Skip to main content
CVE-2023-34362 CRITICAL POC KEV THREAT Emergency

In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1.5), and 2023.0.1 (15.0.1), a SQL injection vulnerability has been found in the MOVEit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft SQLi Moveit Cloud Moveit Transfer
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2023-33762 CRITICAL POC Act Now

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a SQL injection vulnerability via the Activity parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Simpleredak
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33675 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the get_parentControl_list_Info function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-33673 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33671 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33670 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33669 CRITICAL POC Act Now

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-3069 CRITICAL POC PATCH Act Now

Unverified Password Change in GitHub repository tsolucio/corebos prior to 8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Corebos
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3068 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Campcodes Retro Cellphone Online Store 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Retro Cellphone Online Store
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-30149 CRITICAL POC THREAT Act Now

SQL injection vulnerability in the City Autocomplete (cityautocomplete) module from ebewe.net for PrestaShop, prior to version 1.8.12 (for PrestaShop version 1.5/1.6) or prior to 2.0.3 (for. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi City Autocomplete
NVD
CVSS 3.1
9.8
EPSS
18.2%
CVE-2023-3062 CRITICAL POC Act Now

A vulnerability was found in code-projects Agro-School Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Agro School Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3061 CRITICAL POC Act Now

A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical.php of the component Attachment Image Handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Agro School Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33476 CRITICAL POC PATCH Act Now

ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Readymedia
NVD
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-3059 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Online Exam Form Submission 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Exam Form Submission
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3057 CRITICAL POC Act Now

A vulnerability was found in YFCMF up to 3.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Yfcmf Tp6
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-3056 CRITICAL POC Act Now

A vulnerability was found in YFCMF up to 3.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Yfcmf Tp6
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-29746 CRITICAL POC Act Now

An issue found in The Thaiger v.1.2 for Android allows unauthorized apps to cause a code execution attack by manipulating the SharedPreference files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Google The Thaiger
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-3033 HIGH POC This Week

Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.7.22. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Mobatime Web Application
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-3032 HIGH POC This Week

Unrestricted Upload of File with Dangerous Type vulnerability in Mobatime web application (Documentary proof upload modules) allows a malicious user to Upload a Web Shell to a Web Server.7.22. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Mobatime Web Application
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-27745 HIGH POC This Week

An issue in South River Technologies TitanFTP Before v2.0.1.2102 allows attackers with low-level privileges to perform Administrative actions by sending requests to the user server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Titan Ftp Server Nextgen
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-25734 HIGH POC This Week

After downloading a Windows <code>.url</code> shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Microsoft Open Redirect Firefox Firefox Esr +1
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-29724 HIGH POC This Week

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized apps to actively request permission to modify data in the database that records information about a user's personal preferences and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Google Bt21 X Bts Wallpaper
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27744 HIGH POC This Week

An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Code Injection Titan Ftp Server Nextgen
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-33672 HIGH POC This Week

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the shareSpeed parameter in the fromSetWifiGusetBasic function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3075 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository tsolucio/corebos prior to 8. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Corebos
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-25741 MEDIUM POC This Month

When dragging and dropping an image cross-origin, the image's size could potentially be leaked. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-2835 MEDIUM POC PATCH This Month

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Wp Directory Kit
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-33763 MEDIUM POC This Month

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /scheduler/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simpleredak
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33761 MEDIUM POC This Month

eMedia Consulting simpleRedak up to v2.47.23.05 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /view/cb/format_642.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simpleredak
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-33731 MEDIUM POC This Month

Reflected Cross Site Scripting (XSS) in the view dashboard detail feature in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Escan Management Console
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-3000 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Erikoglu Technology ErMon allows Command Line Execution through SQL Injection, Authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-30604 CRITICAL Act Now

It is identified a vulnerability of insufficient authentication in the system configuration interface of Hitron Technologies CODA-5310. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Coda 5310 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-30603 CRITICAL Act Now

Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Coda 5310 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-28701 CRITICAL Act Now

ELITE TECHNOLOGY CORP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Webfax
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28698 CRITICAL Act Now

Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fantsy
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-29725 MEDIUM POC This Month

The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Bt21 X Bts Wallpaper
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-33717 MEDIUM POC This Month

mp4v2 v2.1.3 was discovered to contain a memory leak when a method calling MP4File::ReadBytes() had allocated memory but did not catch exceptions thrown by ReadBytes(). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mp4V2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3073 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8 via evvtgendoc. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3074 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3071 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3070 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository tsolucio/corebos prior to 8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Corebos
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3067 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository zadam/trilium prior to 0.59.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Trilium
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3060 MEDIUM POC This Month

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Agro School Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3058 MEDIUM POC This Month

A vulnerability was found in 07FLY CRM up to 1.2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Customer Relationship Management
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3031 MEDIUM POC This Month

Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.3.15. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal King Avis
NVD
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-2201 HIGH This Week

The Web Directory Free for WordPress is vulnerable to SQL Injection via the ‘post_id’ parameter in versions up to, and including, 1.6.8 due to insufficient escaping on the user supplied parameter and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi WordPress Web Directory Free
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-32215 HIGH This Week

Mozilla developers and community members Gabriele Svelto, Andrew Osmond, Emily McDonough, Sebastian Hengst, Andrew McCreight and the Mozilla Fuzzing Team reported memory safety bugs present in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32213 HIGH This Week

When reading a file, an uninitialized value could have been used as read limit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32207 HIGH This Week

A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Authentication Bypass Firefox Firefox Esr Thunderbird
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-29551 HIGH This Week

Memory safety bugs present in Firefox 111. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE Mozilla Memory Corruption +2
NVD
CVSS 3.1
8.8
EPSS
0.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy