Skip to main content
CVE-2023-34563 CRITICAL POC THREAT Act Now

netgear R6250 Firmware Version 1.0.4.48 is vulnerable to Buffer Overflow after authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear R6250 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.9%
CVE-2023-35885 CRITICAL POC THREAT Act Now

CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudpanel
NVD GitHub
CVSS 3.1
9.8
EPSS
75.3%
CVE-2023-3340 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online School Fees System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online School Fees System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-34600 CRITICAL POC THREAT Act Now

Adiscon LogAnalyzer v4.1.13 and before is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Loganalyzer
NVD GitHub
CVSS 3.1
9.8
EPSS
23.7%
CVE-2023-34541 CRITICAL POC PATCH Act Now

Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-35166 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
63.1%
CVE-2023-2533 HIGH POC KEV THREAT This Week

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in PaperCut NG/MF, which, under specific conditions, could potentially enable an attacker to alter security settings or execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Papercut Mf Papercut Ng
NVD
CVSS 3.1
8.8
EPSS
29.2%
CVE-2023-3320 HIGH POC PATCH This Week

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress PHP CSRF Wp Sticky Social
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-34597 MEDIUM POC This Month

A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Fgms 001 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-34596 MEDIUM POC This Month

A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zw130 A Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-33869 CRITICAL Act Now

Enphase Envoy versions D7.0.88 is vulnerable to a command injection exploit that may allow an attacker to execute root commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Envoy Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-3337 CRITICAL Act Now

A vulnerability was found in PuneethReddyHC Online Shopping System Advanced 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Authentication Bypass Online Shopping System Advanced
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35854 CRITICAL Act Now

Zoho ManageEngine ADSelfService Plus through 6113 has an authentication bypass that can be exploited to steal the domain controller session token for identity spoofing, thereby achieving the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Zoho Authentication Bypass Manageengine Adselfservice Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
6.0%
CVE-2023-26436 HIGH This Week

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Java RCE Code Injection Deserialization Open Xchange Appsuite Backend
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-3325 HIGH PATCH This Week

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation WordPress Cms Commander
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2023-32274 HIGH This Week

Enphase Installer Toolkit versions 3.27.0 has hard coded credentials embedded in binary code in the Android application. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Installer Toolkit
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-1999 HIGH This Week

There exists a use after free/double free in libwebp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Libwebp
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-1862 HIGH This Week

Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Warp
NVD GitHub
CVSS 3.1
7.3
EPSS
0.8%
CVE-2023-26428 MEDIUM This Month

Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Open Xchange Appsuite Backend
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-33495 MEDIUM This Month

Craft CMS through 4.4.9 is vulnerable to HTML Injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Craft Cms
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35098 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Wordpress Nextgen Galleryview
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35097 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Wp Affiliate Links
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35884 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Eventprime
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3220 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel through 6.1-rc8. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35882 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Super Socializer
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-26429 MEDIUM This Month

Control characters were not removed when exporting user feedback content. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Open Xchange Appsuite Backend
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-26435 MEDIUM This Month

It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite Backend
NVD
CVSS 3.1
5.0
EPSS
0.8%
CVE-2023-35095 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Flo Forms
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-35878 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Extra User Details
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-26434 MEDIUM This Month

When adding an external mail account, processing of POP3 "capabilities" responses are not limited to plausible sizes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Open Xchange Appsuite Backend
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2023-26433 MEDIUM This Month

When adding an external mail account, processing of IMAP "capabilities" responses are not limited to plausible sizes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Open Xchange Appsuite Backend
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2023-26432 MEDIUM This Month

When adding an external mail account, processing of SMTP "capabilities" responses are not limited to plausible sizes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Open Xchange Appsuite Backend
NVD
CVSS 3.1
4.3
EPSS
1.1%
CVE-2023-26431 MEDIUM This Month

IPv4-mapped IPv6 addresses did not get recognized as "local" by the code and a connection attempt is made. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite Backend
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2023-26427 LOW Monitor

Default permissions for a properties file were too permissive. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Open Xchange Appsuite Backend
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2023-2400 LOW Monitor

Improper deletion of resource in the user management feature in Devolutions Server 2023.1.8 and earlier allows an administrator to view users vaults of deleted users via database access. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Devolutions Server
NVD
CVSS 3.1
2.7
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy