNet devices before 3.216. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware Gl Mt2500 Firmware +28
NVD GitHub
CVSS 3.1
9.8
EPSS
13.7%
CVE-2023-2653 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2652 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2648 CRITICAL POC THREAT Act Now

A vulnerability was found in Weaver E-Office 9.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Microsoft E Office
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
28.5%
CVE-2023-2645 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in USR USR-G806 1.0.41. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Usr G806 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-2643 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester File Tracker Manager System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi File Tracker Manager System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2642 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Online Exam System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Exam System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2641 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Internship Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Internship Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-31146 CRITICAL POC PATCH Act Now

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-31531 HIGH POC This Week

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the tomography_ping_number parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cx2L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-31530 HIGH POC This Week

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the smartqos_priority_devices parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cx2L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-31529 HIGH POC This Week

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the system_time_timezone parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cx2L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-31528 HIGH POC This Week

Motorola CX2L Router 1.0.1 was discovered to contain a command injection vulnerability via the staticroute_list parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cx2L Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-2649 HIGH POC This Week

A vulnerability was found in Tenda AC23 16.03.07.45_cn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac23 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
9.7%
CVE-2023-2647 HIGH POC This Week

A vulnerability was found in Weaver E-Office 9.5 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Command Injection Microsoft E Office
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
7.0%
CVE-2023-31497 HIGH POC This Week

Incorrect access control in Quick Heal Technologies Limited Seqrite Endpoint Security (EPS) all versions prior to v8.0 allows attackers to escalate privileges to root via supplying a crafted binary. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation End Point Security
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-32059 HIGH POC PATCH This Week

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-32058 HIGH POC PATCH This Week

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31477 HIGH POC This Week

A path traversal issue was discovered on GL.iNet devices before 3.216. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware Gl Mt2500 Firmware +28
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31502 HIGH POC This Week

Altenergy Power Control Software C1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the component /models/management_model.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Alternergy Power Control Software
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-2660 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.8%
CVE-2023-25309 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Rollout Ui
NVD VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-2657 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Computer And Laptop Store
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-30256 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Qloapps
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
8.7%
CVE-2023-29863 CRITICAL Act Now

Medical Systems Co. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Weblab
NVD VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-24540 CRITICAL PATCH Act Now

Not all valid JavaScript whitespace characters are considered to be whitespace. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Command Injection Go
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-0856 CRITICAL Act Now

Buffer overflow in IPP sides attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Microsoft Mf642Cdw Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-0855 CRITICAL Act Now

Buffer overflow in IPP number-up attribute process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Microsoft Mf642Cdw Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-0854 CRITICAL Act Now

Buffer overflow in NetBIOS QNAME registering and communication process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft Heap Overflow Mf642Cdw Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-0853 CRITICAL Act Now

Buffer overflow in mDNS NSEC record registering process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Microsoft Mf642Cdw Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-0852 CRITICAL Act Now

Buffer overflow in the Address Book of Mobile Device function of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Microsoft Mf642Cdw Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-0851 CRITICAL Act Now

Buffer overflow in CPCA Resource Download process of Office / Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Microsoft Heap Overflow Mf642Cdw Firmware +44
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2664 MEDIUM POC This Month

In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2663 MEDIUM POC This Month

In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-2662 MEDIUM POC This Month

In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdf
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-32668 MEDIUM POC PATCH This Month

LuaTeX before 1.17.0 allows a document (compiled with the default settings) to make arbitrary network requests. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Luatex Miktex Tex Live
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31445 MEDIUM POC This Month

Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Access Controller
NVD GitHub
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-1834 CRITICAL Act Now

Rockwell Automation was made aware that Kinetix 5500 drives, manufactured between May 2022 and January 2023, and are running v7.13 may have the telnet and FTP ports open by default. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Authentication Bypass Kinetix 5500 Firmware
NVD
CVSS 3.1
9.1
EPSS
1.3%
CVE-2023-31473 MEDIUM POC This Month

An issue was discovered on GL.iNet devices before 3.216. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Gl S20 Firmware Gl X3000 Firmware Gl Mt3000 Firmware Gl Mt2500 Firmware +28
NVD GitHub
CVSS 3.1
4.9
EPSS
3.9%
CVE-2023-2444 HIGH This Week

A cross site request forgery vulnerability exists in Rockwell Automation's FactoryTalk Vantagepoint. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell CSRF Factorytalk Vantagepoint
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-29195 MEDIUM POC PATCH This Month

Vitess is a database clustering system for horizontal scaling of MySQL through generalized sharding. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Vitess
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-32075 MEDIUM POC PATCH This Month

The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Customer Management Framework
NVD GitHub
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-29285 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-29284 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Adobe RCE Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29283 HIGH This Week

Adobe Substance 3D Painter versions 8.3.0 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Heap Overflow Substance 3d Painter
NVD
CVSS 3.1
7.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy