Skip to main content
CVE-2023-36845 CRITICAL POC KEV THREAT Emergency

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series allows an unauthenticated, network-based attacker to remotely execute code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper Code Injection PHP Junos
NVD
CVSS 3.1
9.8
EPSS
93.5%
CVE-2023-26469 CRITICAL POC THREAT Emergency

In Jorani 1.0.0, an attacker could leverage path traversal to access files and execute code on the server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jorani
NVD GitHub
CVSS 3.1
9.8
EPSS
81.9%
CVE-2023-40315 HIGH POC PATCH Act Now

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Horizon Meridian
NVD GitHub
CVSS 3.1
8.0
EPSS
2.5%
CVE-2023-2917 CRITICAL POC THREAT Act Now

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal RCE Rockwell Thinmanager Thinserver
NVD
CVSS 3.1
9.8
EPSS
67.8%
CVE-2023-2915 CRITICAL POC THREAT Act Now

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, Due to improper input validation, a path traversal vulnerability exists when the ThinManager. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Rockwell Thinmanager Thinserver
NVD
CVSS 3.1
9.1
EPSS
78.1%
CVE-2023-37914 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-38902 HIGH POC This Week

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rg Ew1200 Firmware Rg Ew1200G Pro Firmware Rg Ew1200R Firmware Rg Ew1300G Firmware +92
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-38838 HIGH POC This Week

SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Minimati
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-40171 HIGH POC PATCH This Week

Dispatch is an open source security incident management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dispatch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31946 HIGH POC This Week

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-31945 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31944 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31943 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31941 HIGH POC This Week

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-31940 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31939 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31938 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31492 MEDIUM POC This Month

Zoho ManageEngine ADManager Plus version 7182 and prior disclosed the default passwords for the account restoration of unauthorized domains to the authenticated users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Admanager Plus
NVD GitHub
CVSS 3.1
6.5
EPSS
5.3%
CVE-2023-39970 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in AcyMailing component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Acymailing Starter
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40252 CRITICAL Act Now

Improper Control of Generation of Code ('Code Injection') vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Replace Trusted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Genian Nac Genian Ztna
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-34215 CRITICAL PATCH Act Now

TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Authentication Bypass Tn 5900 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-34214 CRITICAL PATCH Act Now

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-34213 CRITICAL PATCH Act Now

TN-5900 Series firmware versions v3.3 and prior are vulnerable to command-injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Authentication Bypass Tn 5900 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-33239 CRITICAL PATCH Act Now

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-33238 CRITICAL PATCH Act Now

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command injection vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

Command Injection Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39741 MEDIUM POC This Month

lrzip v0.651 was discovered to contain a heap overflow via the libzpaq::PostProcessor::write(int) function at /libzpaq/libzpaq.cpp. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Long Range Zip
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38905 MEDIUM POC This Month

SQL injection vulnerability in Jeecg-boot v.3.5.0 and before allows a local attacker to cause a denial of service via the Benchmark, PG_Sleep, DBMS_Lock.Sleep, Waitfor, DECODE, and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service SQLi Jeecg Boot
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4395 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Cockpit
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-36844 MEDIUM POC KEV THREAT This Month

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Juniper PHP Information Disclosure Junos
NVD
CVSS 3.1
5.3
EPSS
89.6%
CVE-2023-39743 MEDIUM POC This Month

lrzip-next LZMA v23.01 was discovered to contain an access violation via the component /bz3_decode_block src/libbz3.c. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Lzma Software Development Kit
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-4392 MEDIUM POC This Month

A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Information Disclosure Control Id Gerencia Web
NVD VulDB
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-31942 MEDIUM POC This Month

Cross Site Scripting vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the description parameter in insert.php. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Online Travel Agency System
NVD GitHub
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-40313 HIGH PATCH This Week

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection Horizon Meridian
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3697 HIGH This Week

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2910 HIGH This Week

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Data Master
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-33237 HIGH PATCH This Week

TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Tn 5900 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3698 HIGH This Week

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-34217 HIGH PATCH This Week

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-34216 HIGH PATCH This Week

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38843 HIGH This Week

An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlos
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-4030 HIGH This Week

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Thinkpad T15 Gen 2 Firmware Thinkpad P14S Gen 2 Firmware Thinkpad P15S Gen 2 Firmware Thinkpad T14 Gen 2 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3078 HIGH This Week

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Universal Device Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36106 HIGH This Week

An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerjob
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-40165 HIGH PATCH This Week

rubygems.org is the Ruby community's primary gem (library) hosting service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Canonical Information Disclosure Rubygems Org
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2914 HIGH This Week

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Thinmanager Thinserver
NVD
CVSS 3.1
7.5
EPSS
27.0%
CVE-2023-40272 HIGH PATCH This Week

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Apache Spark
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-4029 MEDIUM This Month

A buffer overflow has been identified in the BoardUpdateAcpiDxe driver in some Lenovo ThinkPad products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo K14 Type 21Cu Firmware K14 Type 21Cv Firmware +24
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-4028 MEDIUM This Month

A buffer overflow has been identified in the SystemUserMasterHddPwdDxe driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo 13W Yoga Firmware 13W Yoga Gen 2 Firmware +27
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-34419 MEDIUM This Month

A buffer overflow has been identified in the SetupUtility driver in some Lenovo Notebook products which may allow an attacker with local access and elevated privileges to execute arbitrary code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Lenovo Legion 5 Pro 16Iah7H Firmware Legion 5 Pro 16Iah7 Firmware +28
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-29182 MEDIUM This Month

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Fortinet RCE Fortios
NVD
CVSS 3.1
6.7
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy