Skip to main content
CVE-2023-41009 CRITICAL POC Act Now

File Upload vulnerability in adlered bolo-solo v.2.6 allows a remote attacker to execute arbitrary code via a crafted script to the authorization field in the header. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE Bolo Solo
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-41507 CRITICAL POC Act Now

Super Store Finder v3.6 was discovered to contain multiple SQL injection vulnerabilities in the store locator component via the products, distance, lat, and lng parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Super Store Finder
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-41508 CRITICAL POC Act Now

A hard coded password in Super Store Finder v3.6 allows attackers to access the administration panel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Super Store Finder
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39361 CRITICAL POC THREAT Act Now

Cacti is an open source operational monitoring and fault management framework. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Cacti Fedora
NVD GitHub
CVSS 3.1
9.8
EPSS
87.7%
CVE-2023-39654 CRITICAL POC Act Now

abupy up to v0.4.0 was discovered to contain a SQL injection vulnerability via the component abupy.MarketBu.ABuSymbol.search_to_symbol_dict. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Abupy
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39681 CRITICAL POC Act Now

Cuppa CMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the email_outgoing parameter at /Configuration.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Cuppacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-31242 CRITICAL POC Act Now

An authentication bypass vulnerability exists in the OAS Engine functionality of Open Automation Software OAS Platform v18.00.0072. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
9.8
EPSS
3.4%
CVE-2023-41012 CRITICAL POC Act Now

An issue in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the authentication mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Session Fixation Intelligent Home Gateway Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-39358 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP SQLi Cacti +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-39357 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE SQLi Cacti Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-39359 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation RCE PHP SQLi Cacti +1
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-40918 HIGH POC This Week

KnowStreaming 3.3.0 is vulnerable to Escalation of Privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Knowstreaming
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-41108 HIGH POC This Week

TEF portal 2023-07-17 is vulnerable to authenticated remote code execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Tef Portal
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-4781 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Debian Linux macOS
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-31132 HIGH POC This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft PHP Authentication Bypass Cacti
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-34353 HIGH POC This Week

An authentication bypass vulnerability exists in the OAS Engine authentication functionality of Open Automation Software OAS Platform v18.00.0072. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Oas Platform
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-4748 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Yongyou UFIDA-NC up to 20230807.java. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Ufida Nc
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39362 HIGH POC THREAT This Week

Cacti is an open source operational monitoring and fault management framework. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Command Injection Cacti Fedora
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
82.2%
CVE-2023-34317 MEDIUM POC This Month

An improper input validation vulnerability exists in the OAS Engine User Creation functionality of Open Automation Software OAS Platform v18.00.0072. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-32271 MEDIUM POC This Month

An information disclosure vulnerability exists in the OAS Engine configuration management functionality of Open Automation Software OAS Platform v18.00.0072. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Oas Platform
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-39365 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cacti Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
0.9%
CVE-2023-39360 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting (XSS) Vulnerability allows an authenticated user to poison. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-39598 MEDIUM POC This Month

Cross Site Scripting vulnerability in IceWarp Corporation WebClient v.10.2.1 allows a remote attacker to execute arbitrary code via a crafted payload to the mid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Webclient
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-36361 CRITICAL Act Now

Audimexee v14.1.7 was discovered to contain a SQL injection vulnerability via the p_table_name parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Audimexee
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-3374 CRITICAL Act Now

Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4034 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digita Information Technology Smartrise Document Management System allows SQL Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Smartrise Document Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-35072 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Coyav Travel Proagent allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4531 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mestav Software E-commerce Software allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi E Commerce Software
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-3616 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mava Software Hotel Management System allows SQL Injection.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-35068 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in BMA Personnel Tracking System allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-35065 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Osoft Paint Production Management allows SQL Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4178 CRITICAL Act Now

Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows Authentication Bypass.1.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Smart Vms
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2023-4310 CRITICAL Act Now

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Privileged Remote Access Remote Support
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-40743 CRITICAL PATCH Act Now

** UNSUPPORTED WHEN ASSIGNED ** When integrating Apache Axis 1.x in an application, it may not have been obvious that looking up a service through "ServiceFactory.getService" allows potentially. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Java Apache SSRF Axis
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-41910 CRITICAL PATCH Act Now

An issue was discovered in lldpd before 1.0.17. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Information Disclosure Lldpd
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-28581 CRITICAL Act Now

Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK KDE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Fastconnect 6800 Firmware Fastconnect 6900 Firmware Fastconnect 7800 Firmware Qca6391 Firmware +21
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-28562 CRITICAL Act Now

Memory corruption while handling payloads from remote ESL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Aqt1000 Firmware Fastconnect 6200 Firmware Fastconnect 6800 Firmware Qca6391 Firmware +62
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-28543 CRITICAL Act Now

A malformed DLC can trigger Memory Corruption in SNPE library due to out of bounds read, such as by loading an untrusted model (e.g. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Sd855 Firmware Sd845 Firmware Qcs605 Firmware +1
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-4778 MEDIUM POC PATCH This Month

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-36307 MEDIUM POC This Month

ZPLGFA 1.1.1 allows attackers to cause a panic (because of an integer index out of range during a ConvertToGraphicField call) via an image of zero width. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zplgfa
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-36308 MEDIUM POC This Month

disintegration Imaging 1.6.2 allows attackers to cause a panic (because of an integer index out of range during a Grayscale call) via a crafted TIFF file to the scan function of scanner.go. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Imaging
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-39364 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Open Redirect Cacti Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-34637 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in IsarNet AG IsarFlow v5.23 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Isarflow
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-39514 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-39513 MEDIUM POC This Month

Cacti is an open source operational monitoring and fault management framework. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Cacti Fedora
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-41107 MEDIUM POC This Month

TEF portal 2023-07-17 is vulnerable to a persistent cross site scripting (XSS)attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Tef Portal
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-35892 CRITICAL Act Now

IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE IBM Financial Transaction Manager
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-4636 MEDIUM POC PATCH This Month

The WordPress File Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. Public exploit code available.

WordPress XSS Wordpress File Sharing Plugin
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
3.3%
CVE-2023-4763 HIGH This Week

Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +1
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-4762 HIGH KEV PATCH THREAT This Week

Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Memory Corruption RCE Google Chrome Debian Linux +2
NVD
CVSS 3.1
8.8
EPSS
38.0%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy