Skip to main content
CVE-2023-41887 CRITICAL POC PATCH THREAT Act Now

OpenRefine is a powerful free, open source tool for working with messy data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE SQLi Openrefine
NVD GitHub
CVSS 3.1
9.8
EPSS
45.5%
CVE-2023-38507 CRITICAL POC PATCH Act Now

Strapi is the an open-source headless content management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Strapi
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42398 CRITICAL POC Act Now

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF PHP Zzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-4974 CRITICAL POC Act Now

A vulnerability was found in Academy LMS 6.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Academy Lms
NVD VulDB
CVSS 3.1
9.8
EPSS
4.9%
CVE-2023-39643 CRITICAL POC Act Now

Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Xmlfeeds Pro
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39642 CRITICAL POC Act Now

Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Cartsguru
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39641 CRITICAL POC Act Now

Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Full Affiliates
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39639 CRITICAL POC Act Now

LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Leoblog
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42270 HIGH POC This Week

Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Grocy
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-40958 HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-40957 HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-40956 HIGH POC This Week

A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Wesite Job Search
NVD GitHub
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40955 HIGH POC This Week

A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Engineering Lifecycle Management
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-4987 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SQLi Taskhub
NVD VulDB
CVSS 3.1
8.0
EPSS
0.7%
CVE-2023-4985 HIGH POC This Week

A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Inplant Scada
NVD VulDB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-41886 HIGH POC PATCH This Week

OpenRefine is a powerful free, open source tool for working with messy data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Openrefine
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-38039 HIGH POC THREAT This Week

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Curl Fedora Windows 10 1809 Windows 10 21h2 +6
NVD
CVSS 3.1
7.5
EPSS
62.2%
CVE-2023-41325 HIGH POC PATCH This Week

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Rated high severity (CVSS 7.4), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Op Tee
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.1%
CVE-2023-3891 HIGH POC This Week

Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Lapce
NVD GitHub
CVSS 3.1
7.0
EPSS
0.3%
CVE-2023-42439 MEDIUM POC PATCH This Month

GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SSRF Geonode
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-40019 MEDIUM POC This Month

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Freeswitch
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-38706 MEDIUM POC This Month

Discourse is an open-source discussion platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4984 MEDIUM POC This Month

A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Knowsearch
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-40983 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-4973 MEDIUM POC This Month

A vulnerability was found in Academy LMS 6.2 on Windows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Academy Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2023-4978 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-4662 CRITICAL Act Now

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Connect
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-4661 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Connect
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-4835 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Petroleum Management Software Application
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4833 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.0.2309.6. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Besttem Network Marketing
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4670 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Innosa Probbys
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4231 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.09. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Informatics Online Payment System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4830 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Signalix
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-4673 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Turasistan
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-0923 CRITICAL Act Now

A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Kubernetes Authentication Bypass Openshift Data Science
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-28614 CRITICAL Act Now

Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Smart Trade
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-4988 CRITICAL Act Now

A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP Laiketui
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4831 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Ncode Ncep
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-36659 CRITICAL Act Now

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Metadefender Kiosk
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-36657 CRITICAL Act Now

An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Metadefender Kiosk
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-36472 MEDIUM POC PATCH This Month

Strapi is an open-source headless content management system. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Strapi
NVD GitHub
CVSS 3.1
5.7
EPSS
0.6%
CVE-2023-36735 CRITICAL PATCH Act Now

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
9.6
EPSS
1.9%
CVE-2023-40982 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40986 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40985 MEDIUM POC This Month

An issue was discovered in Webmin 2.100. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Webmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-40984 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4982 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-4981 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-4980 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-4979 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Librenms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy