Skip to main content
CVE-2023-30189 CRITICAL POC Act Now

Prestashop posstaticblocks <= 1.0.0 is vulnerable to SQL Injection via posstaticblocks::getPosCurrentHook(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Posstaticblocks
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-27742 CRITICAL POC Act Now

IDURAR ERP/CRM v1 was discovered to contain a SQL injection vulnerability via the component /api/login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Idurar
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31890 CRITICAL POC Act Now

An XML Deserialization vulnerability in glazedlists v1.11.0 allows an attacker to execute arbitrary code via the BeanXMLByteCoder.decode() parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Glazed Lists
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-31857 CRITICAL POC Act Now

Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Computer And Laptop Store
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-31856 CRITICAL POC Act Now

A command injection vulnerability in the hostTime parameter in the function NTPSyncWithHostof TOTOLINK CP300+ V5.2cu.7594_B20200910 allows attackers to execute arbitrary commands via a crafted http. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cp300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-31587 CRITICAL POC PATCH Act Now

Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Tenda Ac5 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-31519 CRITICAL POC Act Now

Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the email parameter at login_core.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Pharmacy Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2738 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tongda OA 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-29961 CRITICAL POC Act Now

D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 605l Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31576 HIGH POC This Week

An arbitrary file upload vulnerability in Serendipity 2.4-beta1 allows attackers to execute arbitrary code via a crafted HTML or Javascript file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Serendipity
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-31572 HIGH POC This Week

An issue in Bludit 4.0.0-rc-2 allows authenticated attackers to change the Administrator password and escalate privileges via a crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Bludit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-31679 HIGH POC This Week

Incorrect access control in Videogo v6.8.1 allows attackers to access images from other devices via modification of the Device Id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Videogo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31677 HIGH POC This Week

Insecure permissions in luowice 3.5.18 allow attackers to view information for other alarm devices via modification of the eseeid parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Luowice
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29439 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Foogallery
NVD
CVSS 3.1
6.1
EPSS
1.7%
CVE-2023-2499 CRITICAL PATCH Act Now

The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.2.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Google WordPress Registrationmagic
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32956 CRITICAL Act Now

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in CGI component in Synology Router Manager (SRM) before 1.2.5-8227-6 and 1.3.1-9346-3 allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Synology Command Injection Router Manager
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-31544 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in alkacon-OpenCMS v11.0.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field under the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Opencms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2730 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.3.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-31678 MEDIUM POC This Month

Incorrect access control in Videogo v6.8.1 allows attackers to bind shared devices after the connection has been ended. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Videogo
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-30506 HIGH This Week

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-30505 HIGH This Week

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-30504 HIGH This Week

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-30503 HIGH This Week

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-30502 HIGH This Week

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-30501 HIGH This Week

Vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface that allow remote authenticated users to run arbitrary commands on the underlying host. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-2726 HIGH This Week

Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome Debian Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-2725 HIGH This Week

Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
24.7%
CVE-2023-2724 HIGH This Week

Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
29.1%
CVE-2023-2723 HIGH This Week

Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
15.4%
CVE-2023-2722 HIGH This Week

Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2721 HIGH This Week

Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-32998 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins AppSpider Plugin 1.0.15 and earlier allows attackers to connect to an attacker-specified URL and send an HTTP POST request with a JSON. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Appspider
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-32997 HIGH PATCH This Week

Jenkins CAS Plugin 1.6.2 and earlier does not invalidate the previous session on login. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Session Fixation Information Disclosure Cas
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32995 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Saml Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-32992 HIGH PATCH This Week

Missing permission checks in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Saml Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32991 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins SAML Single Sign On(SSO) Plugin 2.0.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Saml Single Sign On
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-32989 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers to connect to an attacker-specified Azure Cloud server using. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Microsoft CSRF Azure Vm Agents
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-32987 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Reverse Proxy Auth Plugin 1.7.4 and earlier allows attackers to connect to an attacker-specified LDAP server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Reverse Proxy Auth
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-32986 HIGH PATCH This Week

Jenkins File Parameter Plugin 285.v757c5b_67a_c25 and earlier does not restrict the name (and resulting uploaded file name) of Stashed File Parameters, allowing attackers with Item/Configure. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure File Parameters
NVD
CVSS 3.1
8.8
EPSS
60.7%
CVE-2023-32981 HIGH PATCH This Week

An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Jenkins Pipeline Utility Steps
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-32955 HIGH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in DHCP Client Functionality in Synology Router Manager (SRM) before 1.2.5-8227-6 and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Synology Command Injection Router Manager
NVD
CVSS 3.1
8.1
EPSS
1.3%
CVE-2023-33001 HIGH This Week

Jenkins HashiCorp Vault Plugin 360.v0a_1c04cf807d and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log when push mode for durable task logging is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Hashicorp Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-33000 HIGH PATCH This Week

Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.149 and earlier does not mask credentials displayed on the configuration form, increasing the potential for attackers to observe and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Ns Nd Integration Performance Publisher
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-28076 HIGH This Week

CloudLink 7.1.2 and all prior versions contain a broken or risky cryptographic algorithm vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cloudlink
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2548 MEDIUM PATCH This Month

The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable.

WordPress Authentication Bypass Registrationmagic
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2023-30281 MEDIUM This Month

Insecure permissions vulnerability was discovered, due to a lack of permissions’s control in scquickaccounting before v3.7.3 from Store Commander for PrestaShop, a guest can access exports from the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Scquickaccounting
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-30509 MEDIUM This Month

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-30508 MEDIUM This Month

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-30507 MEDIUM This Month

Multiple authenticated path traversal vulnerabilities exist in the Aruba EdgeConnect Enterprise command line interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Aruba Edgeconnect Enterprise
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-32990 MEDIUM PATCH This Month

A missing permission check in Jenkins Azure VM Agents Plugin 852.v8d35f0960a_43 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified Azure Cloud server using. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Microsoft Azure Vm Agents
NVD
CVSS 3.1
6.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy