Skip to main content
CVE-2023-29357 CRITICAL POC KEV PATCH THREAT Act Now

Microsoft SharePoint Server Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Microsoft Sharepoint Server
NVD GitHub
CVSS 3.1
9.8
EPSS
99.6%
CVE-2023-34752 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the lid parameter at admin/index.php?mode=settings&page=lang&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD VulDB
CVSS 3.1
9.8
EPSS
5.5%
CVE-2023-30150 CRITICAL POC Act Now

PrestaShop leocustomajax 1.0 and 1.0.0 are vulnerable to SQL Injection via modules/leocustomajax/leoajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Leocustomajax
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-34095 CRITICAL POC PATCH Act Now

cpdb-libs provides frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Cpdb Libs
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-25367 CRITICAL POC Act Now

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Sds1204X E Firmware Sds1104X E Firmware Sds1074X E Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-34540 CRITICAL POC PATCH Act Now

Langchain before v0.0.225 was discovered to contain a remote code execution (RCE) vulnerability in the component JiraAPIWrapper (aka the JIRA API wrapper). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Atlassian Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-34865 CRITICAL POC Act Now

Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename feature. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ujcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-34756 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=charset&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34755 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the userid parameter at admin/index.php?mode=user&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34754 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the pid parameter at admin/index.php?mode=settings&page=plugins&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2023-34753 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the tid parameter at admin/index.php?mode=settings&page=tmpl&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34751 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-34750 CRITICAL POC Act Now

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the cid parameter at admin/index.php?mode=settings&page=projects&action=edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Bloofoxcms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-34747 CRITICAL POC THREAT Act Now

File upload vulnerability in ujcms 6.0.2 via /api/backend/core/web-file-upload/upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Ujcms
NVD GitHub
CVSS 3.1
9.8
EPSS
20.0%
CVE-2023-3238 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in OTCMS up to 6.62.php?mudi=getSignal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Otcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3237 CRITICAL POC Act Now

A vulnerability classified as critical was found in OTCMS up to 6.62. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Otcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3234 CRITICAL POC Act Now

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Deserialization Crmeb
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-3232 CRITICAL POC Act Now

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Crmeb
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-25434 HIGH POC This Week

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesBytes() at /libtiff/tools/tiffcrop.c:3215. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libtiff
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-3236 HIGH POC This Week

A vulnerability classified as critical has been found in mccms up to 2.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3235 HIGH POC This Week

A vulnerability was found in mccms up to 2.6.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Mccms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3233 HIGH POC This Week

A vulnerability was found in Zhong Bang CRMEB up to 4.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Crmeb
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-33131 HIGH POC PATCH This Week

Microsoft Outlook Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Microsoft Office Office Long Term Servicing Channel +2
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
5.7%
CVE-2023-33137 HIGH POC PATCH This Week

Microsoft Excel Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Microsoft Office Office Online Server
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
2.7%
CVE-2023-30082 HIGH POC This Week

A denial of service attack might be launched against the server if an unusually lengthy password (more than 10000000 characters) is supplied using the osTicket application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Osticket
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-25369 HIGH POC This Week

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sds1204X E Firmware Sds1104X E Firmware Sds1074X E Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-25368 HIGH POC This Week

Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sds1204X E Firmware Sds1104X E Firmware Sds1074X E Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34868 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the parser_parse_for_statement_start at jerry-core/parser/js/js-parser-statm.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34867 HIGH POC This Week

Jerryscript 3.0 (commit 05dbbd1) was discovered to contain an Assertion Failure via the ecma_property_hashmap_create at jerry-core/ecma/base/ecma-property-hashmap.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-35110 HIGH POC This Week

An issue was discovered jjson thru 0.1.7 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Jjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34878 HIGH POC This Week

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ujcms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34624 HIGH POC PATCH This Week

An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Htmlcleaner
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-34623 HIGH POC This Week

An issue was discovered jtidy thru r938 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Jtidy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34620 HIGH POC PATCH This Week

An issue was discovered hjson thru 3.0.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Hjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34617 HIGH POC This Week

An issue was discovered genson thru 1.6 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Genson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34616 HIGH POC This Week

An issue was discovered pbjson thru 0.4.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Pbjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34615 HIGH POC This Week

An issue was discovered JSONUtil thru 5.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Jsonutil
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34614 HIGH POC This Week

An issue was discovered jmarsden/jsonij thru 0.5.2 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Jsonij
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34613 HIGH POC This Week

An issue was discovered sojo thru 1.1.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Sojo
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34612 HIGH POC This Week

An issue was discovered ph-json thru 9.5.5 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Ph Json
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34611 HIGH POC This Week

An issue was discovered mjson thru 1.4.1 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Mjson
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34610 HIGH POC PATCH This Week

An issue was discovered json-io thru 4.14.0 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Json Io
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34609 HIGH POC This Week

An issue was discovered flexjson thru 3.3 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Flexjson
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-3241 HIGH POC This Week

A vulnerability was found in OTCMS up to 6.62 and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-3239 HIGH POC This Week

A vulnerability, which was classified as problematic, was found in OTCMS up to 6.62. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Otcms
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-34000 HIGH POC This Week

Unauth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Stripe Payment Gateway
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-3230 HIGH POC PATCH This Week

Missing Authorization in GitHub repository fossbilling/fossbilling prior to 0.5.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Fossbilling
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-34448 HIGH POC PATCH This Week

Grav is a flat-file content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Grav
NVD GitHub
CVSS 3.1
7.2
EPSS
4.5%
CVE-2023-34253 HIGH POC PATCH This Week

Grav is a flat-file content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Grav
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
CVE-2023-34252 HIGH POC PATCH This Week

Grav is a flat-file content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE PHP Grav
NVD GitHub
CVSS 3.1
7.2
EPSS
2.1%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy