Skip to main content
CVE-2023-37771 CRITICAL POC Act Now

Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Art Gallery Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-34635 CRITICAL POC Act Now

Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Unibox Administration
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.1%
CVE-2023-35861 CRITICAL POC Act Now

A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection H12Dst B Firmware X13Dai T Firmware X13Ddw A Firmware X13Deg Oa Firmware +161
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-3983 HIGH POC THREAT This Week

An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Iview
NVD
CVSS 3.1
8.8
EPSS
15.1%
CVE-2023-33534 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Zlt S10G Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-3508 MEDIUM POC This Month

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Pre Orders
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3507 MEDIUM POC This Month

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Woocommerce Pre Orders
NVD WPScan
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3345 MEDIUM POC This Month

The LMS by Masteriyo WordPress plugin before 1.6.8 does not have proper authorization in one some of its REST API endpoints, making it possible for any students to retrieve email addresses of other. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Masteriyo
NVD WPScan
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-37580 MEDIUM POC KEV PATCH THREAT This Month

Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Zimbra Collaboration Suite
NVD
CVSS 3.1
6.1
EPSS
59.0%
CVE-2023-34917 MEDIUM POC This Month

Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-34916 MEDIUM POC This Month

Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-38309 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38308 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38306 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38305 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Webmin
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3292 MEDIUM POC This Month

The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Portfolio Gallery Product Catalog Grid Kit Portfolio
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3134 MEDIUM POC This Month

The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Forminator
NVD WPScan
CVSS 3.1
6.1
EPSS
3.5%
CVE-2023-0602 MEDIUM POC This Month

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Twittee Text Tweet
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-34842 CRITICAL Act Now

Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Dedecms
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-37647 CRITICAL Act Now

SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Semcms
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39122 CRITICAL Act Now

BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Control M
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-36092 CRITICAL Act Now

Authentication Bypass vulnerability in D-Link DIR-859 FW105b03 allows remote attackers to gain escalated privileges via via phpcgi_main. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 859 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-36091 CRITICAL Act Now

Authentication Bypass vulnerability in D-Link DIR-895 FW102b07 allows remote attackers to gain escalated privileges via via function phpcgi_main in cgibin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 895L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36090 CRITICAL Act Now

Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 885L Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-36089 CRITICAL Act Now

Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

D-Link Authentication Bypass Dir 645 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-34644 CRITICAL PATCH Act Now

Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Rg Ew1200R Firmware Rg Ew300 Firmware Rg Ew3200Gx Firmware +62
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-4006 CRITICAL PATCH Act Now

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Phpmyfaq
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4005 CRITICAL PATCH Act Now

Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Fossbilling
NVD GitHub
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-34872 MEDIUM POC PATCH This Month

A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Poppler
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2023-38311 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-38310 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-38307 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38304 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38303 MEDIUM POC This Month

An issue was discovered in Webmin 2.021. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-3130 MEDIUM POC This Month

The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Short Url
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-35019 HIGH This Week

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection IBM Security Verify Governance
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-4010 MEDIUM POC This Month

A flaw was found in the USB Host Controller Driver framework in the Linux kernel. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Linux Kernel Enterprise Linux
NVD GitHub
CVSS 3.1
4.6
EPSS
0.5%
CVE-2023-38989 MEDIUM POC This Month

An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jeesite
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-4004 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-3997 HIGH This Week

Splunk SOAR versions lower than 6.1.0 are indirectly affected by a potential vulnerability accessed through the user’s terminal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Splunk RCE Soar
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3825 HIGH This Week

PTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Kepserverex
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38750 HIGH This Week

In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zimbra
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-34359 HIGH This Week

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rt Ax88U Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34358 HIGH This Week

ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Rt Ax88U Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-24971 MEDIUM PATCH This Month

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java Denial Of Service Deserialization IBM B2B Advanced Communications +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-35016 MEDIUM This Month

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal IBM Security Verify Governance
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-35792 MEDIUM This Month

Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Intella Connect
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-35791 MEDIUM This Month

Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Intella Connect
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-34360 MEDIUM This Month

A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rt Ax88U Firmware
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-22595 MEDIUM PATCH This Month

IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM B2B Advanced Communications Multi Enterprise Integration Gateway
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy