Skip to main content
CVE-2023-42277 CRITICAL POC Act Now

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hutool
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42276 CRITICAL POC Act Now

hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hutool
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42268 CRITICAL POC Act Now

Jeecg boot up to v3.5.3 was discovered to contain a SQL injection vulnerability via the component /jeecg-boot/jmreport/show. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-41615 CRITICAL POC Act Now

Zoo Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the Admin sign-in page via the username and password fields. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zoo Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-37759 CRITICAL POC Act Now

Incorrect access control in the User Registration page of Crypto Currency Tracker (CCT) before v9.5 allows unauthenticated attackers to register as an Admin account via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Crypto Currency Tracker
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
3.6%
CVE-2023-40271 HIGH POC This Week

In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Trusted Firmware M
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-4844 HIGH POC This Week

A vulnerability was found in SourceCodester Simple Membership System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Membership System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42278 HIGH POC PATCH This Week

hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Hutool
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41578 HIGH POC This Week

Jeecg boot up to v3.5.3 was discovered to contain an arbitrary file read vulnerability via the interface /testConnection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Jeecg Boot
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-40924 HIGH POC This Week

SolarView Compact < 6.00 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Solarview Compact Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
2.9%
CVE-2023-41594 HIGH POC This Week

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dairy Farm Shop Management System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39620 HIGH POC This Week

An Issue in Buffalo America, Inc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Terastation Nas 5410R Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-45811 MEDIUM POC This Month

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Osticket
NVD VulDB
CVSS 3.1
6.5
EPSS
2.8%
CVE-2023-39676 MEDIUM POC This Month

FieldPopupNewsletter Prestashop Module v1.0.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the callback parameter at ajax.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Fieldpopupnewsletter
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-27715 CRITICAL Act Now

An issue was discovered in MoFi Network MOFI4500-4GXeLTE-V2 3.5.6-xnet-5052 allows attackers to bypass the authentication and execute arbitrary code via crafted HTTP request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Mofi4500 4Gxelte V2 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-39320 CRITICAL PATCH Act Now

The go.mod toolchain directive, introduced in Go 1.21, can be leveraged to execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Go
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-41575 MEDIUM POC This Month

Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blood Bank Donor Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40953 HIGH This Week

icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Icms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-38736 HIGH This Week

IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Qradar Wincollect
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-4782 HIGH PATCH This Week

Terraform version 1.0.8 through 1.5.6 allows arbitrary file write during the `init` operation if run on maliciously crafted Terraform configuration. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Hashicorp Terraform
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-4807 HIGH PATCH This Week

Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

OpenSSL Denial Of Service Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.9%
CVE-2023-30995 HIGH PATCH This Week

IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass IBM Aspera Faspex
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39322 HIGH PATCH This Week

QUIC connections do not set an upper bound on the amount of data buffered when reading post-handshake messages, allowing a malicious QUIC connection to cause unbounded memory growth. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Go
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39321 HIGH PATCH This Week

Processing an incomplete post-handshake message for a QUIC connection can cause a panic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Go
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39584 HIGH PATCH This Week

Hexo up to v7.0.0 (RC2) was discovered to contain an arbitrary file read vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Hexo
NVD GitHub
CVSS 3.1
7.5
EPSS
32.4%
CVE-2023-37377 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-37368 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung Exynos 9810 Firmware Exynos 9610 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-36184 HIGH PATCH This Week

CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Aptos Move Sui
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-41564 MEDIUM This Month

An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE File Upload Cockpit
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-40306 MEDIUM This Month

SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SAP Open Redirect S 4Hana
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-39712 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in Free and Open Source Inventory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Free And Open Source Inventory Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-39319 MEDIUM PATCH This Month

The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Go
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-39318 MEDIUM PATCH This Month

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Go
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-41775 MEDIUM This Month

Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Authentication Bypass Direct
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-32470 MEDIUM PATCH This Month

Dell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Dell Microsoft Digital Delivery
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41318 MEDIUM PATCH This Month

matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Matrix Media Repo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-32332 MEDIUM This Month

IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Maximo Application Suite Maximo Asset Management
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-24965 MEDIUM PATCH This Month

IBM Aspera Faspex 5.0.5 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure IBM Aspera Faspex
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41338 MEDIUM PATCH This Month

Fiber is an Express inspired web framework built in the go language. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Fiber
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-28010 MEDIUM This Month

In some configuration scenarios, the Domino server host name can be exposed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Domino
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-34041 MEDIUM This Month

Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cf Deployment Routing Release
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-37367 MEDIUM This Month

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Exynos 9820 Firmware Exynos 980 Firmware Exynos 850 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-4843 MEDIUM This Month

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Pega Platform
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2023-39076 MEDIUM This Month

Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mylink Infotainment System
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-4777 MEDIUM This Month

An incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Information Disclosure Container Scanning Connector
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-40353 LOW Monitor

An issue was discovered in Exynos Mobile Processor 980 and 2100. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Exynos 980 Firmware Exynos 2100 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy