Skip to main content
CVE-2023-32314 CRITICAL POC PATCH Act Now

vm2 is a sandbox that can run untrusted code with Node's built-in modules. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Vm2
NVD GitHub
CVSS 3.1
10.0
EPSS
5.6%
CVE-2023-30245 CRITICAL POC Act Now

SQL injection vulnerability found in Judging Management System v.1.0 allows a remote attacker to execute arbitrary code via the crit_id parameter of the edit_criteria.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Judging Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-29861 CRITICAL POC Act Now

An issue found in FLIR-DVTEL version not specified allows a remote attacker to execute arbitrary code via a crafted request to the management page of the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dvtel Camera Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-29862 CRITICAL POC Act Now

An issue found in Agasio-Camera device version not specified allows a remote attacker to execute arbitrary code via the check and authLevel parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Agasio Camera Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-0600 CRITICAL POC Act Now

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 6.9 does not escape user input which is concatenated to an SQL query, allowing unauthenticated visitors to conduct SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Visitor Statistics
NVD WPScan
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-31986 CRITICAL POC Act Now

A Command Injection vulnerability in Edimax Wireless Router N300 Firmware BR-6428NS_v4 allows attacker to execute arbitrary code via the setWAN function in /bin/webs without any limitations. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Br 6428Ns Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
8.2%
CVE-2023-1698 CRITICAL POC THREAT Act Now

In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Command Injection Compact Controller 100 Firmware Edge Controller Firmware Pfc100 Firmware +4
NVD
CVSS 3.1
9.8
EPSS
82.0%
CVE-2023-2124 HIGH POC PATCH This Week

An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux Linux Kernel Debian Linux +5
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-21102 HIGH POC This Week

In __efi_rt_asm_wrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32309 HIGH POC PATCH This Week

PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Python Pymdown Extensions
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-31631 HIGH POC This Week

An issue in the sqlo_preds_contradiction component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31630 HIGH POC This Week

An issue in the sqlo_query_spec component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31629 HIGH POC This Week

An issue in the sqlo_union_scope component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31628 HIGH POC This Week

An issue in the stricmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31627 HIGH POC This Week

An issue in the strhash component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31626 HIGH POC This Week

An issue in the gpf_notice component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31625 HIGH POC This Week

An issue in the psiginfo component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31624 HIGH POC This Week

An issue in the sinv_check_exp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31623 HIGH POC This Week

An issue in the mp_box_copy component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31622 HIGH POC This Week

An issue in the sqlc_make_policy_trig component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31621 HIGH POC This Week

An issue in the kc_var_col component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31620 HIGH POC This Week

An issue in the dv_compare component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31619 HIGH POC This Week

An issue in the sch_name_to_object component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31618 HIGH POC This Week

An issue in the sqlc_union_dt_wrap component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31617 HIGH POC This Week

An issue in the dk_set_delete component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31616 HIGH POC This Week

An issue in the bif_mod component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31615 HIGH POC This Week

An issue in the chash_array component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31614 HIGH POC This Week

An issue in the mp_box_deserialize_string function in openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) after running a SELECT statement. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31613 HIGH POC This Week

An issue in the __nss_database_lookup component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31612 HIGH POC This Week

An issue in the dfe_qexp_list component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31611 HIGH POC This Week

An issue in the __libc_longjmp component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31610 HIGH POC This Week

An issue in the _IO_default_xsputn component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31609 HIGH POC This Week

An issue in the dfe_unit_col_loci component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31608 HIGH POC This Week

An issue in the artm_div_int component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-31607 HIGH POC This Week

An issue in the __libc_malloc component of openlink virtuoso-opensource v7.2.9 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Virtuoso
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2180 HIGH POC This Week

The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/downlaod. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Kiwiz Invoices Certification Pdf System
NVD WPScan
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-0812 HIGH POC This Week

The Active Directory Integration / LDAP Integration WordPress plugin before 4.1.1 does not have proper authorization or nonce values for some POST requests, leading to unauthenticated data disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Active Directory Integration Ldap Integration
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-32784 HIGH POC This Week

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Keepass
NVD GitHub
CVSS 3.1
7.5
EPSS
4.4%
CVE-2023-31845 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_class.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-31844 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_subject.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-31843 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/view_faculty.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-31842 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/index.php?page=edit_faculty&id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-1549 HIGH POC THREAT This Week

The Ad Inserter WordPress plugin before 2.7.27 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress PHP Ad Inserter
NVD WPScan
CVSS 3.1
7.2
EPSS
16.9%
CVE-2023-1207 HIGH POC This Week

This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Http Headers
NVD WPScan
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-1729 MEDIUM POC PATCH This Month

A flaw was found in LibRaw. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Libraw Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
6.5
EPSS
1.3%
CVE-2023-2179 MEDIUM POC This Month

The WooCommerce Order Status Change Notifier WordPress plugin through 1.1.0 does not have authorisation and CSRF when updating status orders via an AJAX action available to any authenticated users,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Order Status Change Notifier
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-32068 MEDIUM POC PATCH THREAT This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
55.1%
CVE-2023-1915 MEDIUM POC This Month

The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Thumbnail Carousel Slider
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-1890 MEDIUM POC This Month

The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tablesome
NVD WPScan
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-1835 MEDIUM POC This Month

The Ninja Forms Contact Form WordPress plugin before 3.6.22 does not properly escape user input before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ninja Forms
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy