Skip to main content
CVE-2023-39551 CRITICAL POC Act Now

PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Security Guards Hiring System
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38692 CRITICAL POC Act Now

CloudExplorer Lite is an open source, lightweight cloud management platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Cloudexplorer Lite
NVD GitHub
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-39143 CRITICAL POC THREAT Act Now

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Microsoft Papercut Mf Papercut Ng
NVD
CVSS 3.1
9.8
EPSS
78.7%
CVE-2023-29689 CRITICAL POC THREAT Act Now

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Pyrocms
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
41.1%
CVE-2023-39107 CRITICAL POC Act Now

An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Nomachine
NVD
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-39344 HIGH POC PATCH This Week

social-media-skeleton is an uncompleted social media project. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE SQLi Social Media Skeleton
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-38702 HIGH POC This Week

Knowage is an open source analytics and business intelligence suite. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Knowage
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-4159 HIGH POC PATCH This Week

Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload Omeka S
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38487 HIGH POC PATCH This Week

HedgeDoc is software for creating real-time collaborative markdown notes. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Hedgedoc
NVD GitHub
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-38494 HIGH POC PATCH This Week

MeterSphere is an open-source continuous testing platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Metersphere
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-30146 HIGH POC This Week

Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ht Ip211Hdp Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38698 MEDIUM POC PATCH MAL This Month

Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Integer Overflow Buffer Overflow Ethereum Name Service
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38695 MEDIUM POC PATCH This Month

cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Cypress Image Snapshot
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-39112 MEDIUM POC This Month

ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ecshop
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-36158 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Toll Tax Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-38964 MEDIUM POC This Month

Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Academy Lms
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-39346 CRITICAL PATCH Act Now

LinuxASMCallGraph is software for drawing the call graph of the programming code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

RCE File Upload Linuxasmcallgraph
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-33379 CRITICAL Act Now

Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Er2000T Vz Cat1 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33378 CRITICAL Act Now

Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Connected Io
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33377 CRITICAL Act Now

Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Connected Io
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-33376 CRITICAL Act Now

Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Connected Io
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33375 CRITICAL Act Now

Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Connected Io
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-33374 CRITICAL Act Now

Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Connected Io
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-33373 CRITICAL Act Now

Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Connected Io
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-33372 CRITICAL Act Now

Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Connected Io
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38690 CRITICAL PATCH Act Now

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Matrix Irc Bridge
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38689 CRITICAL PATCH Act Now

Logistics Pipes is a modification (a.k.a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java RCE Deserialization Logisticspipes
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37470 CRITICAL PATCH Act Now

Metabase is an open-source business intelligence and analytics platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Metabase
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-36480 CRITICAL PATCH Act Now

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Java RCE Deserialization Aerospike Java Client
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-38941 CRITICAL Act Now

django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Command Injection Django Sspanel
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-36139 CRITICAL Act Now

In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cleaning Business Software
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-36134 CRITICAL Act Now

In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Class Scheduling System
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-36133 CRITICAL Act Now

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Availability Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36132 CRITICAL Act Now

PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Availability Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36131 CRITICAL Act Now

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Availability Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-33665 CRITICAL PATCH Act Now

ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Ai Table
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4158 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Omeka S
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38991 MEDIUM POC This Month

An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jeesite
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-3373 CRITICAL Act Now

Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt21 Firmware Gs21 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-4142 HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

WordPress RCE Code Injection Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
8.0
EPSS
4.6%
CVE-2023-4141 HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

WordPress PHP RCE Code Injection Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
8.0
EPSS
4.6%
CVE-2023-4157 MEDIUM POC PATCH This Month

0.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Code Injection Omeka S
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-29505 HIGH This Week

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zoho Manageengine Network Configuration Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38708 HIGH PATCH This Week

Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Privilege Escalation Path Traversal Denial Of Service Authentication Bypass Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-4139 HIGH PATCH This Week

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure WordPress Wp Ultimate Csv Importer
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38688 HIGH PATCH This Week

twitch-tui provides Twitch chat in a terminal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Twitch Tui
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-37896 HIGH PATCH This Week

Nuclei is a vulnerability scanner. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Nuclei
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39379 HIGH This Week

Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Software Infrastructure Manager
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-36135 HIGH This Week

User enumeration is found in in PHPJabbers Class Scheduling System v1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Class Scheduling System
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-0525 HIGH This Week

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gt Designer3 Gt Softgot2000 Gt27 Firmware Gt25 Firmware +4
NVD
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy