Skip to main content
CVE-2023-33592 CRITICAL POC Act Now

Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lost And Found Information System
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-26134 CRITICAL POC PATCH Act Now

Versions of the package git-commit-info before 2.0.2 are vulnerable to Command Injection such that the package-exported method gitCommitInfo () fails to sanitize its parameter commit, which later. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Git Commit Info
NVD GitHub
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-33570 HIGH POC This Week

Bagisto v1.5.1 is vulnerable to Server-Side Template Injection (SSTI). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Bagisto
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-3090 HIGH POC PATCH This Week

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Linux Privilege Escalation Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-34937 HIGH POC This Week

A stack overflow in the UpdateSnat function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34936 HIGH POC This Week

A stack overflow in the UpdateMacClone function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34935 HIGH POC This Week

A stack overflow in the AddWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34934 HIGH POC This Week

A stack overflow in the Edit_BasicSSID_5G function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34933 HIGH POC This Week

A stack overflow in the UpdateWanParams function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-26615 HIGH POC This Week

D-Link DIR-823G firmware version 1.02B05 has a password reset vulnerability, which originates from the SetMultipleActions API, allowing unauthorized attackers to reset the WEB page management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34932 HIGH POC This Week

A stack overflow in the UpdateWanMode function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34931 HIGH POC This Week

A stack overflow in the EditWlanMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34930 HIGH POC This Week

A stack overflow in the EditMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34929 HIGH POC This Week

A stack overflow in the AddMacList function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-34928 HIGH POC This Week

A stack overflow in the Edit_BasicSSID function of H3C Magic B1STV100R012 allows attackers to cause a Denial of Service (DoS) via a crafted POST request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Magic B1St Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-34736 HIGH POC This Week

Guantang Equipment Management System version 4.12 is vulnerable to Arbitrary File Upload. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Guantang Equipment Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-3450 HIGH POC THREAT This Week

A vulnerability was found in Ruijie RG-BCR860 2.5.13 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rg Bcr860 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
50.4%
CVE-2023-3449 HIGH POC This Week

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-2232 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 15.10 before 16.1, leading to a ReDoS vulnerability in the Jira prefix. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gitlab Atlassian
NVD
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-34761 MEDIUM POC This Month

An unauthenticated attacker within BLE proximity can remotely connect to a 7-Eleven LED Message Cup, Hello Cup 1.3.1 for Android, and bypass the application's client-side chat censor filter. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Hello Cup
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-36475 CRITICAL PATCH Act Now

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improperly Controlled Modification of Object Prototype Attributes (Prototype Pollution) vulnerability could allow attackers to modify object prototypes to inject properties affecting application logic.

Node.js RCE Prototype Pollution Parse Server
NVD GitHub
CVSS 3.1
9.8
EPSS
3.2%
CVE-2023-3243 CRITICAL Act Now

** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an authenticating hash and utilize it to create new sessions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Alerton Bcm Web Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32224 CRITICAL Act Now

D-Link DSL-224 firmware version 3.0.10 CWE-307: Improper Restriction of Excessive Authentication Attempts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure D-Link Dsl 224 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-32222 CRITICAL Act Now

D-Link DSL-G256DG version vBZ_1.00.27 web management interface allows authentication bypass via an unspecified method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dsl G256Dg Firmware
NVD
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-21517 CRITICAL Act Now

Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung Exynos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-21066 CRITICAL Act Now

In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a heap buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Google Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-27866 CRITICAL PATCH Act Now

IBM Informix JDBC Driver 4.10 and 4.50 is susceptible to remote code execution attack via JNDI injection when driver code or the application using the driver do not verify supplied LDAP URL in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection IBM Informix Jdbc Driver
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-30259 MEDIUM POC This Month

A Buffer Overflow vulnerability in importshp plugin in LibreCAD 2.2.0 allows attackers to obtain sensitive information via a crafted DBF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Librecad
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-32623 CRITICAL Act Now

Directory traversal vulnerability in Snow Monkey Forms v5.1.1 and earlier allows a remote unauthenticated attacker to delete arbitrary files on the server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Snow Monkey Forms
NVD
CVSS 3.1
9.1
EPSS
1.5%
CVE-2023-32223 HIGH This Week

D-Link DSL-224 firmware version 3.0.10 allows post authentication command execution via an unspecified method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure D-Link Dsl 224 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-3445 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository spinacms/spina prior to 2.15.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Spina
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-36467 HIGH PATCH This Week

AWS data.all is an open source development framework to help users build a data marketplace on Amazon Web Services. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Python Code Injection Aws Dataall
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-2625 HIGH This Week

A vulnerability exists that can be exploited by an authenticated client that is connected to the same network segment as the CoreTec 4, having any level of access VIEWER to ADMIN. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Txpert Hub Coretec 4 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.5%
CVE-2023-3390 HIGH PATCH This Week

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +5
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-21518 HIGH This Week

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Searchwidget
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3389 HIGH PATCH This Week

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-21225 HIGH This Week

there is a possible way to bypass the protected confirmation screen due to Failure to lock display power. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21192 HIGH This Week

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21191 HIGH This Week

In fixNotification of NotificationManagerService.java, there is a possible bypass of notification hide preference due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21187 HIGH This Week

In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21185 HIGH This Week

In multiple functions of WifiNetworkFactory.java, there is a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21184 HIGH This Week

In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21183 HIGH This Week

In ForegroundUtils of ForegroundUtils.java, there is a possible way to read NFC tag data while the app is still in the background due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21179 HIGH This Week

In parseSecurityParamsFromXml of XmlUtil.java, there is a possible bypass of user specified wifi encryption protocol due to improperly used crypto. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21175 HIGH This Week

In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21174 HIGH This Week

In isPageSearchEnabled of BillingCycleSettings.java, there is a possible way for the guest user to change data limits due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21172 HIGH This Week

In multiple functions of WifiCallingSettings.java, there is a possible way to change calling preferences for the admin user due to a permissions bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21149 HIGH This Week

In registerGsmaServiceIntentReceiver of ShannonRcsService.java, there is a possible way to activate/deactivate RCS service due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Google Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21147 HIGH This Week

In lwis_i2c_device_disable of lwis_device_i2c.c, there is a possible UAF due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Memory Corruption Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-20178 HIGH This Week

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco Microsoft Anyconnect Secure Mobility Client Secure Client
NVD
CVSS 3.1
7.8
EPSS
5.4%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy