Skip to main content
CVE-2023-39650 CRITICAL POC Act Now

Theme Volty CMS Blog up to version v4.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /tvcmsblog/single. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Theme Volty Cms Blog
NVD
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-41109 CRITICAL POC THREAT Act Now

SmartNode SN200 (aka SN200) 3.21.2-23021 allows unauthenticated OS Command Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Smartnode Sn200 Firmware
NVD
CVSS 3.1
9.8
EPSS
64.1%
CVE-2023-39560 CRITICAL POC Act Now

ECTouch v2 was discovered to contain a SQL injection vulnerability via the $arr['id'] parameter at \default\helpers\insert.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ectouch
NVD GitHub
CVSS 3.1
9.8
EPSS
4.1%
CVE-2023-40846 CRITICAL POC Act Now

Tenda AC6 US_AC6V1.0BR_V15.03.05.16_multi_TD01.bin is vulnerable to Buffer Overflow via function sub_90998. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ac6 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40749 CRITICAL POC Act Now

PHPJabbers Food Delivery Script v3.0 is vulnerable to SQL Injection in the "column" parameter of index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Food Delivery Script
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-40748 CRITICAL POC Act Now

PHPJabbers Food Delivery Script 3.0 has a SQL injection (SQLi) vulnerability in the "q" parameter of index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Food Delivery Script
NVD
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-40857 HIGH POC This Week

Buffer Overflow vulnerability in VirusTotal yara v.4.3.2 allows a remote attacker to execute arbtirary code via the yr_execute_cod function in the exe.c component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Yara
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-39059 HIGH POC This Week

An issue in ansible semaphore v.2.8.90 allows a remote attacker to execute arbitrary code via a crafted payload to the extra variables parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Ansible Semaphore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-41005 HIGH POC This Week

An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Pagekit
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40590 HIGH POC PATCH This Week

GitPython is a python library used to interact with Git repositories. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure Microsoft Gitpython
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40998 HIGH POC This Week

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via the packet size component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ric Message Router
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2023-40997 HIGH POC This Week

Buffer Overflow vulnerability in O-RAN Software Community ric-plt-lib-rmr v.4.9.0 allows a remote attacker to cause a denial of service via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Ric Message Router
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-40827 HIGH POC PATCH This Week

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the loadpluginPath parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Pf4J
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-40826 HIGH POC This Week

An issue in pf4j pf4j v.3.9.0 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the zippluginPath parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Path Traversal Pf4J
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-40825 HIGH POC This Week

An issue in Perfree PerfreeBlog v.3.1.2 allows a remote attacker to execute arbitrary code via crafted plugin listed in admin/plugin/access/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Perfreeblog
NVD GitHub
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-34725 MEDIUM POC This Month

An issue was discovered in TechView LA-5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via a telnet connection. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure La5570 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.5%
CVE-2023-34724 MEDIUM POC This Month

An issue was discovered in TECHView LA5570 Wireless Gateway 1.0.19_T53, allows physical attackers to gain escalated privileges via the UART interface. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass La5570 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-4560 MEDIUM POC PATCH This Month

Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Omeka S
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-39709 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-39062 MEDIUM POC PATCH This Month

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Html2pdf
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-39708 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-40755 MEDIUM POC This Month

There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Callback Widget
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-40752 MEDIUM POC This Month

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Make An Offer Widget
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-40751 MEDIUM POC This Month

PHPJabbers Fundraising Script v1.0 is vulnerable to Cross Site Scripting (XSS) via the "action" parameter of index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Fundraising Script
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-40750 MEDIUM POC This Month

There is a Cross Site Scripting (XSS) vulnerability in the "action" parameter of index.php in PHPJabbers Yacht Listing Script v1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Yacht Listing Script
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-39652 CRITICAL PATCH Act Now

theme volty tvcmsvideotab up to v4.0.0 was discovered to contain a SQL injection vulnerability via the component TvcmsVideoTabConfirmDeleteModuleFrontController::run(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Theme Volty Video Tab
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-40767 CRITICAL Act Now

User enumeration is found in in PHPJabbers Make an Offer Widget v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Make An Offer Widget
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40766 CRITICAL Act Now

User enumeration is found in in PHPJabbers Ticket Support Script v3.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ticket Support Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40765 CRITICAL Act Now

User enumeration is found in PHPJabbers Event Booking Calendar v4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Event Booking Calendar
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40764 CRITICAL Act Now

User enumeration is found in PHP Jabbers Car Rental Script v3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Car Rental Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40763 CRITICAL Act Now

User enumeration is found in PHPJabbers Taxi Booking Script v2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Taxi Booking Script
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40762 CRITICAL Act Now

User enumeration is found in PHPJabbers Fundraising Script v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Fundraising Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40761 CRITICAL Act Now

User enumeration is found in PHPJabbers Yacht Listing Script v2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yacht Listing Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40760 CRITICAL Act Now

User enumeration is found in PHP Jabbers Hotel Booking System v4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Hotel Booking System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40759 CRITICAL Act Now

User enumeration is found in PHP Jabbers Restaurant Booking Script v3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Restaurant Booking Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40758 CRITICAL Act Now

User enumeration is found in PHPJabbers Document Creator v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Document Creator
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40757 CRITICAL Act Now

User enumeration is found in PHPJabbers Food Delivery Script v3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Food Delivery Script
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40756 CRITICAL Act Now

User enumeration is found in PHPJabbers Callback Widget v1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Callback Widget
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-38029 CRITICAL Act Now

Saho’s attendance devices ADM100 and ADM-100FP has insufficient filtering for special characters and file type within their file uploading function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Adm 100 Firmware Adm 100Fp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38027 CRITICAL Act Now

SpotCam Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Sense Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-38026 CRITICAL Act Now

SpotCam Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fhd 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-38025 CRITICAL Act Now

SpotCam Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Fhd 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-38024 CRITICAL Act Now

SpotCam Co., Ltd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fhd 2 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-26270 CRITICAL PATCH Act Now

IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow a remote attacker to execute arbitrary code on the system, caused by an angular template injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS IBM Guardium Cloud Key Manager
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39562 MEDIUM POC This Month

GPAC v2.3-DEV-rev449-g5948e4f70-master was discovered to contain a heap-use-after-free via the gf_bs_align function at bitstream.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-38969 MEDIUM POC This Month

Cross Site Scripting vulnerabiltiy in Badaso v.2.9.7 allows a remote attacker to execute arbitrary code via a crafted payload to the title parameter in the new book and edit book function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Badaso
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-40753 MEDIUM POC This Month

There is a Cross Site Scripting (XSS) vulnerability in the message parameter of index.php in PHPJabbers Ticket Support Script v3.2. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP XSS Ticket Support Script
NVD
CVSS 3.1
5.4
EPSS
1.1%
CVE-2023-38028 CRITICAL Act Now

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Adm 100 Firmware Adm 100Fp Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-39578 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create function of Zenario CMS v9.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Menu. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zenario
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-1997 HIGH This Week

An OS Command Injection vulnerability exists in SIMULIA 3DOrchestrate from Release 3DEXPERIENCE R2021x through Release 3DEXPERIENCE R2023x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection 3Dexperience
NVD
CVSS 3.1
8.8
EPSS
1.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy