Skip to main content
CVE-2023-39523 HIGH POC PATCH This Week

ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Docker Scancode Io
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-39550 HIGH POC This Week

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Jwnr2000V2 Firmware Xwn5001 Firmware Xavn2001V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38926 HIGH POC This Week

Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Ex6200 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38591 HIGH POC This Week

Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Dg834Gv5 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38412 HIGH POC This Week

Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear R6900P Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-36499 HIGH POC This Week

Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Netgear Xr300 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-2843 HIGH POC This Week

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39349 HIGH POC PATCH This Week

Sentry is an error tracking and performance monitoring platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Sentry
NVD GitHub
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-3365 HIGH POC This Week

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-39520 HIGH POC PATCH This Week

Cryptomator encrypts data being stored on cloud infrastructure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Cryptomator
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-3896 HIGH POC PATCH This Week

Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vim
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-4199 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inventory Management System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32783 HIGH POC This Week

The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Zoho Authentication Bypass Manageengine Adaudit Plus
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-36220 HIGH POC This Week

Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Textpattern
NVD
CVSS 3.1
7.2
EPSS
2.9%
CVE-2023-38925 HIGH This Week

Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Dc112A Firmware Ex6200 Firmware R6300V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
14.6%
CVE-2023-38922 HIGH This Week

Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Netgear Jwnr2000V2 Firmware Xwn5001 Firmware Xavn2001V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-38921 HIGH This Week

Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Netgear Command Injection Wg302V2 Firmware Wag302V2 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-39528 HIGH PATCH This Week

PrestaShop is an open source e-commerce web application. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Prestashop
NVD GitHub
CVSS 3.1
8.6
EPSS
0.6%
CVE-2023-4147 HIGH PATCH This Week

A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel +7
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-4012 HIGH This Week

ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Ntpsec
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-0426 HIGH PATCH This Week

ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Stack Overflow Buffer Overflow Abb Ac700F Firmware Freelance 2013 +2
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-0425 HIGH PATCH This Week

ABB is aware of vulnerabilities in the product versions listed below. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Abb Information Disclosure Ac700F Firmware Freelance 2013 Freelance 2016 +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-33913 HIGH This Week

In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges needed. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
7.2
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy