Skip to main content
CVE-2023-4897 CRITICAL POC PATCH Act Now

Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Anythingllm
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40946 CRITICAL POC Act Now

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Schoolmate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-40945 CRITICAL POC Act Now

Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Doctor Appointment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40944 CRITICAL POC Act Now

Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\header.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Schoolmate
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-31069 CRITICAL POC Act Now

An issue was discovered in TSplus Remote Access through 16.0.2.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tsplus Remote Work
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-31068 CRITICAL POC Act Now

An issue was discovered in TSplus Remote Access through 16.0.2.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tsplus Remote Work
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.8%
CVE-2023-31067 CRITICAL POC Act Now

An issue was discovered in TSplus Remote Access through 16.0.2.14. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Tsplus Remote Access
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
2.9%
CVE-2023-30058 CRITICAL POC Act Now

novel-plus 3.6.2 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42471 CRITICAL POC Act Now

The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Google Wave
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-42470 CRITICAL POC Act Now

The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Google Life
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-39780 HIGH POC KEV THREAT This Week

On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rt Ax55 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
33.6%
CVE-2023-38829 HIGH POC This Week

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wf2409E Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-39070 HIGH POC This Week

An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Cppcheck
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39063 HIGH POC This Week

Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Raidenftpd
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-31468 HIGH POC This Week

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Visiwin 7
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
0.8%
CVE-2023-41879 HIGH POC PATCH This Week

Magento LTS is the official OpenMage LTS codebase. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Adobe Information Disclosure Magento
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-4278 HIGH POC This Week

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Masterstudy Lms
NVD WPScan Exploit-DB
CVSS 3.1
7.5
EPSS
3.5%
CVE-2023-4314 HIGH POC This Week

The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Wpdatatables
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-27470 HIGH POC This Week

BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\GetSupportService_N-Central\PushUpdates, leading. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Information Disclosure Take Control
NVD GitHub
CVSS 3.1
7.0
EPSS
0.5%
CVE-2023-38878 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Openstamanager
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-4294 MEDIUM POC This Month

The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection WordPress Url Shortify
NVD WPScan
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-4270 MEDIUM POC This Month

The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Min Max Control
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-3169 MEDIUM POC This Month

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tagdiv Composer
NVD WPScan
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-2705 MEDIUM POC This Month

The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gappointments
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41609 MEDIUM POC This Month

An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Couchcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-39069 CRITICAL Act Now

An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cortex Thehive
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-35681 CRITICAL Act Now

In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-40150 CRITICAL Act Now

Softneta MedDream PACS does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Meddream Pacs
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-36140 CRITICAL Act Now

In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cleaning Business Software
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-40039 CRITICAL Act Now

An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tg852G Firmware Tg862G Firmware Tg1672G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41000 MEDIUM POC This Month

GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-4104 MEDIUM POC PATCH This Month

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Mozilla Authentication Bypass Vpn
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42467 MEDIUM POC This Month

QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Qemu
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-3510 MEDIUM POC This Month

The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS CSRF Ftp Access
NVD WPScan
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-40786 MEDIUM POC This Month

HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hkcms
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-41256 CRITICAL Act Now

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Maglink Lx Web Console Configuration
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-35684 HIGH PATCH This Week

In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-35673 HIGH This Week

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Buffer Overflow Android
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-35658 HIGH PATCH This Week

In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Use After Free Privilege Escalation RCE Memory Corruption +1
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-4060 MEDIUM POC This Month

The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Adminify
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-4022 MEDIUM POC This Month

The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Herd Effects
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-3170 MEDIUM POC This Month

The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Tagdiv Composer
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-36497 HIGH This Week

Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 could allow a guest user to elevate to admin privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Maglink Lx Web Console Configuration
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3612 HIGH This Week

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Home
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-4585 HIGH This Week

Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4584 HIGH This Week

Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +2
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-4582 HIGH This Week

Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occurred when allocating too much private shader memory on mac OS. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Mozilla Apple Firefox Firefox Esr +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4816 HIGH This Week

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Asset Suite
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-35845 MEDIUM POC This Month

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Information Disclosure Anaconda3
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-4576 HIGH This Week

On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Mozilla Microsoft Information Disclosure +3
NVD
CVSS 3.1
8.6
EPSS
0.7%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy