Skip to main content
CVE-2023-2943 HIGH POC PATCH This Week

Code Injection in GitHub repository openemr/openemr prior to 7.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Openemr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-2946 HIGH POC PATCH This Week

Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-2942 HIGH POC PATCH This Week

Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Openemr
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-26129 HIGH POC This Week

All versions of the package bwm-ng are vulnerable to Command Injection due to improper input sanitization in the 'check' function in the bwm-ng.js file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Bwm Ng
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-26128 HIGH POC This Week

All versions of the package keep-module-latest are vulnerable to Command Injection due to missing input sanitization or other checks and sandboxes being employed to the installModule function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Node.js Command Injection Keep Module Latest
NVD GitHub
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-2928 HIGH This Week

A vulnerability was found in DedeCMS up to 5.7.106. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
51.4%
CVE-2023-26127 HIGH This Week

All versions of the package n158 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Node.js Command Injection N158
NVD GitHub
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-32695 HIGH PATCH This Week

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Socket Io Parser
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-33192 HIGH PATCH This Week

ntpd-rs is an NTP implementation written in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ntpd Rs
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-32688 HIGH PATCH This Week

parse-server-push-adapter is the official Push Notification adapter for Parse Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Parse Server Push Adapter
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy