Skip to main content
CVE-2023-33584 CRITICAL POC THREAT Act Now

Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Enrollment System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
14.2%
CVE-2022-45287 HIGH POC This Week

An access control issue in Registration.aspx of Temenos CWX 8.5.6 allows authenticated attackers to escalate privileges and perform arbitrary Administrative commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Cwx
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-33289 HIGH POC This Week

The urlnorm crate through 0.1.4 for Rust allows Regular Expression Denial of Service (ReDos) via a crafted URL to lib.rs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Urlnorm
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-3339 HIGH POC This Week

A vulnerability has been found in code-projects Agro-School Management System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Agro School Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24261 HIGH POC THREAT This Week

A vulnerability in GL.iNET GL-E750 Mudi before firmware v3.216 allows authenticated attackers to execute arbitrary code via a crafted POST request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Gl E750 Firmware
NVD
CVSS 3.1
7.2
EPSS
18.8%
CVE-2023-33405 MEDIUM POC THREAT This Month

Blogengine.net 3.3.8.0 and earlier is vulnerable to Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Blogengine Net
NVD GitHub
CVSS 3.1
6.1
EPSS
31.3%
CVE-2023-33725 MEDIUM POC PATCH This Month

Broadleaf 5.x and 6.x (including 5.2.25-GA and 6.2.6-GA) was discovered to contain a cross-site scripting (XSS) vulnerability via a customer signup with a crafted email address. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Broadleaf Commerce
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-34340 CRITICAL PATCH Act Now

Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Authentication Bypass Accumulo
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-25435 MEDIUM POC This Month

libtiff 4.5.0 is vulnerable to Buffer Overflow via extractContigSamplesShifted8bits() at /libtiff/tools/tiffcrop.c:3753. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Libtiff
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-3110 HIGH This Week

Description: A vulnerability in SiLabs Unify Gateway 1.3.1 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Unify Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-0972 HIGH This Week

Description: A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Z Ip Gateway Sdk
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-0971 HIGH This Week

A logic error in SiLabs Z/IP Gateway SDK 7.18.02 and earlier allows authentication to be bypassed, remote administration of Z-Wave controllers, and S0/S2 encryption keys to be recovered. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Z Ip Gateway Sdk
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-27243 HIGH This Week

An access control issue in Makves DCAP v3.0.0.122 allows unauthenticated attackers to obtain cleartext credentials via a crafted web request to the product API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Dcap
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2911 HIGH PATCH This Week

If the `recursive-clients` quota is reached on a BIND 9 resolver configured with both `stale-answer-enable yes;` and `stale-answer-client-timeout 0;`, a sequence of serve-stale-related lookups could. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Bind Debian Linux Fedora +6
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-2829 HIGH This Week

A `named` instance configured to run as a DNSSEC-validating recursive resolver with the Aggressive Use of DNSSEC-Validated Cache (RFC 8198) option (`synth-from-dnssec`) enabled can be remotely. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Bind Active Iq Unified Manager H500s Firmware H700s Firmware +3
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2828 HIGH PATCH This Week

Every `named` instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Bind Debian Linux Fedora Active Iq Unified Manager +5
NVD
CVSS 3.1
7.5
EPSS
3.8%
CVE-2023-0026 HIGH This Week

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34981 HIGH PATCH This Week

A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tomcat Apache Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-0970 MEDIUM This Month

Multiple buffer overflow vulnerabilities in SiLabs Z/IP Gateway SDK version 7.18.01 and earlier allow an attacker with invasive physical access to a Z-Wave controller device to overwrite global. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Z Ip Gateway Sdk
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-33591 MEDIUM This Month

User Registration & Login and User Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-result.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS User Registration Login And User Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27432 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Manage Upload Limit
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27414 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Popup Box
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27450 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Leyka
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-27443 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Simple Vimeo Shortcode
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-27429 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jetpack Crm
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-27439 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS New Adman
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-0969 LOW Monitor

A vulnerability in SiLabs Z/IP Gateway 7.18.01 and earlier allows an authenticated attacker within Z-Wave range to manipulate an array pointer to disclose the contents of global memory. Rated low severity (CVSS 3.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Z Ip Gateway Sdk
NVD
CVSS 3.1
3.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy