Skip to main content
CVE-2023-37173 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37172 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37171 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37170 CRITICAL POC Act Now

TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection A3300R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-36994 CRITICAL POC Act Now

In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Travianz
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-36993 CRITICAL POC Act Now

The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Travianz
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-27845 CRITICAL POC Act Now

SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Omnichannel Stocks
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37149 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37148 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37146 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37145 CRITICAL POC Act Now

TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Lr350 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-37144 CRITICAL POC Act Now

Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-37270 HIGH POC PATCH This Week

Piwigo is open source photo gallery software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Piwigo
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2023-33664 HIGH POC This Week

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Declinaisons A La Volee
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-25201 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Conduit Ap Mtcap2 L4E1 868 042A Firmware Conduit Ap Mtcap2 L4E1 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-32183 HIGH POC This Week

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tumbleweed
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3534 HIGH POC This Week

A vulnerability was found in SourceCodester Shopping Website 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37192 HIGH POC This Week

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitcoin Core
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36992 HIGH POC This Week

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Travianz
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-36256 MEDIUM POC This Month

The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Online Examination System
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-34995 CRITICAL Act Now

There are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Brute Force M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34433 CRITICAL Act Now

PiiGAB M-Bus stores passwords using a weak hash algorithm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M Bus 900S Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-29998 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS G3W Suite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3532 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to 0.70.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Outline
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37269 MEDIUM POC PATCH This Month

Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Winter
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.7%
CVE-2023-37262 HIGH PATCH This Week

CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Cc Tweaked
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-37261 HIGH PATCH This Week

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game.2.0 until 1.8.3 in their most common, default configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Opencomputers
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-35120 HIGH This Week

PiiGAB M-Bus is vulnerable to cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF M Bus 900S Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-37264 MEDIUM POC This Month

Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Tekton Pipelines
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-36201 HIGH This Week

An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-35765 MEDIUM This Month

PiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure M Bus 900S Firmware
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3544 MEDIUM This Month

A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Time Slot Booking Calendar Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3543 MEDIUM This Month

A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Availability Booking Calendar Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3542 MEDIUM This Month

A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Thinu Cms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3541 MEDIUM This Month

A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Thinu Cms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3540 MEDIUM This Month

A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Newsletter Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3539 MEDIUM This Month

A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7.php of the component URL Parameter Handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Simple Forum Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3537 MEDIUM This Month

A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS News Script Php Pro
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3536 MEDIUM This Month

A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Funeral Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3535 MEDIUM This Month

A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Faq Script Php
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32652 MEDIUM This Month

PiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS M Bus 900S Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-35890 MEDIUM This Month

IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Application Server
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-20133 MEDIUM This Month

A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Webex Meetings
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3538 MEDIUM This Month

A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Photo Gallery Php
NVD VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37308 MEDIUM This Month

Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoho Manageengine Adaudit Plus
NVD
CVSS 3.1
5.4
EPSS
1.9%
CVE-2023-34197 MEDIUM This Month

Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Zoho Authentication Bypass Manageengine Servicedesk Plus Manageengine Servicedesk Plus Msp +1
NVD
CVSS 3.1
5.4
EPSS
3.5%
CVE-2023-33008 MEDIUM PATCH This Month

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Denial Of Service Deserialization Johnzon
NVD
CVSS 3.1
5.3
EPSS
1.5%
CVE-2023-37067 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37066 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-37065 MEDIUM PATCH This Month

Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Chamilo
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy