Skip to main content
CVE-2023-38646 CRITICAL POC THREAT Emergency

Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Metabase
NVD GitHub
CVSS 3.1
9.8
EPSS
97.9%
CVE-2023-3811 CRITICAL POC Act Now

A vulnerability was found in Hospital Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3810 CRITICAL POC Act Now

A vulnerability was found in Hospital Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3809 CRITICAL POC Act Now

A vulnerability was found in Hospital Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3806 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP House Rental And Property Listing Php
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-3805 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Management System up to 20230712.class of the component Login. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Video Surveillance Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38632 CRITICAL POC Act Now

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Asynchronous Sockets For C
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-3804 CRITICAL POC Act Now

A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3802 CRITICAL POC Act Now

A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37917 HIGH POC PATCH This Week

KubePi is an opensource kubernetes management panel. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Kubernetes Kubepi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-3808 HIGH POC This Week

A vulnerability was found in Hospital Management System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hospital Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-3807 HIGH POC This Week

A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-3813 HIGH POC This Week

The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 4.6.6. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Jupiter X Core
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-37918 HIGH POC PATCH This Week

Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Dapr
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-37916 HIGH POC PATCH This Week

KubePi is an opensource kubernetes management panel. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Information Disclosure Kubepi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-37915 HIGH POC This Week

OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opendds
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2021-35391 HIGH POC This Week

Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF Deskpro
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-3820 HIGH POC PATCH This Week

SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Pimcore
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-3819 MEDIUM POC PATCH This Month

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Pimcore
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-3822 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3815 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Ruoyi
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37903 CRITICAL Act Now

vm2 is an open source vm/sandbox for Node.js. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE Command Injection Vm2
NVD GitHub
CVSS 3.1
10.0
EPSS
2.8%
CVE-2023-26301 CRITICAL Act Now

Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure HP Authentication Bypass Color Laserjet Pro 4201 4203 4Ra87F Firmware Color Laserjet Pro 4201 4203 4Ra88F Firmware +17
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-35087 CRITICAL Act Now

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Rt Ac86U Firmware Rt Ax56U V2 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37292 CRITICAL Act Now

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Isherlock
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37291 CRITICAL Act Now

Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Vitals Enterprise Social Platform
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-3801 CRITICAL Act Now

A vulnerability was found in IBOS OA 4.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-3821 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-25837 HIGH This Week

There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which, when. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
8.4
EPSS
1.0%
CVE-2023-25835 HIGH This Week

There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allow a remote, authenticated attacker with high‑privileged access to. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
8.4
EPSS
0.9%
CVE-2023-3776 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-3611 HIGH PATCH This Week

An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Linux Privilege Escalation Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3610 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3609 HIGH PATCH This Week

A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Privilege Escalation Linux Memory Corruption Linux Kernel +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-28730 HIGH This Week

A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Control Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28729 HIGH This Week

A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Control Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-28728 HIGH This Week

A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow RCE Control Fpwin Pro
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3803 LOW POC Monitor

A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Flash Flood Disaster Monitoring And Warning System
NVD GitHub VulDB
CVSS 3.1
3.7
EPSS
0.5%
CVE-2023-35077 HIGH This Week

An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Ivanti Microsoft Endpoint Manager
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-36339 HIGH This Week

An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Webboss Io Cms
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-35086 HIGH This Week

It is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Rt Ac86U Firmware Rt Ax56U V2 Firmware
NVD
CVSS 3.1
7.2
EPSS
38.9%
CVE-2023-3603 MEDIUM This Month

A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libssh
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38187 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-3484 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-37905 MEDIUM PATCH This Month

ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Wordcount Plugin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-25841 MEDIUM PATCH This Month

There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Arcgis Server
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37742 MEDIUM This Month

WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webboss Io Cms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-32624 MEDIUM This Month

Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ts Webfonts For Sakura
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37901 MEDIUM PATCH This Month

Indico is an open source a general-purpose, web based event management tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Indico
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-25836 MEDIUM This Month

There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote, authenticated attacker to create a crafted link which when clicked. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Portal For Arcgis
NVD
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy