Skip to main content
CVE-2023-38836 HIGH POC THREAT Act Now

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.0%.

File Upload RCE Boidcms
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
73.0%
Threat
5.5
CVE-2023-38035 CRITICAL POC KEV THREAT Emergency

A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Apache Ivanti Authentication Bypass Mobileiron Sentry
NVD
CVSS 3.1
9.8
EPSS
99.9%
CVE-2023-39660 CRITICAL POC PATCH Act Now

An issue in Gaberiele Venturi pandasai v.0.8.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the prompt function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Pandasai
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-38961 CRITICAL POC Act Now

Buffer Overflwo vulnerability in JerryScript Project jerryscript v.3.0.0 allows a remote attacker to execute arbitrary code via the scanner_is_context_needed component in js-scanner-until.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Jerryscript
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-4450 CRITICAL POC THREAT Act Now

A vulnerability was found in jeecgboot JimuReport up to 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jimureport
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
11.4%
CVE-2023-39751 CRITICAL POC Act Now

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow TP-Link Tl Wr941Nd V6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.8%
CVE-2023-39750 CRITICAL POC THREAT Act Now

D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the f_ipv6_enable parameter at /bsc_ipv6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dap 2660 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.8%
CVE-2023-39749 CRITICAL POC Act Now

D-Link DAP-2660 v1.13 was discovered to contain a buffer overflow via the component /adv_resource. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Dap 2660 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-39747 CRITICAL POC Act Now

TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow TP-Link Tl Wr940N V2 Firmware Tl Wr941Nd V5 Firmware Tl Wr841N V8 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
7.8%
CVE-2023-39618 CRITICAL POC Act Now

TOTOLINK X5000R B20210419 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection X5000r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-39617 CRITICAL POC Act Now

TOTOLINK X5000R_V9.1.0cu.2089_B20211224 and X5000R_V9.1.0cu.2350_B20230313 were discovered to contain a remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection X5000r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-4446 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in OpenRapid RapidCMS 1.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rapidcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-39106 HIGH POC This Week

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Nacos Spring Project
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-4449 HIGH POC This Week

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inventory Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39786 HIGH POC This Week

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39785 HIGH POC This Week

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39784 HIGH POC This Week

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3604 HIGH POC This Week

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress All In One Login
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38976 HIGH POC PATCH This Week

An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Weaviate
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-39748 HIGH POC This Week

An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr1041N V2 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39745 HIGH POC This Week

TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940N V2 Firmware Tl Wr941Nd V5 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4455 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Wallabag
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-3954 MEDIUM POC This Month

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3936 MEDIUM POC This Month

The Blog2Social WordPress plugin before 7.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Blog2Social
NVD WPScan
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-39809 CRITICAL Act Now

N.V.K.INTER CO., LTD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection PHP Intelligent Broadband Subscriber Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2020-28715 CRITICAL Act Now

An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service RCE Letv X43 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-39808 CRITICAL Act Now

N.V.K.INTER CO., LTD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Intelligent Broadband Subscriber Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-39807 CRITICAL Act Now

N.V.K.INTER CO., LTD. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Intelligent Broadband Subscriber Gateway
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4373 CRITICAL Act Now

Inadequate validation of permissions when employing remote tools and macros within Devolutions Remote Desktop Manager versions 2023.2.19 and earlier permits a user to initiate a connection without. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Remote Desktop Manager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32002 CRITICAL Act Now

The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Authentication Bypass Node Js
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-31447 CRITICAL Act Now

user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Vigor2620 Firmware Vigor2625 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-4448 CRITICAL PATCH Act Now

A vulnerability was found in OpenRapid RapidCMS 1.3.1 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure PHP Rapidcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4447 CRITICAL Act Now

A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Rapidcms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4445 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in Mini-Tmall up to 20230811. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Mini Tmall
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4444 CRITICAL Act Now

A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Free Hospital Management System For Small Practices
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4443 CRITICAL Act Now

A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0/5.0.12. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Free Hospital Management System For Small Practices
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4442 CRITICAL Act Now

A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Free Hospital Management System For Small Practices
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4441 CRITICAL Act Now

A vulnerability was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Free Hospital Management System For Small Practices
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4454 MEDIUM POC PATCH This Month

Cross-Site Request Forgery (CSRF) in GitHub repository wallabag/wallabag prior to 2.6.3. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

CSRF Wallabag
NVD GitHub
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-39094 MEDIUM POC This Month

Cross Site Scripting vulnerability in ZeroWdd studentmanager v.1.0 allows a remote attacker to execute arbitrary code via the username parameter in the student list function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Studentmanager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4453 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Pimcore
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-39939 CRITICAL Act Now

SQL injection vulnerability in LuxCal Web Calendar prior to 5.2.3M (MySQL version) and LuxCal Web Calendar prior to 5.2.3L (SQLite version) allows a remote unauthenticated attacker to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Luxcal Web Calendar
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-25915 HIGH This Week

Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ak Sm 800A Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-25914 HIGH This Week

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ak Sm 800A Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-36787 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-3667 MEDIUM POC This Month

The Bit Assist WordPress plugin before 1.1.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Bit Assist
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3366 MEDIUM POC This Month

The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Multiparcels Shipping For Woocommerce
NVD WPScan
CVSS 3.1
4.3
EPSS
0.2%
CVE-2023-38899 HIGH This Week

SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SQLi O Blog
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25913 HIGH This Week

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ak Sm 800A Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40735 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo - Connecting for a Safer World BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Butterfly Button
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy