Skip to main content
CVE-2023-27823 CRITICAL POC THREAT Emergency

An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 52.5%.

Authentication Bypass 1080Pstx
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
52.5%
Threat
5.0
CVE-2023-30247 CRITICAL POC Act Now

File Upload vulnerability found in Oretnom23 Storage Unit Rental Management System v.1.0 allows a remote attacker to execute arbitrary code via the update_settings parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Storage Unit Rental Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-31983 CRITICAL POC THREAT Act Now

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the mp function in /bin/webs without any limitations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Br 6428Ns Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
24.9%
CVE-2023-31985 CRITICAL POC Act Now

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the formAccept function in /bin/webs without any limitations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Br 6428Ns Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.1%
CVE-2023-30246 CRITICAL POC Act Now

SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the contestant_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-2676 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Magic R160 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2672 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-32243 CRITICAL POC THREAT Act Now

Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.4.0 through 5.7.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Essential Addons For Elementor
NVD
CVSS 3.1
9.8
EPSS
75.5%
CVE-2023-2669 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-2668 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30330 CRITICAL POC Act Now

SoftExpert (SE) Excellence Suite 2.x versions before 2.1.3 is vulnerable to Local File Inclusion in the function /se/v42300/generic/gn_defaultframe/2.0/defaultframe_filter.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Excellence Suite
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
5.9%
CVE-2023-29809 CRITICAL POC THREAT Act Now

SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Companymaps
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
10.5%
CVE-2023-30192 CRITICAL POC Act Now

Prestashop possearchproducts 1.7 is vulnerable to SQL Injection via PosSearch::find(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Possearchproducts
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2022-47879 HIGH POC This Week

A Remote Code Execution (RCE) vulnerability in /be/rpc.php in Jedox 2020.2.5 allows remote authenticated users to load arbitrary PHP classes from the 'rtn' directory and execute its methods. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Jedox Jedox Cloud
NVD Exploit-DB VulDB
CVSS 3.1
7.5
EPSS
6.7%
CVE-2023-32073 HIGH POC PATCH This Week

WWBN AVideo is an open source video platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Avideo
NVD GitHub
CVSS 3.1
8.8
EPSS
6.5%
CVE-2023-30130 HIGH POC This Week

An issue found in CraftCMS v.3.8.1 allows a remote attacker to execute arbitrary code via a crafted script to the Section parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Craft Cms
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-29657 HIGH POC This Week

eXtplorer 2.1.15 is vulnerable to Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Extplorer
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-2677 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Covid-19 Contact Tracing System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Covid 19 Contact Tracing System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2670 HIGH POC This Week

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-31922 HIGH POC This Week

QuickJS commit 2788d71 was discovered to contain a stack-overflow via the component js_proxy_isArray at quickjs.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Quickjs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-1934 HIGH POC This Week

The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PostgreSQL SQLi Pnpscada
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
8.1%
CVE-2023-23169 MEDIUM POC This Month

Synapsoft pdfocus 1.17 is vulnerable to local file inclusion and server-side request forgery Directory Traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal SSRF Pdfocus
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-2671 MEDIUM POC This Month

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-2667 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lost And Found Information System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-29808 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Companymaps
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2022-47880 MEDIUM POC This Month

An Information disclosure vulnerability in /be/rpc.php in Jedox GmbH Jedox 2020.2.5 allow remote, authenticated users with permissions to modify database connections to disclose a connections'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure PHP Jedox Jedox Cloud
NVD Exploit-DB VulDB
CVSS 3.1
5.3
EPSS
3.2%
CVE-2023-1096 CRITICAL Act Now

SnapCenter versions 4.7 prior to 4.7P2 and 4.8 prior to 4.8P1 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to gain access as an admin user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Snapcenter
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32306 CRITICAL Act Now

Time Tracker is an open source time tracking system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Time Tracker
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-27238 CRITICAL Act Now

LavaLite CMS v 9.0.0 was discovered to be vulnerable to web cache poisoning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Request Smuggling Lavalite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31921 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_big_uint_div_mod at jerry-core/ecma/operations/ecma-big-uint.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31920 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the vm_loop at jerry-core/vm/vm.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31919 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the jcontext_raise_exception at jerry-core/jcontext/jcontext.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31918 MEDIUM POC This Month

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the parser_parse_function_arguments at jerry-core/parser/js/js-parser.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31916 MEDIUM POC This Month

Jerryscript 3.0 (commit 1a2c047) was discovered to contain an Assertion Failure via the jmem_heap_finalize at jerry-core/jmem/jmem-heap.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31914 MEDIUM POC This Month

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain out-of-memory issue in malloc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31913 MEDIUM POC This Month

Jerryscript 3.0 *commit 1a2c047) was discovered to contain an Assertion Failure via the component parser_parse_class at jerry-core/parser/js/js-parser-expr.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-29983 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Companymaps
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
5.1%
CVE-2023-2678 MEDIUM POC This Month

A vulnerability has been found in SourceCodester File Tracker Manager System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS File Tracker Manager System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-20877 HIGH This Week

VMware Aria Operations contains a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation RCE VMware Authentication Bypass Cloud Foundation +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-32305 HIGH PATCH This Week

aiven-extras is a PostgreSQL extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Privilege Escalation RCE PostgreSQL Aiven
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2458 HIGH This Week

Use after free in ChromeOS Camera in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2457 HIGH This Week

Out of bounds write in ChromeOS Audio Server in Google Chrome on ChromeOS prior to 113.0.5672.114 allowed a remote attacker to potentially exploit heap corruption via crafted audio file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-2515 HIGH PATCH This Week

Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Mattermost Authentication Bypass Mattermost Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-28522 HIGH PATCH This Week

IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure IBM Api Connect
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2674 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-23444 HIGH This Week

Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070,. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ue410 En4 Firmware Ue410 En3 Firmware Ue410 En1 Firmware Fx0 Gpnt00030 Firmware +7
NVD
CVSS 3.1
8.2
EPSS
1.2%
CVE-2023-2512 HIGH PATCH This Week

Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Buffer Overflow Information Disclosure Workerd
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-29032 HIGH PATCH This Week

An attacker that has gained access to certain private information can use this to act as other user. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Authentication Bypass Openmeetings
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-25009 HIGH This Week

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds write vulnerability which could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE 3Ds Max Usd
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-25008 HIGH This Week

A malicious actor may convince a user to open a malicious USD file that may trigger an out-of-bounds read vulnerability which could result in code execution. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure 3Ds Max Usd
NVD
CVSS 3.1
7.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy