Skip to main content
CVE-2023-30253 HIGH POC PATCH THREAT Act Now

Dolibarr before 17.0.1 allows remote code execution by an authenticated user via an uppercase manipulation: <?PHP instead of <?php in injected data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Dolibarr Erp Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
79.3%
CVE-2023-31874 HIGH POC This Week

Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process'). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Yank Note
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
4.9%
CVE-2023-30350 HIGH POC This Week

FS S3900-24T4S devices allow authenticated attackers with guest access to escalate their privileges and reset the admin password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation S3900 24T4S Firmware
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.3%
CVE-2023-29380 HIGH POC PATCH This Week

Warpinator before 1.6.0 allows remote file deletion via directory traversal in top_dir_basenames. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Warpinator
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-30570 HIGH This Week

pluto in Libreswan before 4.11 allows a denial of service (responder SPI mishandling and daemon crash) via unauthenticated IKEv1 Aggressive Mode packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Libreswan
NVD
CVSS 3.1
7.5
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy