Skip to main content
CVE-2023-30258 CRITICAL POC PATCH THREAT Act Now

Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Magnusbilling
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
94.2%
CVE-2023-35169 CRITICAL POC PATCH Act Now

PHP-IMAP is a wrapper for common IMAP communication without the need to have the php-imap module installed / enabled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal PHP Php Imap
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-3391 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Human Resource Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Human Resource Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3383 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester Game Result Matrix System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Game Result Matrix System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3380 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Wavlink WN579X3 up to 20230615. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wn579X3 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.9%
CVE-2023-34671 HIGH POC This Week

Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Etg150 Fm Firmware
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-34672 HIGH POC This Week

Improper Access Control leads to adding a high-privilege user affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role within the admin profile. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-35932 HIGH POC This Week

jcvi is a Python library to facilitate genome assembly, annotation, and comparative genomics. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Command Injection Jcvi
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-35165 HIGH POC PATCH This Week

AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Aws Cloud Development Kit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36348 HIGH POC This Week

POS Codekop v2.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the filename parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Codekop
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
6.4%
CVE-2023-36345 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in POS Codekop v2.0 allows attackers to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS CSRF Codekop
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-36274 HIGH POC PATCH This Week

LibreDWG v0.11 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_write_TF at bits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36273 HIGH POC This Week

LibreDWG v0.12.5 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-36272 HIGH POC PATCH This Week

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_utf8_to_TU at bits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-36271 HIGH POC PATCH This Week

LibreDWG v0.10 to v0.12.5 was discovered to contain a heap buffer overflow via the function bit_wcs2nlen at bits.c. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Libredwg
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-30260 HIGH POC PATCH This Week

Command injection vulnerability in RaspAP raspap-webgui 2.8.8 and earlier allows remote attackers to run arbitrary commands via crafted POST request to hostapd settings form. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Raspap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-34465 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation Xwiki
NVD GitHub
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-35150 HIGH POC PATCH THREAT This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.0
EPSS
77.7%
CVE-2023-3302 HIGH POC PATCH This Week

Improper Neutralization of Formula Elements in a CSV File in GitHub repository admidio/admidio prior to 4.2.9. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Admidio
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-36193 HIGH POC This Week

Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via the ambiguity_error component at /src/clp.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gifsicle
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-36192 HIGH POC This Week

Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_ws_check_packet at /src/capture.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Sngrep
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-1783 HIGH POC This Week

OrangeScrum version 2.0.11 allows an external attacker to remotely obtain AWS instance credentials. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Orangescrum
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2023-34467 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-36284 HIGH POC This Week

An unauthenticated Time-Based SQL injection found in Webkul QloApps 1.6.0 via GET parameter date_from, date_to, and id_product allows a remote attacker to bypass a web application's authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Qloapps
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-30362 HIGH POC PATCH This Week

Buffer Overflow vulnerability in coap_send function in libcoap library 4.3.1-103-g52cfd56 fixed in 4.3.1-120-ge242200 allows attackers to obtain sensitive information via malformed pdu. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Libcoap
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29860 HIGH POC This Week

An insecure permissions in /Taier/API/tenant/listTenant interface in DTStack Taier 1.3.0 allows attackers to view sensitive information via the getCookie method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Taier
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3393 HIGH POC PATCH This Week

Code Injection in GitHub repository fossbilling/fossbilling prior to 0.5.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Code Injection Fossbilling
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-34673 MEDIUM POC This Month

Elenos ETG150 FM transmitter running on version 3.12 was discovered to be leaking SMTP credentials and other sensitive information by exploiting the publicly accessible Memcached service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Etg150 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35171 MEDIUM POC PATCH This Month

NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Nextcloud Open Redirect Nextcloud Server
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-36346 MEDIUM POC This Month

POS Codekop v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the nm_member parameter at print.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Codekop
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
5.3%
CVE-2023-35162 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
2.4%
CVE-2023-35161 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
2.4%
CVE-2023-35160 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
2.3%
CVE-2023-35159 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2023-35158 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
2.0%
CVE-2023-35156 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
2.1%
CVE-2023-35155 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xwiki
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-36287 MEDIUM POC This Month

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST controller. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qloapps
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-36289 MEDIUM POC This Month

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via POST email_create and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qloapps
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-3382 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in SourceCodester Game Result Matrix System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Game Result Matrix System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3381 MEDIUM POC This Month

A vulnerability classified as problematic was found in SourceCodester Online School Fees System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online School Fees System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-34460 CRITICAL PATCH Act Now

Tauri is a framework for building binaries for all major desktop platforms. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Tauri
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32419 CRITICAL Act Now

The issue was addressed with improved bounds checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-32412 CRITICAL Act Now

A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-32387 CRITICAL Act Now

A use-after-free issue was addressed with improved memory management. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption macOS
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-33299 CRITICAL Act Now

A deserialization of untrusted data in Fortinet FortiNAC below 7.2.1, below 9.4.3, below 9.2.8 and all earlier versions of 8.x allows attacker to execute unauthorized code or commands via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Deserialization Fortinac
NVD
CVSS 3.1
9.8
EPSS
24.3%
CVE-2023-3394 MEDIUM POC PATCH This Month

Session Fixation in GitHub repository fossbilling/fossbilling prior to 0.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Session Fixation Fossbilling
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-35153 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-36288 MEDIUM POC This Month

An unauthenticated Cross-Site Scripting (XSS) vulnerability found in Webkul QloApps 1.6.0 allows an attacker to obtain a user's session cookie and then impersonate that user via GET configure. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Qloapps
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-34464 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy