Skip to main content
CVE-2023-37270 HIGH POC PATCH This Week

Piwigo is open source photo gallery software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Piwigo
NVD GitHub
CVSS 3.1
8.8
EPSS
4.5%
CVE-2023-33664 HIGH POC This Week

ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Declinaisons A La Volee
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-25201 HIGH POC This Week

Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Conduit Ap Mtcap2 L4E1 868 042A Firmware Conduit Ap Mtcap2 L4E1 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-32183 HIGH POC This Week

Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tumbleweed
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3534 HIGH POC This Week

A vulnerability was found in SourceCodester Shopping Website 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Shopping Website
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-37192 HIGH POC This Week

Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bitcoin Core
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36992 HIGH POC This Week

PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Travianz
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-37262 HIGH PATCH This Week

CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Cc Tweaked
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-37261 HIGH PATCH This Week

OpenComputers is a Minecraft mod that adds programmable computers and robots to the game.2.0 until 1.8.3 in their most common, default configurations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Microsoft Opencomputers
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-35120 HIGH This Week

PiiGAB M-Bus is vulnerable to cross-site request forgery. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF M Bus 900S Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-36201 HIGH This Week

An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Jerryscript
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy