Skip to main content
CVE-2023-38890 HIGH POC This Week

Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass SQLi Online Shopping Portal
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-4415 HIGH POC THREAT This Week

A vulnerability was found in Ruijie RG-EW1200G 07161417 r483. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Rg Ew1200G Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
56.1%
CVE-2023-4409 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Nbs Happysoftwechat
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-38839 HIGH POC This Week

SQL injection vulnerability in Kidus Minimati v.1.0.0 allows a remote attacker to obtain sensitive information via theID parameter in the fulldelete.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Minimati
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-39125 HIGH POC This Week

NTSC-CRT 2.2.1 has an integer overflow and out-of-bounds write in loadBMP in bmp_rw.c because a file's width, height, and BPP are not validated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Ntsc Crt
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40172 HIGH PATCH This Week

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Social Media Skeleton
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40072 HIGH This Week

OS command injection vulnerability in ELECOM wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wab S600 Ps Firmware Wab S300 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-39944 HIGH This Week

OS command injection vulnerability in WRC-F1167ACF all versions, and WRC-1750GHBK all versions allows an attacker who can access the product to execute an arbitrary OS command by sending a specially. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wrc F1167Acf Firmware Wrc 1750Ghbk Firmware
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-39455 HIGH This Week

OS command injection vulnerability in ELECOM wireless LAN routers allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wrc 600Ghbk A Firmware Wrc 1467Ghbk A Firmware Wrc 1900Ghbk A Firmware Wrc 733Febk2 A Firmware +3
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-39445 HIGH This Week

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an unauthenticated attacker to execute arbitrary code by sending a specially crafted file to. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Wrc 1467Ghbk A Firmware Wrc 1467Ghbk S Firmware Wrc 1900Ghbk A Firmware +4
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-38132 HIGH This Week

LAN-W451NGR all versions provided by LOGITEC CORPORATION contains an improper access control vulnerability, which allows an unauthenticated attacker to log in to telnet service. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Lan W451Ngr Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-38576 HIGH This Week

Hidden functionality vulnerability in LAN-WH300N/RE all versions provided by LOGITEC CORPORATION allows an authenticated user to execute arbitrary OS commands on a certain management console. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Lan Wh300N Re Firmware
NVD
CVSS 3.1
8.0
EPSS
0.4%
CVE-2023-40173 HIGH PATCH This Week

Social media skeleton is an uncompleted/framework social media project implemented using a php, css ,javascript and html. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Social Media Skeleton
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-20212 HIGH This Week

A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Secure Endpoint Secure Endpoint Private Cloud
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-39415 HIGH This Week

Improper authentication vulnerability in Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Proself
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39669 HIGH This Week

D-Link DIR-880 A1_FW107WWb08 was discovered to contain a NULL pointer dereference in the function FUN_00010824. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference D-Link Dir 880L A1 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-39416 HIGH This Week

Proself Enterprise/Standard Edition Ver5.61 and earlier, Proself Gateway Edition Ver1.62 and earlier, and Proself Mail Sanitize Edition Ver1.07 and earlier allow a remote authenticated attacker with. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Proself
NVD
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy