Skip to main content
CVE-2023-32315 HIGH POC KEV PATCH THREAT Act Now

Openfire is an XMPP server licensed under the Open Source Apache License. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Path Traversal Openfire
NVD GitHub
CVSS 3.1
7.5
EPSS
100.0%
CVE-2023-30145 CRITICAL POC PATCH THREAT Act Now

Camaleon CMS v2.7.0 was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the formats parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Camaleon Cms
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
45.9%
CVE-2023-33779 HIGH POC This Week

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Xxl Job
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-31128 HIGH POC PATCH This Week

NextCloud Cookbook is a recipe library app. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Nextcloud Cookbook
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
CVE-2023-2879 HIGH POC This Week

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-2825 HIGH POC THREAT This Week

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Gitlab
NVD GitHub
CVSS 3.1
7.5
EPSS
71.6%
CVE-2023-28319 HIGH POC This Week

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Curl macOS +6
NVD
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-33440 HIGH POC THREAT This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Faculty Evaluation System
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
14.5%
CVE-2023-33439 HIGH POC This Week

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub
CVSS 3.1
7.2
EPSS
3.3%
CVE-2023-2002 MEDIUM POC This Month

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Linux Linux Kernel Debian Linux
NVD
CVSS 3.1
6.8
EPSS
1.5%
CVE-2023-2858 MEDIUM POC This Month

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Citrix Wireshark +1
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-2857 MEDIUM POC This Month

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2856 MEDIUM POC This Month

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2023-2855 MEDIUM POC This Month

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-2854 MEDIUM POC This Month

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Wireshark Debian Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-33720 MEDIUM POC This Month

mp4v2 v2.1.2 was discovered to contain a memory leak via the class MP4BytesProperty. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mp4V2
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33255 MEDIUM POC This Month

An issue was discovered in Papaya Viewer 1.0.1449. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Papaya Viewer
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-28321 MEDIUM POC This Month

An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Debian Linux Fedora Clustered Data Ontap +6
NVD
CVSS 3.1
5.9
EPSS
1.8%
CVE-2023-28320 MEDIUM POC This Month

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Curl macOS Clustered Data Ontap Ontap Antivirus Connector +4
NVD
CVSS 3.1
5.9
EPSS
2.7%
CVE-2023-32321 CRITICAL PATCH Act Now

CKAN is an open-source data management system for powering data hubs and data portals. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Ckan
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-21516 CRITICAL Act Now

XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Galaxy Store
NVD
CVSS 3.1
9.6
EPSS
0.5%
CVE-2023-1981 MEDIUM POC This Month

A vulnerability was found in the avahi library. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Avahi Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-33196 MEDIUM POC PATCH This Month

Craft is a CMS for creating custom digital experiences. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-33185 MEDIUM POC PATCH This Month

Django-SES is a drop-in mail backend for Django. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Python Jwt Attack Information Disclosure Django Ses
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-33197 MEDIUM POC PATCH This Month

Craft is a CMS for creating custom digital experiences on the web. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-33780 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in TFDi Design smartCARS 3 v0.7.0 and below allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the body. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Smartcars 3
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33394 MEDIUM POC This Month

skycaiji v2.5.4 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Skycaiji
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-21515 HIGH This Week

InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-21514 HIGH This Week

Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Galaxy Store
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-33194 MEDIUM POC PATCH This Month

Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Craft Cms Craftercms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-32964 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Better Notifications For Wp
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25467 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Daniel Mores, A. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Resize At Upload Plus
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-25058 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Brainstorm Force Schema - All In One Schema Rich Snippets plugin <= 1.6.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Schema
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25034 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in BoLiQuan WP Clean Up plugin <= 1.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Clean Up
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25470 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Anton Skorobogatov Rus-To-Lat plugin <= 0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Rus To Lat
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25029 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in utahta WP Social Bookmarking Light plugin <= 2.0.7 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Social Bookmarking Light
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25038 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in 984.Ru For the visually impaired plugin <= 0.58 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF For The Visually Impaired
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24008 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in yonifre Maspik - Spam Blacklist plugin <= 0.7.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Maspik
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-22693 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in conlabzgmbh WP Google Tag Manager plugin <= 1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Wp Google Tag Manager
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25976 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Zoho CRM, Bigin plugin <= 1.2.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho CSRF Integration For Contact Form 7 And Zoho Crm Bigin
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25971 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Educare
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-24007 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in TheOnlineHero - Tom Skroza Admin Block Country plugin <= 7.1.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Admin Block Country
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23714 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Uncanny Toolkit For Learndash
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32323 MEDIUM POC PATCH This Month

Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Synapse
NVD GitHub
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-28382 HIGH This Week

Directory traversal vulnerability in ESS REC Agent Server Edition series allows an authenticated attacker to view or alter an arbitrary file on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP Ess Rec
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-22970 HIGH This Week

Bottles before 51.0 mishandles YAML load, which allows remote code execution via a crafted file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Bottles Fedora
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-28322 LOW POC Monitor

An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Curl Fedora macOS Clustered Data Ontap +5
NVD
CVSS 3.1
3.7
EPSS
2.2%
CVE-2023-32307 HIGH This Week

Sofia-SIP is an open-source SIP User-Agent library, compliant with the IETF RFC3261 specification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Sofia Sip Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-33247 HIGH This Week

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Catalog
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31227 HIGH This Week

The hwPartsDFR module has a vulnerability in API calling verification. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui
NVD
CVSS 3.1
7.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy