Skip to main content
CVE-2023-4739 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Byzoro Smart S85F Management Platform up to 20230820. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S85F Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-4742 HIGH POC This Week

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4741 HIGH POC This Week

A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4740 HIGH POC This Week

A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ibos
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4751 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim macOS
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-3703 CRITICAL Act Now

Proscend Advice ICR Series routers FW version 1.76 - CWE-1392: Use of Default Credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure M357 5G Firmware M357 Ai Firmware M350 5G Firmware M350 W5G Firmware +16
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-37220 CRITICAL Act Now

Synel Terminals - CWE-494: Download of Code Without Integrity Check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Synergy A Firmware Synergy Touch Firmware Synergy 10 Firmware Synergy 5 Firmware +17
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-4743 MEDIUM POC This Month

A vulnerability was found in Dreamer CMS up to 4.1.3. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Dreamer Cms
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-39372 HIGH This Week

StarTrinity Softswitch version 2023-02-16 - Multiple CSRF (CWE-352). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Softswitch
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-39374 HIGH This Week

ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Secureconnector
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39373 MEDIUM This Month

A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hyundai 2017 Firmware
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-39371 MEDIUM This Month

StarTrinity Softswitch version 2023-02-16 - Open Redirect (CWE-601). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Softswitch
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-39369 MEDIUM This Month

StarTrinity Softswitch version 2023-02-16 - Multiple Reflected XSS (CWE-79). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Softswitch
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-37221 MEDIUM This Month

7Twenty BOT - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bot
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41180 MEDIUM This Month

Incorrect certificate validation in InvokeHTTP on Apache NiFi MiNiFi C++ versions 0.13 to 0.14 allows an intermediary to present a forged certificate during TLS handshake negotation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Apache Information Disclosure Nifi Minifi C
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-39370 MEDIUM This Month

StarTrinity Softswitch version 2023-02-16 - Persistent XSS (CWE-79). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Softswitch
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-38516 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Audio Player With Playlist Ultimate
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-37222 MEDIUM This Month

Farsight Tech Nordic AB ProVide version 14.5 - Multiple XSS vulnerabilities (CWE-79) can be exploited by a user with administrator privilege. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Provide Server
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38521 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Exifography
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38518 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Borderless
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38517 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrc Pricing Tables
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38482 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Post Affiliate Pro
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38476 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Client Portal
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-38387 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic XSS Elastic Email Sender
NVD
CVSS 3.1
4.8
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy