Skip to main content
CVE-2023-32781 HIGH POC THREAT Act Now

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Prtg Network Monitor
NVD GitHub
CVSS 3.1
7.2
EPSS
12.3%
CVE-2023-39004 CRITICAL POC Act Now

Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Opnsense
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37068 CRITICAL POC Act Now

Code-Projects Gym Management System V1.0 allows remote attackers to execute arbitrary SQL commands via the login form, leading to unauthorized access and potential data manipulation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Gym Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-39008 CRITICAL POC PATCH Act Now

A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Opnsense
NVD GitHub
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-39001 CRITICAL POC PATCH Act Now

A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Command Injection Opnsense
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2023-39007 CRITICAL POC PATCH Act Now

/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Opnsense
NVD GitHub
CVSS 3.1
9.6
EPSS
2.3%
CVE-2023-33468 CRITICAL POC Act Now

KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 exhibit a vulnerability that enables remote manipulation of the device. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Via Go2 Firmware Via Connect2 Firmware
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-33241 CRITICAL POC Act Now

Crypto wallets implementing the GG18 or GG20 TSS protocol might allow an attacker to extract a full ECDSA private key by injecting a malicious pallier key and cheating in the range proof. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Gg18 Gg20
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-4239 HIGH POC This Week

The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress Real Estate Manager
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-38348 HIGH POC This Week

A CSRF issue was discovered in LWsystems Benno MailArchiv 2.10.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Benno Mailarchiv
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-2905 HIGH POC PATCH This Week

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, Cesanta Mongoose, an embeddable web server, version 7.10 is susceptible to a. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Mongoose
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-33242 HIGH POC This Week

Crypto wallets implementing the Lindell17 TSS protocol might allow an attacker to extract the full ECDSA private key by exfiltrating a single bit in every signature attempt (256 in total) because of. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Lindell17
NVD GitHub
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-33469 HIGH POC This Week

In instances where the screen is visible and remote mouse connection is enabled, KramerAV VIA Connect (2) and VIA Go (2) devices with a version prior to 4.0.1.1326 can be exploited to achieve local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Via Go2 Firmware Via Connect2 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39003 HIGH POC This Week

OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opnsense
NVD VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39005 HIGH POC This Week

Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Opnsense
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36673 HIGH POC This Week

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Phantom Vpn
NVD
CVSS 3.1
7.3
EPSS
0.6%
CVE-2023-38997 HIGH POC PATCH This Week

A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Opnsense
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-4273 MEDIUM POC PATCH This Month

A flaw was found in the exFAT driver of the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available.

Stack Overflow Buffer Overflow Linux Linux Kernel Fedora +6
NVD
CVSS 3.1
6.7
EPSS
0.7%
CVE-2023-38999 MEDIUM POC PATCH This Month

A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service CSRF Opnsense
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-36671 MEDIUM POC This Month

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Apple Vpn
NVD
CVSS 3.1
6.3
EPSS
0.3%
CVE-2023-38347 MEDIUM POC This Month

An issue was discovered in LWsystems Benno MailArchiv 2.10.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Benno Mailarchiv
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39002 MEDIUM POC PATCH This Month

A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP XSS Opnsense
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-39000 MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Opnsense
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38998 MEDIUM POC PATCH This Month

An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Opnsense
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-3632 CRITICAL Act Now

Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Kunduz
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-39969 CRITICAL PATCH Act Now

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Uthenticode
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-34545 CRITICAL Act Now

A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Cszcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-26310 CRITICAL Act Now

There is a command injection problem in the old version of the mobile phone backup app. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Coloros
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36672 MEDIUM POC This Month

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Apple Vpn
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2023-35838 MEDIUM POC This Month

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microsoft Wireguard
NVD
CVSS 3.1
5.7
EPSS
0.8%
CVE-2023-39006 MEDIUM POC PATCH This Month

The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Opnsense
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-33934 CRITICAL Act Now

Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.2.1. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Request Smuggling Traffic Server
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2023-4243 HIGH This Week

The FULL - Customer plugin for WordPress is vulnerable to Arbitrary File Upload via the /install-plugin REST route in versions up to, and including, 2.2.3 due to improper authorization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress File Upload Full Customer
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-31452 HIGH This Week

A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with the permissions of a victim user,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Prtg Network Monitor
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-37861 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an authenticated remote attacker can execute code with root permissions with a specially crafted HTTP POST when uploading a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-23574 HIGH This Week

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the alerts_count component, allows an authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cmc Guardian
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2023-22378 HIGH This Week

A blind SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in the sorting parameter, allows an authenticated attacker to execute arbitrary SQL. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Cmc Guardian
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2023-37862 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-38212 HIGH PATCH This Week

Adobe Dimension version 3.4.9 is affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Buffer Overflow Adobe Heap Overflow Dimension
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-38211 HIGH PATCH This Week

Adobe Dimension version 3.4.9 is affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Adobe RCE Memory Corruption +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-40012 HIGH PATCH This Week

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Uthenticode
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-33953 HIGH PATCH This Week

gRPC contains a vulnerability that allows hpack table accounting errors could lead to unwanted disconnects between clients and servers in exceptional cases/ Three vectors were found that allow the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Grpc
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38207 HIGH PATCH This Week

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Code Injection Commerce
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-37860 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote unauthenticated attacker can obtain the r/w community string of the SNMPv2 daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39910 HIGH This Week

The cryptocurrency wallet entropy seeding mechanism used in Libbitcoin Explorer 3.0.0 through 3.6.0 is weak, aka the Milk Sad issue. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Libbitcoin Explorer
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-3518 HIGH PATCH This Week

HashiCorp Consul and Consul Enterprise 1.16.0 when using JWT Auth for service mesh incorrectly allows/denies access regardless of service identities. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp HashiCorp Consul
NVD
CVSS 3.1
7.3
EPSS
0.4%
CVE-2023-22843 HIGH This Week

An authenticated attacker with administrative access to the web management interface can inject malicious JavaScript code inside the definition of a Threat Intelligence rule, that will be stored and. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Cmc Guardian
NVD
CVSS 4.0
7.3
EPSS
0.3%
CVE-2023-32782 HIGH This Week

A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions could abuse the debug option to write new. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Prtg Network Monitor
NVD
CVSS 3.1
7.2
EPSS
52.1%
CVE-2023-38208 HIGH PATCH This Week

Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Adobe Command Injection Commerce
NVD
CVSS 3.1
7.2
EPSS
2.3%
CVE-2023-37864 HIGH This Week

In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with SNMPv2 write privileges may use an a special SNMP request to gain full access to the device. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Wp 6070 Wvps Firmware Wp 6101 Wxps Firmware Wp 6121 Wxps Firmware Wp 6156 Whps Firmware +2
NVD
CVSS 3.1
7.2
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy