Skip to main content
CVE-2023-2868 CRITICAL POC KEV THREAT Emergency

A remote command injection vulnerability exists in the Barracuda Email Security Gateway (appliance form factor only) product effecting versions 5.1.3.001-9.2.0.006. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Barracuda Command Injection Email Security Gateway 300 Firmware Email Security Gateway 400 Firmware Email Security Gateway 600 Firmware +2
NVD
CVSS 3.1
9.8
EPSS
87.0%
CVE-2023-33246 CRITICAL POC KEV PATCH THREAT Act Now

For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Rocketmq
NVD GitHub
CVSS 3.1
9.8
EPSS
96.6%
CVE-2023-29721 CRITICAL POC Act Now

SofaWiki <= 3.8.9 has a file upload vulnerability that leads to command execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sofawiki
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-2865 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Theme Park Ticketing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Theme Park Ticketing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33796 CRITICAL POC Act Now

A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Netbox
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-2859 HIGH POC PATCH This Week

Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Teampass
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-31748 HIGH POC This Week

Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Mobiletrans
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-2873 HIGH POC This Week

A vulnerability classified as critical was found in Twister Antivirus 8. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Twister Antivirus
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-31595 HIGH POC This Week

IC Realtime ICIP-P2012T 2.420 is vulnerable to Incorrect Access Control via unauthenticated port access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icip P2012T Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-33248 HIGH POC This Week

Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Alexa
NVD GitHub
CVSS 3.1
7.6
EPSS
0.7%
CVE-2023-33980 HIGH POC This Week

Bramble Synchronisation Protocol (BSP) in Briar before 1.4.22 allows attackers to cause a denial of service (repeated application crashes) via a series of long messages to a contact. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Briar
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-33983 HIGH POC This Week

The Introduction Client in Briar through 1.5.3 does not implement out-of-band verification for the public keys of introducees. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Briar
NVD
CVSS 3.1
7.4
EPSS
0.6%
CVE-2023-33981 MEDIUM POC This Month

Briar before 1.4.22 allows attackers to spoof other users' messages in a blog, forum, or private group, but each spoofed message would need to be an exact duplicate of a legitimate message displayed. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Briar
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-2864 MEDIUM POC This Month

A vulnerability was found in SourceCodester Online Jewelry Store 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Jewelry Store
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2862 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SiteServer CMS up to 7.2.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Siteserver Cms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-33982 MEDIUM POC This Month

Bramble Handshake Protocol (BHP) in Briar before 1.5.3 is not forward secure: eavesdroppers can decrypt network traffic between two accounts if they later compromise both accounts. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Briar
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-2064 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Minova Technology eTrace allows SQL Injection.05.20. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Etrace
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2045 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ipekyolu Software Auto Damage Tracking Software allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Software Auto Damage Tracking Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2750 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cityboss E-municipality allows SQL Injection.05. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi E Municipality
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-31458 CRITICAL Act Now

A vulnerability in the Edge Gateway component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31457 CRITICAL Act Now

A vulnerability in the Headquarters server component of Mitel MiVoice Connect versions 19.3 SP2 (22.24.1500.0) and earlier could allow an unauthenticated attacker with internal network access to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-1174 CRITICAL Act Now

This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Docker Minikube
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33010 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel Atp100 Firmware Atp200 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
28.8%
CVE-2023-33009 CRITICAL KEV THREAT Act Now

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Zyxel Atp100 Firmware Atp200 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
28.1%
CVE-2023-2875 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in eScan Antivirus 22.0.1400.2443. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Escan Anti Virus
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2874 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8.sys of the component IoControlCode Handler. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Twister Antivirus
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2872 MEDIUM POC This Month

A vulnerability classified as problematic has been found in FlexiHub 5.5.14691.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Flexihub
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2871 MEDIUM POC This Month

A vulnerability was found in FabulaTech USB for Remote Desktop 6.1.0.0. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Usb For Remote Desktop
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-2870 MEDIUM POC This Month

A vulnerability was found in EnTech Monitor Asset Manager 2.9. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Monitor Asset Manager
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-2863 MEDIUM POC This Month

A vulnerability has been found in Simple Design Daily Journal 1.012.GP.B on Android and classified as problematic. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Diary With Lock
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-33829 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Cloudogu GmbH SCM Manager v1.2 to v1.60 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scm Manager
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
7.3%
CVE-2023-33800 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33799 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33798 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33797 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33795 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33794 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33793 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33792 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33791 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33790 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33789 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33788 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33787 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33786 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33785 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Netbox
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2065 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Cargo Tracking System
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-31459 HIGH This Week

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect versions 9.6.2208.101 and earlier could allow an unauthenticated attacker with internal network access to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-33945 HIGH PATCH This Week

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SQLi Digital Experience Platform Liferay Portal
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-1424 HIGH PATCH This Week

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules and MELSEC iQ-R Series CPU modules allows a. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow RCE Denial Of Service Melsec Iq Fx5U 32Mr Ds Firmware Melsec Iq Fx5U 32Mr Dss Firmware +37
NVD
CVSS 3.1
8.1
EPSS
3.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy