Skip to main content
CVE-2023-33831 CRITICAL POC THREAT Act Now

A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Fuxa
NVD GitHub
CVSS 3.1
9.8
EPSS
13.7%
CVE-2023-42320 CRITICAL POC Act Now

Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Tenda Ac10 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-42359 CRITICAL POC Act Now

SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Exam Form Submission In Php With Source Code
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42454 CRITICAL POC PATCH Act Now

SQLpage is a SQL-only webapp builder. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Sqlpage
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-42328 HIGH POC This Week

An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Peppermint
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-5036 HIGH POC PATCH This Week

Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Memos
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-42443 HIGH POC PATCH This Week

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Vyper
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-42387 HIGH POC This Week

An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain sensitive information via get_db_info function in install.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Tdsql Chitu
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41443 HIGH POC This Week

SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Novel Plus
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-5033 HIGH POC This Week

A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rapidcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-5032 HIGH POC This Week

A vulnerability was found in OpenRapid RapidCMS 1.3.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rapidcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-39043 MEDIUM POC This Month

An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tokushima Awayokocho
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-39039 MEDIUM POC This Month

An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Camp Style Project Line
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39040 MEDIUM POC This Month

An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cheese Cafe Line
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39056 MEDIUM POC This Month

An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Coffee Jumbo
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39049 MEDIUM POC This Month

An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Youmart Tokunaga
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39046 MEDIUM POC This Month

An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Tonton Tei Waiting
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39058 MEDIUM POC This Month

An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure The B Members Card
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-4527 MEDIUM POC This Month

A flaw was found in glibc. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Glibc Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian +24
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-42446 MEDIUM POC This Month

Pow is a authentication and user management solution for Phoenix and Plug-based apps. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pow
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5031 MEDIUM POC This Month

A vulnerability was found in OpenRapid RapidCMS 1.3.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Rapidcms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42253 MEDIUM POC This Month

Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scripting (XSS) in Add Accounts via Invoice No, To, and Mammul. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Vehicle Management
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41084 CRITICAL Act Now

Session management within the web application is incorrect and allows attackers to steal session cookies to perform a multitude of actions that the web app allows on the device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modulys Gp Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-41030 CRITICAL Act Now

Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rx4 1500 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5034 CRITICAL Act Now

A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload PHP My Food Recipe
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-37611 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Neos Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-42371 MEDIUM POC This Month

Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Rich Text Editor
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-42441 MEDIUM POC PATCH This Month

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-39446 HIGH This Week

Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Modulys Gp Firmware
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-40221 HIGH This Week

The absence of filters when loading some sections in the web application of the vulnerable device allows potential attackers to inject malicious code that will be interpreted when a legitimate user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Modulys Gp Firmware
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43115 HIGH This Week

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Ghostscript Fedora
NVD
CVSS 3.1
8.8
EPSS
4.7%
CVE-2023-41349 HIGH This Week

ASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Rt Ax88U Firmware
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-34195 HIGH This Week

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41595 HIGH This Week

An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass X Ui
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-39452 HIGH This Week

The web application that owns the device clearly stores the credentials within the user management section. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modulys Gp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41965 HIGH This Week

Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Modulys Gp Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-32187 HIGH PATCH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service.24.0 before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service K3S
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-42525 HIGH This Week

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42524 HIGH This Week

Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42523 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42522 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42521 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42526 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-42520 HIGH This Week

Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-35851 HIGH This Week

SUNNET WMPro portal's FAQ function has insufficient validation for user input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Wmpro
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41929 HIGH This Week

A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Microsoft Memory Card Ufd Authentication
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-34999 HIGH PATCH This Week

A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Command Injection Rts Vlink Virtual Matrix
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-35850 HIGH This Week

SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Wmpro
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-4806 MEDIUM This Month

A flaw has been identified in glibc. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Glibc Codeready Linux Builder Eus +20
NVD VulDB
CVSS 3.1
5.9
EPSS
1.9%
CVE-2023-38255 MEDIUM This Month

A potential attacker with or without (cookie theft) access to the device would be able to include malicious code (XSS) when uploading new device configuration that could affect the intended function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Modulys Gp Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy