Skip to main content
CVE-2023-33386 CRITICAL POC Act Now

MarsCTF 1.2.1 has an arbitrary file upload vulnerability in the interface for uploading attachments in the background. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Marsctf
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3100 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in IBOS 4.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3065 CRITICAL POC Act Now

Improper Authentication vulnerability in Mobatime mobile application AMXGT100 allows Authentication Bypass.3.20. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amxgt 100
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-34102 HIGH POC PATCH This Week

Avo is an open source ruby on rails admin panel creation framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Avo
NVD GitHub
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-3079 HIGH POC KEV THREAT This Week

Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Information Disclosure Google Chrome Fedora +4
NVD
CVSS 3.1
8.8
EPSS
32.7%
CVE-2023-34097 HIGH POC PATCH This Week

hoppscotch is an open source API development ecosystem. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Hoppscotch
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33410 HIGH POC This Week

Minical 1.0.0 and earlier contains a CSV injection vulnerability which allows an attacker to execute remote code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Minical
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-3066 HIGH POC This Week

Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administrators3.20. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Amxgt 100
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-33733 HIGH POC PATCH This Week

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Reportlab
NVD GitHub
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-3098 HIGH POC This Week

A vulnerability classified as critical has been found in KylinSoft youker-assistant on KylinOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Youker Assistant
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-3097 HIGH POC This Week

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Kylin Software Properties
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-3096 HIGH POC This Week

A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Kylin Software Properties
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-34411 HIGH POC PATCH This Week

The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <!. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service XXE Xml Library
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-34407 HIGH POC This Week

OfflinePlayerService.exe in Harbinger Offline Player 4.0.6.0.2 allows directory traversal as LocalSystem via ..\ in a URL. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Office Player
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-0900 HIGH POC This Week

The Pricing Table Builder WordPress plugin through 1.1.6 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high-privilege. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Pricing Table Builder
NVD WPScan
CVSS 3.1
7.2
EPSS
3.2%
CVE-2023-3099 HIGH POC This Week

A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Youker Assistant
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-33409 MEDIUM POC This Month

Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Minical
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-33970 MEDIUM POC PATCH This Month

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-33956 MEDIUM POC PATCH This Month

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Kanboard
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33690 MEDIUM POC PATCH This Month

SonicJS up to v0.7.0 allows attackers to execute an authenticated path traversal when an attacker injects special characters into the filename of a backup CMS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Sonicjs
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-2572 MEDIUM POC This Month

The Survey Maker WordPress plugin before 3.4.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Survey Maker
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2571 MEDIUM POC This Month

The Quiz Maker WordPress plugin before 6.4.2.7 does not escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Quiz Maker
NVD WPScan
CVSS 3.1
6.1
EPSS
2.1%
CVE-2023-2503 MEDIUM POC This Month

The 10Web Social Post Feed WordPress plugin before 1.2.9 does not sanitise and escape some parameter before outputting it back in a page, leading to a Reflected Cross-Site Scripting which could be. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS 10Web Social Post Feed
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2488 MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape various parameters before outputting them back in admin dashboard pages,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2472 MEDIUM POC This Month

The Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue WordPress plugin before 3.1.61 does not sanitise and escape a parameter before outputting it back in the admin dashboard when. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Newsletter Smtp Email Marketing And Subscribe
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2337 MEDIUM POC This Month

The ConvertKit WordPress plugin before 2.2.1 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Convertkit Email Marketing Email Newsletter And Landing Pages
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-29631 CRITICAL Act Now

PrestaShop jmsslider 1.6.0 is vulnerable to Incorrect Access Control via ajax_jmsslider.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Jms Slider
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29630 CRITICAL Act Now

PrestaShop jmsmegamenu 1.1.x and 2.0.x is vulnerable to SQL Injection via ajax_jmsmegamenu.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Jms Drop Mega Menu
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-29629 CRITICAL Act Now

PrestaShop jmsthemelayout 2.5.5 is vulnerable to SQL Injection via ajax_jmsvermegamenu.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Jmsthemelayout
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-0636 CRITICAL Act Now

Improper Input Validation vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Abb Command Injection Aspect Ent 2 Firmware Aspect Ent 12 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-0635 CRITICAL Act Now

Improper Privilege Management vulnerability in ABB Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Abb Aspect Ent 2 Firmware Aspect Ent 12 Firmware Aspect Ent 256 Firmware +16
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-33693 MEDIUM POC PATCH This Month

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Denial Of Service Easyplayerpro
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-34103 MEDIUM POC PATCH This Month

Avo is an open source ruby on rails admin panel creation framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Avo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-33408 MEDIUM POC This Month

Minical 1.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Minical
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33969 MEDIUM POC PATCH This Month

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Kanboard
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33968 MEDIUM POC PATCH This Month

Kanboard is open source project management software that focuses on the Kanban methodology. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Kanboard
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3109 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository admidio/admidio prior to 4.2.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Admidio
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-0152 MEDIUM POC This Month

The WP Multi Store Locator WordPress plugin through 2.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Multi Store Locator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34408 MEDIUM POC PATCH This Month

DokuWiki before 2023-04-04a allows XSS via RSS titles. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Dokuwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-33518 MEDIUM POC This Month

emoncms v11 and later was discovered to contain an information disclosure vulnerability which allows attackers to obtain the web directory path and other information leaked by the server via a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Emoncms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-3064 MEDIUM POC This Month

Anonymous user may get the list of existing users managed by the application, that could ease further attacks (see CVE-2023-3065 and 3066)3.20. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Amxgt 100
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-2634 MEDIUM POC This Month

The Get your number WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Get Your Number
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2489 MEDIUM POC This Month

The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2023 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Stop Spammers
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-2224 MEDIUM POC This Month

The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Seo
NVD WPScan
CVSS 3.1
4.8
EPSS
0.9%
CVE-2023-0545 MEDIUM POC This Month

The Hostel WordPress plugin before 1.1.5.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Hostel
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-32217 HIGH This Week

IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Identityiq
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-0041 HIGH PATCH This Week

IBM Security Guardium 11.5 could allow a user to take over another user's session due to insufficient session expiration. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Security Guardium
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3027 HIGH This Week

The grc-policy-propagator allows security escalation within the cluster. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Advanced Cluster Management For Kubernetes
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3111 HIGH This Week

A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +6
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-29344 HIGH PATCH This Week

Microsoft Office Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Microsoft Heap Overflow 365 Apps +2
NVD
CVSS 3.1
7.8
EPSS
0.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy