Skip to main content
CVE-2023-34800 CRITICAL POC THREAT Act Now

D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at genacgi_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Go Rt Ac750 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
29.3%
CVE-2023-31672 CRITICAL POC Act Now

In the PrestaShop < 2.4.3 module "Length, weight or volume sell" (ailinear) there is a SQL injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ailinear
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-34880 CRITICAL POC Act Now

cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the add_action method at lib/admin/language_admin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal PHP Cmseasy
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-3274 HIGH POC This Week

A vulnerability classified as critical has been found in code-projects Supplier Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Supplier Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-33243 HIGH POC This Week

RedTeam Pentesting discovered that the web interface of STARFACE as well as its REST API allows authentication using the SHA512 hash of the password instead of the cleartext password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Starface
NVD Exploit-DB
CVSS 3.1
8.1
EPSS
4.4%
CVE-2023-34455 HIGH POC PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-34453 HIGH POC PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Integer Overflow Java Denial Of Service Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-3276 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in Dromara HuTool up to 5.8.19. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Hutool
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34833 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /api/upload.php of ThinkAdmin v6 allows attackers to execute arbitrary code via a crafted file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Thinkadmin
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34666 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cyber Cafe Management System
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-2080 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Forcepoint Cloud Security Gateway (CSG) Portal on Web Cloud Security Gateway, Email Security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Email Security Web Security
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-34852 CRITICAL Act Now

PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Publiccms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-2686 CRITICAL Act Now

Buffer overflow in Wi-Fi Commissioning MicriumOS example in Silicon Labs Gecko SDK v4.2.3 or earlier allows connected device to write payload onto the stack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Gecko Software Development Kit
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-21130 CRITICAL PATCH Act Now

In btm_ble_periodic_adv_sync_lost of btm_ble_gap.cc, there is a possible remote code execution due to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

RCE Buffer Overflow Information Disclosure Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-3275 CRITICAL Act Now

A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Rail Pass Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-34797 MEDIUM POC This Month

Broken access control in the Registration page (/Registration.aspx) of Termenos CWX v8.5.6 allows attackers to access sensitive information. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cwx
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-21127 HIGH PATCH This Week

In readSampleData of NuMediaExtractor.cpp, there is a possible out of bounds write due to uninitialized data. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Buffer Overflow RCE Google Android
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-21115 HIGH This Week

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-21108 HIGH PATCH This Week

In sdpu_build_uuid_seq of sdp_discovery.cc, there is a possible out of bounds write due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Google Use After Free RCE +2
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27634 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability allows arbitrary file upload in Shingo Intrepidity plugin <= 1.5.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload CSRF Intrepidity
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25055 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Videos plugin <= 2.6.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Google Xml Sitemap For Videos
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25450 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in GiveWP GiveWP - Donation Plugin and Fundraising Platform plugin <= 2.25.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Givewp
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-23802 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google CSRF Ht Easy Ga4 Google Analytics 4
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-25449 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Oliver Seidel, Bastian Germann cformsII plugin <= 15.0.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Cformsii
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-35030 HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in the Layout module's SEO configuration in Liferay Portal 7.4.3.70 through 7.4.3.76, and Liferay DXP 7.4 update 70 through 76 allows remote attackers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE CSRF Dxp Liferay Portal
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-34626 MEDIUM POC This Month

Piwigo 13.7.0 is vulnerable to SQL Injection via the "Users" function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Piwigo
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-24032 HIGH PATCH This Week

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Privilege Escalation Command Injection Collaboration
NVD
CVSS 3.1
7.8
EPSS
1.0%
CVE-2023-29321 HIGH This Week

Adobe Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21618 HIGH This Week

Adobe Substance 3D Designer version 12.4.1 (and earlier) is affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Adobe Substance 3d Designer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-21139 HIGH PATCH This Week

In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21138 HIGH PATCH This Week

In onNullBinding of CallRedirectionProcessor.java, there is a possible long lived connection due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21135 HIGH PATCH This Week

In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21131 HIGH PATCH This Week

In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21129 HIGH This Week

In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21128 HIGH PATCH This Week

In various functions of AppStandbyController.java, there is a possible way to break manageability scenarios due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21126 HIGH PATCH This Week

In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21124 HIGH PATCH This Week

In run of multiple files, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Privilege Escalation Google Deserialization Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21123 HIGH This Week

In multiple functions of multiple files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21122 HIGH This Week

In various functions of various files, there is a possible way to bypass the DISALLOW_DEBUGGING_FEATURES restriction for tracing due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21121 HIGH This Week

In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21120 HIGH This Week

In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-2847 HIGH This Week

During internal security analysis, a local privilege escalation vulnerability has been identified. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Eset Cyber Security Endpoint Antivirus Server Security
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-2270 HIGH This Week

The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Netskope
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-28175 HIGH This Week

Improper Authorization in SSH server in Bosch VMS 11.0, 11.1.0, and 11.1.1 allows a remote authenticated user to access resources within the trusted internal network via a port forwarding request. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Video Management System Video Management System Viewer Divar Ip 3000 Firmware Divar Ip 6000 Firmware +5
NVD
CVSS 3.1
7.7
EPSS
0.5%
CVE-2023-23841 HIGH This Week

SolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Serv U
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-28809 HIGH This Week

Some access control products are vulnerable to a session hijacking attack because the product does not update the session ID after a user successfully logs in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Ds K1T320Efwx Firmware Ds K1T320Efx Firmware Ds K1T320Ewx Firmware Ds K1T320Ex Firmware +22
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22248 HIGH PATCH This Week

Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-21144 HIGH PATCH This Week

In doInBackground of NotificationContentInflater.java, there is a possible temporary denial or service due to long running operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Google Android
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34454 HIGH PATCH This Week

snappy-java is a fast compressor/decompressor for Java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Java Buffer Overflow Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-25683 HIGH This Week

IBM PowerVM Hypervisor FW950.00 through FW950.71, FW1010.00 through FW1010.40, FW1020.00 through FW1020.20, and FW1030.00 through FW1030.11 could allow an attacker to obtain sensitive information if. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Powervm Hypervisor
NVD
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy