Skip to main content
CVE-2023-30333 CRITICAL POC Act Now

An arbitrary file upload vulnerability in the component /admin/ThemeController.java of PerfreeBlog v3.1.2 allows attackers to execute arbitrary code via a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE File Upload Perfreeblog
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27217 CRITICAL POC Act Now

A stack-based buffer overflow in the ChangeFriendlyName() function of Belkin Smart Outlet V2 F7c063 firmware_2.00.11420.OWRT.PVT_SNSV2 allows attackers to cause a Denial of Service (DoS) via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service F7C063 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-20189 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2023-20162 CRITICAL POC Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-20161 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
10.3%
CVE-2023-20160 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
10.3%
CVE-2023-20159 CRITICAL POC THREAT Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
10.3%
CVE-2023-20158 CRITICAL POC Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-20157 CRITICAL POC Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-20156 CRITICAL POC Act Now

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29985 CRITICAL POC Act Now

Sourcecodester Student Study Center Desk Management System v1.0 admin\reports\index.php#date_from has a SQL Injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Study Center Desk Management System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31871 HIGH POC This Week

OpenText Documentum Content Server before 23.2 has a flaw that allows for privilege escalation from a non-privileged Documentum user to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Documentum Content Server
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31655 HIGH POC This Week

redis v7.0.10 was discovered to contain a segmentation violation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Redis
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-2789 HIGH POC This Week

A vulnerability was found in GNU cflow 1.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Cflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-20024 HIGH POC This Week

Multiple vulnerabilities in the web-based user interface of certain Cisco Small Business Series Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Business 250 16P 2G Firmware +228
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-31729 CRITICAL Act Now

TOTOLINK A3300R v17.0.0cu.557 is vulnerable to Command Injection via /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection A3300R Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-29720 MEDIUM POC This Month

SofaWiki <=3.8.9 is vulnerable to Cross Site Scripting (XSS) via index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sofawiki
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-30868 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cms Tree Page View
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
4.0%
CVE-2023-30470 CRITICAL PATCH Act Now

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28753 CRITICAL PATCH Act Now

netconsd prior to v0.2 was vulnerable to an integer overflow in its parse_packet function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Netconsd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-28081 CRITICAL PATCH Act Now

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-25933 CRITICAL PATCH Act Now

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23557 CRITICAL PATCH Act Now

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-23556 CRITICAL PATCH Act Now

An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow RCE Hermes
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2799 CRITICAL Act Now

A vulnerability, which was classified as problematic, has been found in cnoa OA up to 5.1.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Cnoa Oa
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-32680 CRITICAL PATCH Act Now

Metabase is an open source business analytics engine. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Metabase
NVD GitHub
CVSS 3.1
9.6
EPSS
0.6%
CVE-2023-2790 MEDIUM POC This Month

A vulnerability classified as problematic has been found in TOTOLINK N200RE 9.3.5u.6255_B20211224. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure N200re Firmware
NVD VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30124 MEDIUM POC This Month

LavaLite v9.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lavalite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32322 MEDIUM POC PATCH This Month

Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Information Disclosure Microsoft Ombi
NVD GitHub
CVSS 3.1
4.9
EPSS
2.1%
CVE-2023-27430 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Mass Delete Unused Tags plugin <= 2.0.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mass Delete Unused Tags
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-27423 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ramon Fincken Auto Prune Posts plugin <= 1.8.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Auto Prune Posts
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25698 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Studio Wombat Shoppable Images plugin <= 1.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Shoppable Images
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-20182 HIGH This Week

Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Center
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-20003 HIGH This Week

A vulnerability in the social login configuration option for the guest users of Cisco Business Wireless Access Points (APs) could allow an unauthenticated, adjacent attacker to bypass social login. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Business 140Ac Access Point Firmware Business 141Acm Firmware Business 142Acm Firmware +5
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2800 MEDIUM POC PATCH This Month

Insecure Temporary File in GitHub repository huggingface/transformers prior to 4.30.0. Rated medium severity (CVSS 4.7). Public exploit code available.

Information Disclosure Transformers
NVD GitHub
CVSS 3.1
4.7
EPSS
0.3%
CVE-2023-33204 HIGH PATCH This Week

sysstat through 12.7.2 allows a multiplication integer overflow in check_overflow in common.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Sysstat Fedora Debian Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-24833 HIGH PATCH This Week

A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Information Disclosure Memory Corruption Hermes
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24832 HIGH PATCH This Week

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Hermes
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-23759 HIGH PATCH This Week

There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Fizz
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-2024 HIGH This Week

Improper authentication in OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 allow access to an unauthorized user under certain circumstances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Openblue Enterprise Manager Data Collector
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-32100 HIGH This Week

Compiler removal of buffer clearing in sli_se_driver_mac_compute in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32099 HIGH This Week

Compiler removal of buffer clearing in sli_se_sign_hash in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32098 HIGH This Week

Compiler removal of buffer clearing in sli_se_sign_message in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32097 HIGH This Week

Compiler removal of buffer clearing in sli_crypto_transparent_aead_decrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32096 HIGH This Week

Compiler removal of buffer clearing in sli_crypto_transparent_aead_encrypt_tag in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2481 HIGH This Week

Compiler removal of buffer clearing in sli_se_opaque_import_key in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1132 HIGH This Week

Compiler removal of buffer clearing in sli_se_driver_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0965 HIGH This Week

Compiler removal of buffer clearing in sli_cryptoacc_transparent_key_agreement in Silicon Labs Gecko Platform SDK v4.2.1 and earlier results in key material duplication to RAM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-2757 HIGH This Week

The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on 'saveLang' functions in versions up to, and including, 0.6.2. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass XSS WordPress Waiting
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2023-20164 HIGH This Week

Multiple vulnerabilities in Cisco Identity Services Engine (ISE) could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Identity Services Engine
NVD
CVSS 3.1
7.2
EPSS
1.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy