Skip to main content
CVE-2023-38203 CRITICAL POC KEV PATCH THREAT Act Now

Adobe ColdFusion contains a second deserialization vulnerability enabling unauthenticated RCE, disclosed shortly after CVE-2023-29300 and similarly exploited against government and enterprise targets.

NVD
CVSS 3.1
9.8
EPSS
94.2%
Threat
9.8
CVE-2023-3799 CRITICAL POC Act Now

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3798 CRITICAL POC Act Now

A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-31753 CRITICAL POC Act Now

SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Endonesia
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37165 CRITICAL POC Act Now

Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Millhouse Project
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-38408 CRITICAL POC PATCH THREAT Act Now

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSH RCE Openssh Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
76.8%
CVE-2023-3797 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Four Mountain Torrent Disaster Prevention Control Monitoring And Early Warning System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-37650 HIGH POC PATCH This Week

A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Cockpit
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31462 HIGH POC This Week

An issue was discovered in SteelSeries GG 36.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE Gg
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-34625 HIGH POC This Week

ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Mojobox Firmware
NVD
CVSS 3.1
8.1
EPSS
0.9%
CVE-2023-37649 HIGH POC PATCH This Week

Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cockpit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-37601 HIGH POC This Week

Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Office Suite
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-31461 HIGH POC This Week

Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Gg
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3792 MEDIUM POC This Month

A vulnerability was found in Beijing Netcon NS-ASG 6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-38334 MEDIUM POC This Month

Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Studio
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-37728 MEDIUM POC This Month

IceWarp v10.2.1 was discovered to contain cross-site scripting (XSS) vulnerability via the color parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Icewarp
NVD VulDB
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-38617 MEDIUM POC This Month

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Office Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37602 MEDIUM POC This Month

An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS Opencms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37600 MEDIUM POC This Month

Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Office Suite
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37164 MEDIUM POC This Month

Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Diafan Cms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3789 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Paulprinting
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3795 CRITICAL Act Now

A vulnerability classified as critical was found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Chaincity
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-3793 CRITICAL Act Now

A vulnerability was found in Weaver e-cology. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi E Cology
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-3791 CRITICAL Act Now

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-37471 CRITICAL PATCH Act Now

Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Openam
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37289 CRITICAL Act Now

It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Document On Line Submission And Approval System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3790 MEDIUM POC This Month

A vulnerability has been found in Boom CMS 8.0.7 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boom Cms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3788 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Active Super Shop
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3787 MEDIUM POC This Month

A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tiva Events Calendar
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-3785 MEDIUM POC This Month

A vulnerability was found in PaulPrinting CMS 2018. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Paulprinting
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3784 MEDIUM POC This Month

A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wifi File Explorer
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3783 MEDIUM POC This Month

A vulnerability was found in Webile 1.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webile Wifi Pc File Transfer
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37645 MEDIUM POC THREAT This Month

eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Eyoucms
NVD GitHub
CVSS 3.1
5.3
EPSS
23.8%
CVE-2023-38523 MEDIUM POC This Month

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Fgn1115 Wp Wh Firmware Fgn1122 Sa Firmware Fgn1122 Cd Firmware +30
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-38335 MEDIUM POC This Month

Omnis Studio 10.22.00 has incorrect access control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Studio
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2023-3796 HIGH This Week

A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload Foody Friend
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-30200 HIGH PATCH This Week

In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Ultimateimagetool
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34966 HIGH This Week

An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samba Fedora Enterprise Linux Debian Linux
NVD
CVSS 3.1
7.5
EPSS
62.0%
CVE-2023-37290 HIGH This Week

InfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Authentication Bypass Document On Line Submission And Approval System
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3786 MEDIUM This Month

A vulnerability classified as problematic has been found in Aures Komet up to 20230509. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Komet Firmware
NVD VulDB
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-3800 MEDIUM This Month

A vulnerability was found in EasyAdmin8 2.0.2.2. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

File Upload Easyadmin8
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
0.6%
CVE-2023-32265 MEDIUM This Month

A potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cobol Server Enterprise Developer Enterprise Server Enterprise Test Server +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-32481 MEDIUM This Month

Wyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Wyse Management Suite
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3794 MEDIUM This Month

A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Chaincity
NVD VulDB
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-3347 MEDIUM This Month

A vulnerability was found in Samba's SMB2 packet signing mechanism. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Jwt Attack Samba Storage Enterprise Linux +1
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-32476 MEDIUM This Month

Dell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Hybrid Client
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32455 MEDIUM This Month

Dell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Thinos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-32447 MEDIUM This Month

Dell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Thinos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-32446 MEDIUM This Month

Dell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Dell Wyse Thinos
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-3779 MEDIUM PATCH This Month

The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Essential Addons For Elementor Elementor
NVD
CVSS 3.1
5.3
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy