Skip to main content
CVE-2023-34257 CRITICAL POC Act Now

An issue was discovered in BMC Patrol through 23.1.00. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Patrol Agent
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-33735 CRITICAL POC THREAT Act Now

D-Link DIR-846 v1.00A52 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in the /HNAP1 interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure D-Link Dir 846 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
32.6%
CVE-2023-33730 CRITICAL POC Act Now

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Escan Management Console
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29747 CRITICAL POC Act Now

Story Saver for Instragram - Video Downloader 1.0.6 for Android exists exposed component, the component provides the method to modify the SharedPreference file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Google Story Saver For Instagram Video Downloader
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-33509 CRITICAL POC Act Now

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Via Go2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33508 CRITICAL POC Act Now

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to unauthenticated file upload resulting in Remote Code Execution (RCE). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Via Go2 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-33487 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a command insertion vulnerability in setDiagnosisCfg.This vulnerability allows an attacker to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-33486 CRITICAL POC Act Now

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setOpModeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-3004 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Chat System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Chat System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3003 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester Train Station Ticketing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Train Station Ticketing System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28347 CRITICAL POC Act Now

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Microsoft Insight
NVD
CVSS 3.1
9.6
EPSS
2.8%
CVE-2023-33722 HIGH POC This Week

EDIMAX BR-6288ACL v1.12 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the pppUserName parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Br 6288Acl Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-33718 HIGH POC This Week

mp4v2 v2.1.3 was discovered to contain a memory leak via MP4File::ReadString() at mp4file_io.cpp. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3018 HIGH POC This Week

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lost And Found Information System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33485 HIGH POC This Week

TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contains a post-authentication buffer overflow via parameter sPort/ePort in the addEffect function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow X5000r Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-28353 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microsoft Insight
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-28349 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Insight
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-3012 HIGH POC PATCH This Week

NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29742 HIGH POC This Week

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a code execution attack by manipulating the database. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google Bestweather
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34258 HIGH POC This Week

An issue was discovered in BMC Patrol before 22.1.00. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Patrol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-33507 HIGH POC This Week

KramerAV VIA GO² < 4.0.1.1326 is vulnerable to Unauthenticated arbitrary file read. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Via Go2 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-28352 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Insight
NVD
CVSS 3.1
7.4
EPSS
0.7%
CVE-2023-28348 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Insight
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-28346 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Insight
NVD
CVSS 3.1
7.3
EPSS
0.9%
CVE-2023-33629 HIGH POC This Week

H3C Magic R300 version R300-2100MV100R004 was discovered to contain a stack overflow via the DeltriggerList interface at /goform/aspForm. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Magic R300 2100M Firmware
NVD
CVSS 3.1
7.2
EPSS
4.4%
CVE-2023-3013 HIGH POC PATCH This Week

Unchecked Return Value in GitHub repository gpac/gpac prior to 2.2.2. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-29745 HIGH POC This Week

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause a persistent denial of service attack by manipulating the database. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Bestweather
NVD GitHub
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-28344 HIGH POC This Week

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Insight
NVD
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-3020 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository mkucej/i-librarian-free prior to 5.10.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS I Librarian
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3005 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Local Service Search Engine Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Local Service Search Engine Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-26131 MEDIUM POC This Month

All versions of the package github.com/xyproto/algernon/engine; all versions of the package github.com/xyproto/algernon/themes are vulnerable to Cross-site Scripting (XSS) via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Algernon
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-28350 MEDIUM POC This Month

An issue was discovered in Faronics Insight 10.0.19045 on Windows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Microsoft Insight
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-2909 CRITICAL Act Now

EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond the intended directory structure and delete files. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Adm
NVD
CVSS 3.1
10.0
EPSS
0.7%
CVE-2023-2987 CRITICAL PATCH Act Now

The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation WordPress Wordapp
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-33967 CRITICAL PATCH Act Now

EaseProbe is a tool that can do health/status checking. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

PostgreSQL SQLi Easeprobe
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33966 CRITICAL PATCH Act Now

Deno is a runtime for JavaScript and TypeScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Deno Deno Runtime
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3015 CRITICAL Act Now

A vulnerability has been found in yiwent Vip Video Analysis 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Vip Video Analysis
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34218 CRITICAL Act Now

In JetBrains TeamCity before 2023.05 bypass of permission checks allowing to perform admin actions was possible. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Teamcity
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3008 CRITICAL Act Now

A vulnerability classified as critical has been found in ningzichun Student Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Student Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3007 CRITICAL Act Now

A vulnerability was found in ningzichun Student Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Student Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-25539 CRITICAL Act Now

Dell NetWorker 19.6.1.2, contains an OS command injection Vulnerability in the NetWorker client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Command Injection Dell Networker
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-33971 MEDIUM POC This Month

Formcreator is a GLPI plugin which allow creation of custom forms and the creation of one or more tickets when the form is filled. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Form Creator
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3021 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository mkucej/i-librarian-free prior to 5.10.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS I Librarian
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3017 MEDIUM POC This Month

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Lost And Found Information System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-31548 MEDIUM POC This Month

A stored Cross-site scripting (XSS) vulnerability in the FundRaiserEditor.php component of ChurchCRM v4.5.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2023-26842 MEDIUM POC This Month

A stored Cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3 allows remote attackers to inject arbitrary web script or HTML via the OptionManager.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Churchcrm
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2023-3009 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-33736 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Dcat-Admin v2.1.3-beta allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dcat Admin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-2758 MEDIUM POC This Month

A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Conprosys Hmi System
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-2549 HIGH PATCH This Week

The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Feather Login Page
NVD
CVSS 3.1
8.8
EPSS
0.3%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy