Skip to main content
CVE-2023-2268 HIGH POC This Week

Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Plane
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2507 MEDIUM POC PATCH This Month

CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Clevertap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-3681 MEDIUM POC This Month

A vulnerability classified as problematic was found in Campcodes Retro Cellphone Online Store 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Retro Cellphone Online Store
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3682 CRITICAL Act Now

A vulnerability, which was classified as critical, was found in Nesote Inout Blockchain EasyPayments 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Inout Blockchain Easypayments
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-3680 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Lost And Found Information System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-3679 CRITICAL Act Now

A vulnerability was found in SourceCodester Lost and Found Information System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Lost And Found Information System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-3678 CRITICAL Act Now

A vulnerability was found in SourceCodester AC Repair and Services System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Ac Repair And Services System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35802 CRITICAL Act Now

IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Iq Engine
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38350 MEDIUM POC This Month

PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pnp4Nagios
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38349 HIGH This Week

PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pnp4Nagios
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-30791 MEDIUM POC This Month

Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Plane
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy