Skip to main content
CVE-2023-31689 CRITICAL POC THREAT Act Now

In Wcms 0.3.2, an attacker can send a crafted request from a vulnerable web application backend server /wcms/wex/html.php via the finish parameter and the textAreaCode parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Wcms
NVD GitHub
CVSS 3.1
9.8
EPSS
20.2%
CVE-2023-2840 CRITICAL POC PATCH Act Now

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33294 CRITICAL POC Act Now

An issue was discovered in KaiOS 3.0 before 3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Kaios
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31742 HIGH POC THREAT Act Now

There is a command injection vulnerability in the Linksys WRT54GL router with firmware version 4.30.18.006. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 10.6%.

Command Injection Linksys Wrt54Gl Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
10.6%
CVE-2023-2838 CRITICAL POC PATCH Act Now

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-31923 HIGH POC This Week

Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Biostar 2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-29838 HIGH POC This Week

Insecure Permission vulnerability found in Botkind/Siber Systems SyncApp v.19.0.3.0 allows a local attacker toe escalate privileges via the SyncService.exe file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Allwaysync
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-27067 HIGH POC This Week

Directory Traversal vulnerability in Sitecore Experience Platform through 10.2 allows remote attackers to download arbitrary files via crafted command to download.aspx. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Experience Platform
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-2839 HIGH POC PATCH This Week

Divide By Zero in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2832 HIGH POC PATCH This Week

SQL Injection in GitHub repository unilogies/bumsys prior to 2.2.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Bumsys
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-27066 MEDIUM POC This Month

Directory Traversal vulnerability in Site Core Experience Platform 10.2 and earlier allows authenticated remote attackers to download arbitrary files via Urlhandle. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Experience Platform
NVD
CVSS 3.1
6.5
EPSS
1.5%
CVE-2023-33281 MEDIUM POC This Month

The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door-open request, which allows for a replay attack. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sylphy Classic 2021 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-31816 MEDIUM POC This Month

IT Sourcecode Content Management System Project In PHP and MySQL With Source Code 1.0.0 is vulnerable to Cross Site Scripting (XSS) via /ecodesource/search_list.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Content Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31584 MEDIUM POC This Month

GitHub repository cu/silicon commit a9ef36 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the User Input field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Silicon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-28467 MEDIUM POC PATCH This Month

In MyBB before 1.8.34, there is XSS in the User CP module via the user email field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Mybb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-31241 CRITICAL Act Now

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orvc
NVD
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-2504 CRITICAL Act Now

Files present on firmware images could allow an attacker to gain unauthorized access as a root user using hard-coded credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass A300 Firmware Mini Firmware 4K Quad Firmware Studio R3 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-31240 CRITICAL Act Now

Snap One OvrC Pro versions prior to 7.2 have their own locally running web server accessible both from the local network and remotely. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-28386 CRITICAL Act Now

Snap One OvrC Pro devices versions 7.2 and prior do not validate firmware updates correctly. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Orvc
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-31098 CRITICAL PATCH Act Now

Weak Password Requirements vulnerability in Apache Software Foundation Apache InLong.1.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Brute Force Inlong
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31062 CRITICAL PATCH Act Now

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.2.0 through 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apache Inlong
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-2586 CRITICAL Act Now

Teltonika’s Remote Management System versions 4.14.0 is vulnerable to an unauthorized attacker registering previously unregistered devices through the RMS platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Remote Management System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32347 CRITICAL Act Now

Teltonika’s Remote Management System versions prior to 4.10.0 use device serial numbers and MAC addresses to identify devices from the user perspective for device claiming and from the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Remote Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33236 CRITICAL PATCH Act Now

MXsecurity version 1.0 is vulnearble to hardcoded credential vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Hard-coded Credentials vulnerability could allow attackers to gain access using credentials embedded in source code.

Authentication Bypass Mxsecurity
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-32336 CRITICAL Act Now

IBM InfoSphere Information Server 11.7 is affected by a remote code execution vulnerability due to insecure deserialization in an RMI service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Deserialization IBM Infosphere Information Server
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-2837 MEDIUM POC PATCH This Month

Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-33293 MEDIUM POC This Month

An issue was discovered in KaiOS 3.0 and 3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kaios
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-31066 CRITICAL PATCH Act Now

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Apache Information Disclosure Inlong
NVD
CVSS 3.1
9.1
EPSS
1.4%
CVE-2023-31065 CRITICAL PATCH Act Now

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
9.1
EPSS
1.2%
CVE-2023-2597 CRITICAL PATCH Act Now

In Eclipse Openj9 before version 0.38.0, in the implementation of the shared cache (which is enabled by default in OpenJ9 builds) the size of a string is not properly checked against the size of the. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Openj9
NVD GitHub
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-2505 HIGH This Week

The affected products have a CSRF vulnerability that could allow an attacker to execute code and upload malicious files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF A300 Firmware Mini Firmware 4K Quad Firmware Studio R3 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32350 HIGH This Week

Versions 00.07.00 through 00.07.03 of Teltonika’s RUT router firmware contain an operating system (OS) command injection vulnerability in a Lua service. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rut200 Firmware Rut240 Firmware Rut241 Firmware Rut300 Firmware +14
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-32349 HIGH This Week

Version 00.07.03.4 and prior of Teltonika’s RUT router firmware contain a packet dump utility that contains proper validation for filter parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rut200 Firmware Rut240 Firmware Rut241 Firmware Rut300 Firmware +14
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-2588 HIGH This Week

Teltonika’s Remote Management System versions prior to 4.10.0 have a feature allowing users to access managed devices’ local secure shell (SSH)/web management services over the cloud proxy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Remote Management System
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-25448 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Archivist - Custom Archive Templates plugin <= 1.7.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Archivist
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25447 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Inkthemescom ColorWay theme <= 4.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Colorway
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23797 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SecondLineThemes Auto YouTube Importer plugin <= 1.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Auto Youtube Importer
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23813 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.4.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF My Calendar
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23712 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in User Meta Manager plugin <= 3.4.9 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF User Meta Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23680 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Bob Goetz WP-TopBar plugin <= 5.36 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Topbar
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22714 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Coming Soon by Supsystic plugin <= 1.7.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Coming Soon
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22709 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Atif N SRS Simple Hits Counter plugin <= 1.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Srs Simple Hits Counter
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22692 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jeroen Peters Name Directory plugin <= 1.27.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Name Directory
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22688 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Abdul Ibad WP Tabs Slides plugin <= 2.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Tabs Slides
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-33235 HIGH PATCH This Week

MXsecurity version 1.0 is vulnearble to command injection vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE Command Injection Mxsecurity
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-2587 HIGH This Week

Teltonika’s Remote Management System versions prior to 4.10.0 contain a cross-site scripting (XSS) vulnerability in the main page of the web interface. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE XSS Remote Management System
NVD
CVSS 3.1
8.3
EPSS
0.9%
CVE-2023-25537 HIGH This Week

Dell PowerEdge 14G server BIOS versions prior to 2.18.1 and Dell Precision BIOS versions prior to 2.18.2, contain an Out of Bounds write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Privilege Escalation RCE Memory Corruption Dell +30
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31193 HIGH This Week

Snap One OvrC Pro versions prior to 7.3 use HTTP connections when downloading a program from their servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-28649 HIGH This Week

The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Orvc
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31103 HIGH PATCH This Week

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Inlong
NVD
CVSS 3.1
7.5
EPSS
1.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy