Skip to main content
CVE-2023-38495 CRITICAL POC PATCH Act Now

Crossplane is a framework for building cloud native control planes without needing to write code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Crossplane
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3975 CRITICAL POC PATCH Act Now

OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Drawio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-38505 HIGH POC PATCH This Week

DietPi-Dashboard is a web dashboard for the operating system DietPi. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dietpi Dashboard
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-36580 MEDIUM POC This Month

Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Icewarp Server Mail Server
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2023-36942 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Fire Reporting System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36941 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Online Fire Reporting System
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-37979 MEDIUM POC This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ninja Forms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
6.0%
CVE-2023-38490 CRITICAL PATCH Act Now

Kirby is a content management system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

SSRF XXE Kirby
NVD GitHub
CVSS 3.1
10.0
EPSS
1.5%
CVE-2023-3956 CRITICAL PATCH Act Now

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Instawp Connect
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-33745 CRITICAL Act Now

TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Roomcast Ta 2400 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33744 CRITICAL Act Now

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Roomcast Ta 2400 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33743 CRITICAL Act Now

TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Roomcast Ta 2400 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-3974 CRITICAL PATCH Act Now

OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Command Injection Drawio
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-3970 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Availability Booking Calendar Php
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3969 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Availability Booking Calendar Php
NVD VulDB
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-3981 MEDIUM POC PATCH This Month

Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Omeka
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-3982 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Omeka
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3980 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Omeka
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-38488 HIGH PATCH This Week

Kirby is a content management system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Code Injection Kirby
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38611 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38600 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-38595 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-32393 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38597 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +1
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-38594 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +3
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-37450 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +4
NVD
CVSS 3.1
8.8
EPSS
18.9%
CVE-2023-28012 HIGH This Week

HCL BigFix Mobile is vulnerable to a command injection attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Bigfix Mobile
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32364 HIGH This Week

A logic issue was addressed with improved restrictions. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
8.6
EPSS
0.8%
CVE-2023-32437 HIGH This Week

The issue was addressed with improvements to the file handling protocol. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os
NVD
CVSS 3.1
8.6
EPSS
0.2%
CVE-2023-38510 HIGH PATCH This Week

Tolgee is an open-source localization platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Tolgee
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-32443 HIGH This Week

An out-of-bounds read was addressed with improved input validation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Apple macOS
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-32450 HIGH This Week

Dell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Power Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38580 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38565 HIGH This Week

A path handling issue was addressed with improved validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38424 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-38261 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38136 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os Watchos
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-35993 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32734 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32441 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32418 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-38410 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36854 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Apple macOS
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32433 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-32381 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Ipados +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2020-22623 HIGH This Week

Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jreport
NVD VulDB
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-33742 HIGH This Week

TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Roomcast Ta 2400 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-38504 HIGH PATCH This Week

Sails is a realtime MVC Framework for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Denial Of Service Sails
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38492 HIGH PATCH This Week

Kirby is a content management system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kirby
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-38603 HIGH This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy