Skip to main content
CVE-2023-2927 CRITICAL POC Act Now

A vulnerability was found in JIZHICMS 2.4.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Jizhicms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-2924 CRITICAL POC THREAT Act Now

A vulnerability, which was classified as critical, has been found in Supcon SimField up to 1.80.00.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Simfield Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
24.3%
CVE-2023-2923 CRITICAL POC Act Now

A vulnerability classified as critical was found in Tenda AC6 US_AC6V1.0BR_V15.03.05.19. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Tenda Ac6 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2943 HIGH POC PATCH This Week

Code Injection in GitHub repository openemr/openemr prior to 7.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-2946 HIGH POC PATCH This Week

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-2942 HIGH POC PATCH This Week

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-26129 HIGH POC This Week

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Bwm Ng
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-26128 HIGH POC This Week

All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Keep Module Latest
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-2926 MEDIUM POC This Month

A vulnerability was found in SeaCMS 11.6 and classified as problematic.php of the component Picture Upload Handler. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service PHP Seacms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2922 MEDIUM POC This Month

A vulnerability classified as problematic has been found in SourceCodester Comment System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Comment System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-33195 MEDIUM POC PATCH This Month

Craft is a CMS for creating custom digital experiences on the web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Craft Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-2945 MEDIUM POC PATCH This Month

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2944 MEDIUM POC PATCH This Month

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2925 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Krayin Crm
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2947 MEDIUM POC PATCH THREAT This Month

Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Openemr
NVD GitHub
CVSS 3.1
4.8
EPSS
90.4%
CVE-2023-2928 HIGH This Week

A vulnerability was found in DedeCMS up to 5.7.106. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
51.4%
CVE-2023-26127 HIGH This Week

All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Node.js Command Injection N158
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-32695 HIGH PATCH This Week

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Socket Io Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-33192 HIGH PATCH This Week

ntpd-rs is an NTP implementation written in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ntpd Rs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-32688 HIGH PATCH This Week

parse-server-push-adapter is the official Push Notification adapter for Parse Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Parse Server Push Adapter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-32325 MEDIUM PATCH MAL This Month

PostHog-js is a library to interface with the PostHog analytics tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Posthog Js
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-33188 MEDIUM This Month

Omni-notes is an open source note-taking application for Android. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Omni Notes
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-32686 MEDIUM PATCH This Month

Kiwi TCMS is an open source test management system for both manual and automated testing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Kiwi Tcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33184 MEDIUM PATCH This Month

Nextcloud Mail is a mail app in Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy