Skip to main content
CVE-2023-37677 CRITICAL POC Act Now

Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Pligg Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-37460 CRITICAL POC PATCH Act Now

Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Plexus Archiver
NVD GitHub
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-37258 CRITICAL POC Act Now

DataEase is an open source data visualization analysis tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dataease
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-35078 CRITICAL POC KEV THREAT Act Now

An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Ivanti Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
100.0%
CVE-2023-37907 HIGH POC PATCH This Week

Cryptomator is data encryption software for users who store their files in the cloud. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Cryptomator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-35943 HIGH POC This Week

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34235 HIGH POC PATCH This Week

Strapi is an open-source headless content management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-3882 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3881 HIGH POC This Week

A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3880 HIGH POC This Week

A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3879 HIGH POC This Week

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3878 HIGH POC This Week

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3877 HIGH POC This Week

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3876 HIGH POC This Week

A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3875 HIGH POC This Week

A vulnerability has been found in Campcodes Beauty Salon Management System 0.1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3874 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Beauty Salon Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3873 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34093 HIGH POC PATCH This Week

Strapi is an open-source headless content management system. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
7.1
EPSS
0.6%
CVE-2023-35942 MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Envoy
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38501 MEDIUM POC PATCH This Month

copyparty is file server software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Copyparty
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
6.2%
CVE-2023-3890 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3888 MEDIUM POC This Month

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3887 MEDIUM POC This Month

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3886 MEDIUM POC This Month

A vulnerability was found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3885 MEDIUM POC This Month

A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3884 MEDIUM POC This Month

A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-3883 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in Campcodes Beauty Salon Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Beauty Salon Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-32232 CRITICAL Act Now

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Printerlogic Client
NVD
CVSS 3.1
9.9
EPSS
0.8%
CVE-2023-32231 CRITICAL Act Now

An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Printerlogic Client
NVD
CVSS 3.1
9.9
EPSS
1.0%
CVE-2023-35066 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.20230701. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3046 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.1953. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-37920 CRITICAL PATCH Act Now

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Certifi Fedora Active Iq Unified Manager Management Services For Element Software +4
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-34798 CRITICAL Act Now

An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload E Office
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35982 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-35981 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-35980 CRITICAL Act Now

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Aruba Arubaos Instantos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-35941 CRITICAL Act Now

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37895 CRITICAL PATCH Act Now

Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache RCE Deserialization Jackrabbit
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-3548 CRITICAL Act Now

An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Iq Wifi 6 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-35088 CRITICAL PATCH Act Now

Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.4.0 through 1.7.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache SQLi Inlong
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-32637 CRITICAL Act Now

GBrowse accepts files with any formats uploaded and places them in the area accessible through unauthenticated web requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Gbrowse
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-39128 MEDIUM POC This Month

GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Gdb
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-37257 MEDIUM POC This Month

DataEase is an open source data visualization analysis tool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dataease
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-36806 MEDIUM POC PATCH This Month

Contao is an open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Contao
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-37902 MEDIUM POC PATCH This Month

Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-35944 MEDIUM POC This Month

Envoy is an open source edge and service proxy designed for cloud-native applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Envoy
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-3897 MEDIUM POC This Month

Username enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.31 and below. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Microsoft Suremdm
NVD Exploit-DB
CVSS 3.1
5.3
EPSS
1.8%
CVE-2023-2626 HIGH This Week

There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nest Hub Max Firmware Nest Hub Firmware Wifi Firmware Nest Wifi Point Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-39173 HIGH This Week

In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Teamcity
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-21406 HIGH This Week

Ariel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when communicating over OSDP. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Heap Overflow A1001 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy