Skip to main content
CVE-2023-38836 HIGH POC THREAT Act Now

File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 73.0%.

File Upload RCE Boidcms
NVD GitHub Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
73.0%
Threat
5.5
CVE-2023-39106 HIGH POC This Week

An issue in Nacos Group Nacos Spring Project v.1.1.1 and before allows a remote attacker to execute arbitrary code via the SnakeYamls Constructor() component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Java RCE Deserialization Nacos Spring Project
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-4449 HIGH POC This Week

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Inventory Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39786 HIGH POC This Week

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sscanf function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39785 HIGH POC This Week

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the set_qosMib_list function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39784 HIGH POC This Week

Tenda AC8V4 V16.03.34.06 was discovered to contain a stack overflow via the list parameter in the save_virtualser_data function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac8 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-3604 HIGH POC This Week

The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress All In One Login
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38976 HIGH POC PATCH This Week

An issue in weaviate v.1.20.0 allows a remote attacker to cause a denial of service via the handleUnbatchedGraphQLRequest function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Weaviate
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-39748 HIGH POC This Week

An issue in the component /userRpm/NetworkCfgRpm of TP-Link TL-WR1041N V2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service TP-Link Tl Wr1041N V2 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39745 HIGH POC This Week

TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service TP-Link Tl Wr940N V2 Firmware Tl Wr941Nd V5 Firmware +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-25915 HIGH This Week

Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ak Sm 800A Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-25914 HIGH This Week

Due to improper restriction, authenticated attackers could retrieve and read system files of the underlying server through the XML interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Ak Sm 800A Firmware
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-36787 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-38899 HIGH This Week

SQL injection vulnerability in berkaygediz O_Blog v.1.0 allows a local attacker to escalate privileges via the secure_file_priv component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

SQLi O Blog
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-25913 HIGH This Week

Because of an authentication flaw an attacker would be capable of generating a web report that discloses sensitive information such as internal IP addresses, usernames, store names and other. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ak Sm 800A Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40735 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cavo - Connecting for a Safer World BUTTERFLY BUTTON (Architecture flaw) allows loss of plausible deniability and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Butterfly Button
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40352 HIGH This Week

McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Safe Connect
NVD
CVSS 3.1
7.2
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy