Skip to main content
CVE-2023-30253 HIGH POC PATCH THREAT Act Now

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
79.3%
CVE-2023-2962 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Faculty Evaluation System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Faculty Evaluation System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-2955 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Students Online Internship Timesheet System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Students Online Internship Timesheet System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-31874 HIGH POC This Week

Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process'). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Yank Note
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.9%
CVE-2023-30350 HIGH POC This Week

FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation S3900 24T4S Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.3%
CVE-2023-29380 HIGH POC PATCH This Week

Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Warpinator
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-28153 MEDIUM POC This Month

An issue was discovered in the Kiddoware Kids Place Parental Control application before 3.8.50 for Android. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Google Kiddoware
NVD
CVSS 3.1
6.4
EPSS
0.5%
CVE-2023-2954 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository liangliangyy/djangoblog prior to master. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Djangoblog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30570 HIGH This Week

pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libreswan
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-32687 MEDIUM PATCH This Month

tgstation-server is a toolset to manage production BYOND servers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Tgstation Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-24603 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 does not check size limits when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-27613 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Forms Ada
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24602 MEDIUM This Month

OX App Suite before frontend 7.10.6-rev24 allows XSS via data to the Tumblr portal widget, such as a post title. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-24601 MEDIUM This Month

OX App Suite before frontend 7.10.6-rev24 allows XSS via a non-app deeplink such as the jslob API's registry sub-tree. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ox App Suite
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-23699 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Progress Bar
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-30571 MEDIUM This Month

Libarchive through 3.6.2 can cause directories to have world-writable permissions. Rated medium severity (CVSS 5.3). No vendor patch available.

Race Condition Information Disclosure Libarchive
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-2808 MEDIUM This Month

Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-24597 MEDIUM This Month

OX App Suite before frontend 7.10.6-rev24 allows the loading (without user consent) of an e-mail message's remote resources during printing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-32072 MEDIUM PATCH This Month

Tuleap is an open source tool for end to end traceability of application and system developments. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Jenkins XSS Tuleap
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-24604 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 does not check HTTP header lengths when downloading, e.g., potentially allowing a crafted iCal feed to provide an unlimited amount of header data. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-24600 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 allows authenticated users to bypass access controls (for reading contacts) via a move to their own address book. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Ox App Suite
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-24599 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 allows authenticated users to change the appointments of arbitrary users via conflicting ID numbers, aka "ID confusion.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Ox App Suite
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-24598 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 has an information leak in the handling of distribution lists, e.g., partial disclosure of the private contacts of another user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ox App Suite
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-24605 MEDIUM This Month

OX App Suite before backend 7.10.6-rev37 does not enforce 2FA for all endpoints, e.g., reading from a drive, reading contact data, and renaming tokens. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Ox App Suite
NVD
CVSS 3.1
4.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy