Skip to main content
CVE-2023-33625 CRITICAL POC THREAT Emergency

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a command injection vulnerability via the ST parameter in the lxmldbc_system() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
33.2%
CVE-2023-34468 HIGH POC PATCH THREAT Act Now

The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Apache Nifi
NVD GitHub
CVSS 3.1
8.8
EPSS
63.6%
CVE-2023-33626 CRITICAL POC Act Now

D-Link DIR-600 Hardware Version B5, Firmware Version 2.18 was discovered to contain a stack overflow via the gena.cgi binary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 600 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-34581 CRITICAL POC Act Now

Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Service Provider Management System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-26133 CRITICAL POC PATCH Act Now

All versions of the package progressbar.js are vulnerable to Prototype Pollution via the function extend() in the file utils.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Progressbar Js
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-3208 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in RoadFlow Visual Process Engine .NET Core Mvc 2.13.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Roadflow
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-33253 HIGH POC This Week

LabCollector 6.0 though 6.15 allows remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Labcollector
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-34488 HIGH POC This Week

NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Nanomq
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-34942 HIGH POC This Week

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the mac parameter at /start-apply.html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rt N10Lx Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34940 HIGH POC This Week

Asus RT-N10LX Router v2.0.0.39 was discovered to contain a stack overflow via the url parameter at /start-apply.html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Rt N10Lx Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34105 HIGH POC PATCH This Week

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

RCE Command Injection Simple Realtime Server
NVD GitHub
CVSS 3.1
7.5
EPSS
8.8%
CVE-2023-30198 HIGH POC This Week

Prestashop winbizpayment <= 1.0.2 is vulnerable to Incorrect Access Control via modules/winbizpayment/downloads/download.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Winbizpayment
NVD GitHub Exploit-DB
CVSS 3.1
7.5
EPSS
5.5%
CVE-2023-3206 HIGH POC THREAT This Week

A vulnerability classified as problematic was found in Chengdu VEC40G 3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vec40G Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
18.7%
CVE-2023-33290 HIGH POC This Week

The git-url-parse crate through 0.4.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to normalize_url in lib.rs, a similar issue to CVE-2023-32758 (Python). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Denial Of Service Git Url Parse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34246 MEDIUM POC PATCH This Month

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Doorkeeper
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-2568 MEDIUM POC This Month

The Photo Gallery by Ays WordPress plugin before 5.1.7 does not escape some parameters before outputting it back in attributes, leading to Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Photo Gallery
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2398 MEDIUM POC This Month

The Icegram Engage WordPress plugin before 3.1.12 does not escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Icegram Engage
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-2362 MEDIUM POC This Month

The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bubble Menu Button Generator Calculator Builder +9
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-32674 CRITICAL Act Now

Certain versions of HP PC Hardware Diagnostics Windows are potentially vulnerable to buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow HP Microsoft Pc Hardware Diagnostics
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-32673 CRITICAL PATCH Act Now

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure HP Microsoft Image Assistant Pc Hardware Diagnostics +1
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26295 CRITICAL Act Now

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-32220 CRITICAL Act Now

Milesight NCR/camera version 71.8.0.6-r5 allows authentication bypass through an unspecified method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ncr Camera Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-27716 CRITICAL Act Now

An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kafkaui Lite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35042 CRITICAL PATCH Act Now

GeoServer 2, in some configurations, allows remote attackers to execute arbitrary code via java.lang.Runtime.getRuntime().exec in wps:LiteralData within a wps:Execute request, as exploited in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Geoserver
NVD
CVSS 3.1
9.8
EPSS
43.2%
CVE-2023-35034 CRITICAL Act Now

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-34941 MEDIUM POC THREAT This Month

A stored cross-site scripting (XSS) vulnerability in the urlFilterList function of Asus RT-N10LX Router v2.0.0.39 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rt N10Lx Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
23.8%
CVE-2023-2718 MEDIUM POC This Month

The Contact Form Email WordPress plugin before 1.3.38 does not escape submitted values before displaying them in the HTML, leading to a Stored XSS vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Email
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-33492 MEDIUM POC This Month

EyouCMS 1.6.2 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-34342 CRITICAL Act Now

AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download arbitrary files under certain circumstances, which may lead to denial of service, escalation of. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Denial Of Service Megarac Sp X
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-34335 CRITICAL Act Now

AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to write to a host SPI flash, bypassing secure boot protections. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Megarac Spx
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-35036 CRITICAL Act Now

In Progress MOVEit Transfer before 2021.0.7 (13.0.7), 2021.1.5 (13.1.5), 2022.0.5 (14.0.5), 2022.1.6 (14.1.6), and 2023.0.2 (15.0.2), SQL injection vulnerabilities have been found in the MOVEit. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass SQLi Moveit Transfer
NVD
CVSS 3.1
9.1
EPSS
12.8%
CVE-2023-26298 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26297 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26296 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-28478 HIGH This Week

TP-Link EC-70 devices through 2.3.4 Build 20220902 rel.69498 have a Buffer Overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow TP-Link Ec70 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-34343 HIGH This Week

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Denial Of Service Command Injection Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-34336 HIGH This Week

AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-34334 HIGH This Week

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Information Disclosure Denial Of Service Command Injection Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-34341 HIGH This Week

AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Megarac Sp X
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-34855 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Youxun Electronic Equipment (Shanghai) Co., Ltd AC Centralized Management Platform v1.02.040 allows attackers to execute arbitrary code via uploading a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ac Centralized Management Platform
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-35035 HIGH This Week

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-35033 HIGH This Week

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-35032 HIGH This Week

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow command injection by authenticated users, aka OSFOURK-23554. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-35031 HIGH This Week

Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8, Assistant V10 R0, Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8, and Manager V10 R0 allow command injection by. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Unify Openscape 4000 Assistant Unify Openscape 4000 Manager
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-26294 HIGH This Week

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection HP Hp Device Manager
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-32221 HIGH This Week

EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Todo Backup
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32219 HIGH This Week

A Mazda model (2015-2016) can be unlocked via an unspecified method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mazda Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-1899 HIGH This Week

Atlas Copco Power Focus 6000 web server is not a secure connection by default, which could allow an attacker to gain sensitive information by monitoring network traffic between user and controller. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Power Focus 6000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-1898 HIGH This Week

Atlas Copco Power Focus 6000 web server uses a small amount of session ID numbers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Power Focus 6000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1897 HIGH This Week

Atlas Copco Power Focus 6000 web server does not sanitize the login information stored by the authenticated user’s browser, which could allow an attacker with access to the user’s computer to gain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Power Focus 6000 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy