Skip to main content
CVE-2023-42405 CRITICAL POC Act Now

SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Rackshift
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-39638 CRITICAL POC Act Now

D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 859 A1 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
3.0%
CVE-2023-38912 CRITICAL POC Act Now

SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP SQLi Php Script
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-37756 CRITICAL POC Act Now

I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Brute Force I Doit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-37755 CRITICAL POC Act Now

i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass I Doit
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-41011 CRITICAL POC Act Now

Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Intelligent Home Gateway Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-40868 HIGH POC This Week

Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE CSRF Moosocial
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-42180 HIGH POC This Week

An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Lenosp
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-36250 HIGH POC This Week

CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Gnome Time Tracker
NVD GitHub
CVSS 3.1
7.8
EPSS
0.6%
CVE-2023-38205 HIGH POC KEV THREAT This Week

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Coldfusion
NVD
CVSS 3.1
7.5
EPSS
99.7%
CVE-2023-37739 MEDIUM POC This Month

i-doit Pro v25 and below was discovered to be vulnerable to path traversal. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal I Doit
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-42178 MEDIUM POC This Month

Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Lenosp
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-4841 MEDIUM POC PATCH This Month

The Feeds for YouTube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Feeds For Youtube
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-40869 MEDIUM POC This Month

Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Moosocial
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2023-41588 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time To Sla
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-40779 MEDIUM POC This Month

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Open Redirect Deep Castle G2
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2023-4972 CRITICAL Act Now

Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Digital Yepas
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-4766 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Movus
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4832 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Company Management
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4669 CRITICAL Act Now

Authentication Bypass by Assumed-Immutable Data vulnerability in Exagate SYSGuard 3001 allows Authentication Bypass.2.20.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sysguard 3001 Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4702 CRITICAL Act Now

Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Digital Yepas
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-30909 CRITICAL Act Now

A remote authentication bypass issue exists in some OneView APIs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oneview
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-38204 CRITICAL Act Now

Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Deserialization Coldfusion
NVD
CVSS 3.1
9.8
EPSS
65.5%
CVE-2023-25588 MEDIUM POC PATCH This Month

A flaw was found in Binutils. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binutils
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-25586 MEDIUM POC PATCH This Month

A flaw was found in Binutils. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binutils
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-25585 MEDIUM POC PATCH This Month

A flaw was found in Binutils. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Binutils
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-41010 MEDIUM POC This Month

Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tewa 700G Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41592 MEDIUM POC PATCH This Month

Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Froala Editor
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-41160 MEDIUM POC This Month

A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Usermin
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-26141 MEDIUM POC PATCH This Month

Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Sidekiq
NVD GitHub
CVSS 3.1
4.9
EPSS
0.8%
CVE-2023-38891 HIGH This Week

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Vtiger Crm
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-4965 MEDIUM POC This Month

A vulnerability was found in phpipam 1.5.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Phpipam
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-2848 HIGH PATCH This Week

Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Movim
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32643 HIGH This Week

A flaw was found in GLib. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Deserialization Heap Overflow Glib
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-38557 HIGH This Week

A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Spectrum Power 7
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-4516 HIGH PATCH This Week

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Authentication Bypass Interactive Graphical Scada System
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41267 HIGH PATCH This Week

In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Apache Information Disclosure Airflow Hdfs Provider
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-32636 HIGH This Week

A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-29499 HIGH This Week

A flaw was found in GLib. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-1108 HIGH PATCH This Week

A flaw was found in undertow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Build Of Quarkus Decision Manager Fuse Integration Camel K +12
NVD GitHub
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-25584 HIGH PATCH This Week

An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Information Disclosure Binutils
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-4814 HIGH This Week

A Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Data Loss Prevention
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-4944 MEDIUM This Month

The Awesome Weather Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS WordPress Awesome Weather Widget
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4945 MEDIUM PATCH This Month

The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Booster For Woocommerce
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-4676 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Medaspro
NVD VulDB
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-32611 MEDIUM This Month

A flaw was found in GLib. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Deserialization Denial Of Service Glib
NVD VulDB
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-32665 MEDIUM This Month

A flaw was found in GLib. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Glib
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-38558 MEDIUM PATCH This Month

A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Microsoft Simatic Pcs Neo
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42503 MEDIUM PATCH This Month

Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.22 before 1.24.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Oracle Atlassian Java Apache +1
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-42362 MEDIUM This Month

An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS Teller
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy