Skip to main content
CVE-2023-24489 CRITICAL POC KEV THREAT Act Now

A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sharefile Storage Zones Controller
NVD
CVSS 3.1
9.8
EPSS
95.1%
CVE-2023-37712 CRITICAL POC Act Now

Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda F1202 Firmware Ac1206 Firmware +1
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37711 CRITICAL POC Act Now

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware Ac1206 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37710 CRITICAL POC Act Now

Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac10 Firmware Ac1206 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37707 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37706 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37705 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromAddressNat function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37704 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37703 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37702 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37701 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37700 CRITICAL POC Act Now

Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Fh1203 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-3578 CRITICAL POC Act Now

A vulnerability classified as critical was found in DedeCMS 5.7.109. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-3077 CRITICAL POC Act Now

The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Mstore Api
NVD WPScan
CVSS 3.1
9.8
EPSS
5.5%
CVE-2023-3076 CRITICAL POC Act Now

The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Mstore Api
NVD WPScan
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-37152 CRITICAL POC Act Now

Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Online Art Gallery
NVD GitHub Exploit-DB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-3608 HIGH POC THREAT This Week

A vulnerability was found in Ruijie BCR810W 2.5.10. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Bcr810W Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
12.3%
CVE-2023-3606 HIGH POC This Week

A vulnerability was found in TamronOS up to 20230703. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tamronos
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
7.1%
CVE-2023-3579 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Hadsky
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-23897 HIGH POC This Week

Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Simple Mobile Url Redirect
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-1597 HIGH POC This Week

The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress CSRF Cloud Library
NVD WPScan
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3607 HIGH POC This Week

A vulnerability was found in kodbox 1.26. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Kodbox
NVD GitHub VulDB
CVSS 3.1
8.0
EPSS
6.4%
CVE-2023-34432 HIGH POC This Week

A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow RCE Information Disclosure +4
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-0359 HIGH POC This Week

A missing nullptr-check in handle_ra_input can cause a nullptr-deref. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-2493 HIGH POC This Week

The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi All In One Redirection
NVD WPScan
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-1208 HIGH POC This Week

This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress Http Headers
NVD WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-3574 MEDIUM POC PATCH This Month

Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Customer Management Framework
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3566 MEDIUM POC This Month

A vulnerability was found in wallabag 2.5.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wallabag
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-24488 MEDIUM POC THREAT This Month

Cross site scripting vulnerability in Citrix ADC and Citrix Gateway in allows and attacker to perform cross site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Citrix Gateway Application Delivery Controller
NVD
CVSS 3.1
6.1
EPSS
80.9%
CVE-2023-36939 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Hostel Management System
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-36936 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Security Guards Hiring System
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3118 MEDIUM POC This Month

The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Export All Urls
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37153 MEDIUM POC This Month

KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kodexplorer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-1780 MEDIUM POC This Month

The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Companion Sitemap Generator
NVD WPScan
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-1119 MEDIUM POC This Month

The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin before 2.4.1 use a third-party library that removes the escaping on some HTML characters, leading to a cross-site. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Srbtranslatin Wp Optimize
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-2852 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Selfpatron
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3045 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-2046 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Vehicle Tracking System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-30765 CRITICAL PATCH Act Now

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-34347 CRITICAL PATCH Act Now

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

RCE Deserialization Infrasuite Device Master
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-3599 CRITICAL Act Now

A vulnerability was found in SourceCodester Best Fee Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation PHP Best Fee Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37286 CRITICAL Act Now

SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Authentication Bypass Smartbpm Net
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37277 CRITICAL PATCH Act Now

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

RCE Mozilla Apple CSRF Xwiki
NVD GitHub
CVSS 3.1
9.6
EPSS
0.7%
CVE-2023-36375 MEDIUM POC This Month

Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address,. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Hostel Management System
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-3565 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository nilsteampassnet/teampass prior to 3.0.10. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Teampass
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-2964 MEDIUM POC This Month

The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Simple Iframe
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-2529 MEDIUM POC This Month

The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Enable Svg Uploads
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3219 MEDIUM POC This Month

The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Eventon
NVD WPScan Exploit-DB
CVSS 3.1
5.3
EPSS
7.4%
CVE-2023-2796 MEDIUM POC THREAT This Month

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Eventon
NVD WPScan Exploit-DB
CVSS 3.1
5.3
EPSS
42.7%
CVE-2023-3605 CRITICAL Act Now

A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Online Shopping Portal
NVD VulDB
CVSS 3.1
9.1
EPSS
0.7%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy