Skip to main content
CVE-2023-4543 CRITICAL POC Act Now

A vulnerability was found in IBOS OA 4.5.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4542 CRITICAL POC THREAT Act Now

A vulnerability was found in D-Link DAR-8000-10 up to 20230809. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP D-Link Command Injection Dar 8000 10 Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
86.5%
CVE-2023-40799 CRITICAL POC Act Now

Tenda AC23 Vv16.03.07.45_cn is vulnerable to Buffer Overflow via sub_450A4C function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac23 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-39699 CRITICAL POC Act Now

IceWarp Mail Server v10.4.5 was discovered to contain a local file inclusion (LFI) vulnerability via the component /calendar/minimizer/index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Mail Server
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-40798 HIGH POC This Week

In Tenda AC23 v16.03.07.45_cn, the formSetIPv6status and formGetWanParameter functions do not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac23 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-40797 HIGH POC This Week

In Tenda AC23 v16.03.07.45_cn, the sub_4781A4 function does not validate the parameters entered by the user, resulting in a post-authentication stack overflow vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac23 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-40801 HIGH POC This Week

The sub_451784 function does not validate the parameters entered by the user, resulting in a stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac23
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-40800 HIGH POC This Week

The compare_parentcontrol_time function does not authenticate user input parameters, resulting in a post-authentication stack overflow vulnerability in Tenda AC23 v16.03.07.45_cn. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac23 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-40031 HIGH POC This Week

Notepad++ is a free and open-source source code editor. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Notepad
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-24621 HIGH POC This Week

An issue was discovered in Esoteric YamlBeans through 1.15. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Deserialization Yamlbeans
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34723 HIGH POC This Week

An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows attackers to gain sensitive information via /config/system.conf. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure La5570 Firmware
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
2.5%
CVE-2023-36199 HIGH POC This Week

An issue in skalenetwork sgxwallet v.1.9.0 and below allows an attacker to cause a denial of service via the trustedGenerateEcdsaKey component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Sgxwallet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-36198 HIGH POC This Week

Buffer Overflow vulnerability in skalenetwork sgxwallet v.1.9.0 allows an attacker to cause a denial of service via the trustedBlsSignMessage function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Sgxwallet
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40915 HIGH POC This Week

Tenda AX3 v16.03.12.11 has a stack buffer overflow vulnerability detected at function form_fast_setting_wifi_set. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Tenda Ax3 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-2906 MEDIUM POC This Month

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Wireshark
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-40802 MEDIUM POC This Month

The get_parentControl_list_Info function does not verify the parameters entered by the user, causing a post-authentication heap overflow vulnerability in Tenda AC23 v16.03.07.45_cn. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac23 Firmware
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-39600 MEDIUM POC This Month

IceWarp 11.4.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Icewarp
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-4534 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in NeoMind Fusion Platform up to 20230731. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Fusion Platform
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39700 MEDIUM POC This Month

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the color parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mail Server
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-40571 CRITICAL Act Now

weblogic-framework is a tool for detecting weblogic vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Oracle Deserialization Weblogic Framework
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-32757 CRITICAL Act Now

e-Excellence U-Office Force file uploading function does not restrict upload of file with dangerous type. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Microsoft U Office Force
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40166 MEDIUM POC This Month

Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Notepad
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-40164 MEDIUM POC This Month

Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Notepad
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-40036 MEDIUM POC This Month

Notepad++ is a free and open-source source code editor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Notepad
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-24620 MEDIUM POC This Month

An issue was discovered in Esoteric YamlBeans through 1.15. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java XXE Yamlbeans
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-39742 MEDIUM POC This Month

giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Giflib
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-39707 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-38974 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Edit Category function of Badaso v2.9.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Badaso
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37249 HIGH This Week

Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Nios
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-25649 HIGH This Week

There is a command injection vulnerability in a mobile internet product of ZTE. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Zte Command Injection Mf286R Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-4478 HIGH This Week

Mattermost fails to restrict which parameters' values it takes from the request during signup allowing an attacker to register users as inactive, thus blocking them from later accessing Mattermost. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Information Disclosure Mattermost Server
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2023-40796 HIGH This Week

Phicomm k2 v22.6.529.216 was discovered to contain a command injection vulnerability via the function luci.sys.call. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Command Injection K2 Firmware
NVD GitHub
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-41121 HIGH PATCH This Week

Array AG OS before 9.4.0.499 allows denial of service: remote attackers can cause system service processes to crash through abnormal HTTP operations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Arrayos Ag
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39289 HIGH This Week

A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2208.101 could allow an unauthenticated attacker to conduct an account enumeration attack due to improper. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mivoice Connect
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-40586 HIGH PATCH This Week

OWASP Coraza WAF is a golang modsecurity compatible web application firewall library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Coraza
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40585 HIGH PATCH This Week

ironic-image is a container image to run OpenStack Ironic as part of Metal³. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Authentication Bypass Ironic Image
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40583 HIGH PATCH This Week

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Libp2P
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-32756 HIGH This Week

e-Excellence U-Office Force has a path traversal vulnerability within its file uploading and downloading functions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft U Office Force
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-41173 HIGH This Week

AdGuard DNS before 2.2 allows remote attackers to cause a denial of service via malformed UDP packets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adguard Dns
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-40599 HIGH This Week

Regular expression Denial-of-Service (ReDoS) exists in multiple add-ons for Mailform Pro CGI 4.3.1.3 and earlier, which allows a remote unauthenticated attacker to cause a denial-of-service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mailform Pro Cgi
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38712 MEDIUM This Month

An issue was discovered in Libreswan 3.x and 4.x before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Microsoft Libreswan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38711 MEDIUM This Month

An issue was discovered in Libreswan before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Libreswan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38710 MEDIUM This Month

An issue was discovered in Libreswan before 4.12. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Libreswan
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-32678 MEDIUM This Month

Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Zulip Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-40580 MEDIUM PATCH This Month

Freighter is a Stellar chrome extension. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Google Freighter
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-40579 MEDIUM PATCH This Month

OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Openfga
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-38201 MEDIUM PATCH This Month

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Keylime Enterprise Linux Enterprise Linux Eus Enterprise Linux For Ibm Z Systems +5
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-3406 MEDIUM This Month

Path Traversal issue in M-Files Classic Web versions below 23.6.12695.3 and LTS Service Release Versions before 23.2 LTS SR3 allows authenticated user to read some restricted files on the web server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Classic Web
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41080 MEDIUM PATCH This Month

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Tomcat Apache Open Redirect Debian Linux
NVD
CVSS 3.1
6.1
EPSS
6.0%
CVE-2023-41250 MEDIUM This Month

In JetBrains TeamCity before 2023.05.3 reflected XSS was possible during user registration. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Teamcity
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy