Skip to main content
CVE-2023-31752 CRITICAL POC Act Now

SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employee_gatepass/classes/Login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Employee And Visitor Gate Pass Logging System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23306 CRITICAL POC Act Now

The `Toybox.Ant.BurstPayload.add` API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-23305 CRITICAL POC Act Now

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-23303 CRITICAL POC Act Now

The `Toybox.Ant.GenericChannel.enableEncryption` API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23302 CRITICAL POC Act Now

The `Toybox.GenericChannel.setDeviceConfig` API method in CIQ API version 1.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-23301 CRITICAL POC Act Now

The `news` MonkeyC operation code in CIQ API version 1.0.0 through 4.1.7 fails to check that string resources are not extending past the end of the expected sections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-23300 CRITICAL POC Act Now

The `Toybox.Cryptography.Cipher.initialize` API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-23298 CRITICAL POC Act Now

The `Toybox.Graphics.BufferedBitmap.initialize` API method in CIQ API version 2.3.0 through 4.1.7 does not validate its parameters, which can result in integer overflows when allocating the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Connect Iq
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-33362 CRITICAL POC Act Now

Piwigo 13.6.0 is vulnerable to SQL Injection via in the "profile" function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Piwigo
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
9.1%
CVE-2023-33361 CRITICAL POC Act Now

Piwigo 13.6.0 is vulnerable to SQL Injection via /admin/permalinks.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Piwigo
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33338 CRITICAL POC Act Now

Old Age Home Management 1.0 is vulnerable to SQL Injection via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Old Age Home Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2023-27068 CRITICAL POC Act Now

Deserialization of Untrusted Data in Sitecore Experience Platform through 10.2 allows remote attackers to run arbitrary code via ValidationResult.aspx. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Deserialization Experience Platform
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-23304 CRITICAL POC Act Now

The GarminOS TVM component in CIQ API version 2.1.0 through 4.1.7 allows applications with a specially crafted head section to use the `Toybox.SensorHistory` module without permission. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Connect Iq
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-29919 CRITICAL POC THREAT Act Now

SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Solarview Compact Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
60.2%
CVE-2023-2845 HIGH POC PATCH This Week

Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cloudexplorer Lite
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-31747 HIGH POC This Week

Wondershare Filmora 12 (Build 12.2.1.2088) was discovered to contain an unquoted service path vulnerability via the component NativePushService. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Filmora
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-31826 HIGH POC This Week

Skyscreamer Open Source Nevado JMS v1.3.2 does not perform security checks when receiving messages. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Nevado Jms
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-31741 HIGH POC This Week

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E2000 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.7%
CVE-2023-31740 HIGH POC This Week

There is a command injection vulnerability in the Linksys E2000 router with firmware version 1.0.06. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Linksys E2000 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
2.7%
CVE-2023-23299 HIGH POC This Week

The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Connect Iq
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31670 HIGH POC This Week

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Binary Toolkit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-33617 HIGH POC This Week

An OS Command Injection vulnerability in Parks Fiberlink 210 firmware version V2.1.14_X000 was found via the /boaform/admin/formPing target_addr parameter. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fiberlink 210 Firmware
NVD GitHub
CVSS 3.1
7.2
EPSS
5.2%
CVE-2023-33599 MEDIUM POC This Month

EasyImages2.0 ≤ 2.8.1 is vulnerable to Cross Site Scripting (XSS) via viewlog.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Easyimages2 0
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27922 MEDIUM POC This Month

Cross-site scripting vulnerability in Newsletter versions prior to 7.6.9 allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Newsletter
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-31664 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 API Manager before 4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Api Manager
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-1508 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Adam Retail Automation Systems Mobilmen Terminal Software allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mobilmen El Terminali Yazilimi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-32697 CRITICAL PATCH Act Now

SQLite JDBC is a library for accessing and creating SQLite database files in Java. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Sqlite Jdbc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-28413 CRITICAL Act Now

Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a remote unauthenticated attacker to obtain sensitive information, alter the website, or cause a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Snow Monkey Forms
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-28409 CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MW WP Form versions v4.4.2 and earlier, which may allow a remote unauthenticated attacker to upload an arbitrary file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mw Wp Form
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-28408 CRITICAL Act Now

Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote unauthenticated attacker to alter the website or cause a denial-of-service (DoS) condition, and obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mw Wp Form
NVD
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-27507 CRITICAL Act Now

MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal File Upload Mailform
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-27397 CRITICAL Act Now

Unrestricted upload of file with dangerous type exists in MicroEngine Mailform version 1.1.0 to 1.1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Mailform
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-27388 CRITICAL Act Now

Improper authentication vulnerability in T&D Corporation and ESPEC MIC CORP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tr 71W Firmware Tr 72W Firmware Rtr 5W Firmware Wdr 7 Firmware +6
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-25953 CRITICAL Act Now

Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple Drive Explorer
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-31814 CRITICAL Act Now

D-Link DIR-300 firmware <=REVA1.06 and <=REVB2.06 is vulnerable to File inclusion via /model/__lang_msg.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure D-Link PHP Dir 300 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31518 MEDIUM POC This Month

A heap use-after-free in the component CDataFileReader::GetItem of teeworlds v0.7.5 allows attackers to cause a Denial of Service (DoS) via a crafted map file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Teeworlds
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31669 MEDIUM POC This Month

WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote ("). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Webassembly Binary Toolkit
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-31860 MEDIUM POC This Month

Wuzhi CMS v3.1.2 has a storage type XSS vulnerability in the backend of the Five Finger CMS b2b system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wuzhicms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25440 MEDIUM POC This Month

Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Civicrm
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.5%
CVE-2023-2844 MEDIUM POC PATCH This Month

Authorization Bypass Through User-Controlled Key in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Cloudexplorer Lite
NVD GitHub
CVSS 3.1
4.9
EPSS
0.7%
CVE-2023-2702 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass.07. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Competition Management System
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-1837 HIGH This Week

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.0 (with enabled Legacy APIs). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Hypr Server
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25474 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Csaba Kissi About Me 3000 widget plugin <= 2.2.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF About Me 3000 Widget
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26014 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Minify HTML plugin <= 2.1.7 vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Minify Html
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-26011 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Tim Eckel Read More Excerpt Link plugin <= 1.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Read More Excerpt Link
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25056 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in SlickRemix Feed Them Social plugin <= 3.0.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Feed Them Social
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23713 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Manoj Thulasidas Theme Tweaker plugin <= 5.20 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Theme Tweaker
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23705 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin WordPress Books Gallery plugin <= 4.4.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wordpress Books Gallery
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25707 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in E4J s.R.L. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Vikbooking Hotel Booking Engine Pms
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25481 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Podlove Podlove Subscribe button plugin <= 1.3.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Podlove Subscribe Button
NVD
CVSS 3.1
8.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy