Skip to main content
CVE-2023-40315 HIGH POC PATCH Act Now

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLE_FILESYSTEM_EDITOR can easily escalate their privileges to ROLE_ADMIN or any other. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Horizon Meridian
NVD GitHub
CVSS 3.1
8.0
EPSS
2.5%
CVE-2023-37914 HIGH POC PATCH This Week

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Python Code Injection Xwiki
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-38902 HIGH POC This Week

A command injection vulnerability in RG-EW series home routers and repeaters v.EW_3.0(1)B11P219, RG-NBS and RG-S1930 series switches v.SWITCH_3.0(1)B11P219, RG-EG series business VPN routers. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rg Ew1200 Firmware Rg Ew1200G Pro Firmware Rg Ew1200R Firmware Rg Ew1300G Firmware +92
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-38838 HIGH POC This Week

SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via the edit.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Minimati
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-40171 HIGH POC PATCH This Week

Dispatch is an open source security incident management tool. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Dispatch
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-31946 HIGH POC This Week

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the artical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-31945 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the id parameter at daily_expenditure_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31944 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31943 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the ticket_id parameter at ticket_detail.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31941 HIGH POC This Week

File Upload vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via a crafted PHP file to the employee_insert.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-31940 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the page_id parameter at article_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31939 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the costomer_id parameter at customer_edit.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31938 HIGH POC This Week

SQL injection vulnerability found in Online Travel Agency System v.1.0 allows a remote attacker to execute arbitrary code via the emp_id parameter at employee_detail.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Online Travel Agency System
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-40313 HIGH PATCH This Week

A BeanShell interpreter in remote server mode runs in OpenMNS Horizon versions earlier than 32.0.2 and in related Meridian versions which could allow arbitrary remote Java code execution. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Java RCE Code Injection Horizon Meridian
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-3697 HIGH This Week

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and create files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-2910 HIGH This Week

Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Printer service functionality in ASUSTOR Data Master (ADM) allows remote unauthorized users to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Data Master
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-33237 HIGH PATCH This Week

TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Tn 5900 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3698 HIGH This Week

Printer service fails to adequately handle user input, allowing an remote unauthorized users to navigate beyond the intended directory structure and delete files. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Data Master
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-34217 HIGH PATCH This Week

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-34216 HIGH PATCH This Week

TN-4900 Series firmware versions v1.2.4 and prior and TN-5900 Series firmware versions v3.3 and prior are vulnerable to the command-injection vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tn 5900 Firmware Tn 4900 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-38843 HIGH This Week

An issue in Atlos v.1.0 allows an authenticated attacker to execute arbitrary code via a crafted payload into the description field in the incident function. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlos
NVD GitHub
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-4030 HIGH This Week

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Thinkpad T15 Gen 2 Firmware Thinkpad P14S Gen 2 Firmware Thinkpad P15S Gen 2 Firmware Thinkpad T14 Gen 2 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-3078 HIGH This Week

An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Information Disclosure Universal Device Client
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36106 HIGH This Week

An incorrect access control vulnerability in powerjob 4.3.2 and earlier allows remote attackers to obtain sensitive information via the interface for querying via appId parameter to /container/list. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Powerjob
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-40165 HIGH PATCH This Week

rubygems.org is the Ruby community's primary gem (library) hosting service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Canonical Information Disclosure Rubygems Org
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-2914 HIGH This Week

The Rockwell Automation Thinmanager Thinserver is impacted by an improper input validation vulnerability, an integer overflow condition exists in the affected products. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Denial Of Service Thinmanager Thinserver
NVD
CVSS 3.1
7.5
EPSS
27.0%
CVE-2023-40272 HIGH PATCH This Week

Apache Airflow Spark Provider, versions before 4.1.3, is affected by a vulnerability that allows an attacker to pass in malicious parameters when establishing a connection giving an opportunity to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apache Information Disclosure Apache Airflow Providers Apache Spark
NVD
CVSS 3.1
7.5
EPSS
1.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy