Skip to main content
CVE-2023-36969 HIGH POC THREAT Act Now

CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Cms Made Simple
NVD
CVSS 3.1
8.8
EPSS
49.3%
CVE-2023-29824 CRITICAL POC PATCH Act Now

A use-after-free issue was discovered in Py_FindObjects() function in SciPy versions prior to 1.8.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Scipy
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-23902 CRITICAL POC Act Now

A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-22844 CRITICAL POC Act Now

An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Milesightvpn
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-22319 CRITICAL POC Act Now

A sql injection vulnerability exists in the requestHandlers.js LoginAuth functionality of Milesight VPN v2.0.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Milesightvpn
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36188 CRITICAL POC PATCH Act Now

An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Python Langchain
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-30319 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2023-34192 CRITICAL POC KEV THREAT Act Now

Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
9.0
EPSS
77.3%
CVE-2023-30321 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-30320 CRITICAL POC Act Now

Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE XSS Chatengine
NVD GitHub
CVSS 3.1
9.0
EPSS
0.9%
CVE-2023-24583 HIGH POC This Week

Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2023-24582 HIGH POC This Week

Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2023-24520 HIGH POC This Week

Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-24519 HIGH POC This Week

Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-24018 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Ur32L Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-22653 HIGH POC This Week

An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
8.8
EPSS
5.8%
CVE-2023-22299 HIGH POC This Week

An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
8.8
EPSS
3.6%
CVE-2023-35937 HIGH POC This Week

Metersphere is an open source continuous testing platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Metersphere
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-24019 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow Ur32L Firmware
NVD
CVSS 3.1
8.1
EPSS
1.0%
CVE-2023-23546 HIGH POC This Week

A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Ur32L Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-22371 HIGH POC This Week

An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Command Injection Milesightvpn
NVD
CVSS 3.1
8.1
EPSS
3.4%
CVE-2023-36830 HIGH POC PATCH This Week

SQLFluff is a SQL linter. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Python Sqlfluff
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-24256 HIGH POC This Week

An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Aspen
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-23907 HIGH POC This Week

A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Milesightvpn
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-23571 HIGH POC This Week

An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ur32L Firmware
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-36189 HIGH POC PATCH This Week

SQL injection vulnerability in langchain before v0.0.247 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Langchain
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-25583 HIGH POC This Week

Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
3.5%
CVE-2023-25582 HIGH POC This Week

Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
3.5%
CVE-2023-25124 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25123 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25122 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25121 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25120 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25119 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25118 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25117 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25116 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25115 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25114 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25113 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25112 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25111 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25110 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25109 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25108 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25107 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25106 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25105 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25104 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-25103 HIGH POC This Week

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow RCE Ur32L Firmware
NVD
CVSS 3.1
7.2
EPSS
1.5%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy