Skip to main content
CVE-2023-38886 HIGH POC PATCH THREAT Act Now

An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 31.8%.

Command Injection RCE Dolibarr Erp Crm
NVD
CVSS 3.1
7.2
EPSS
31.8%
CVE-2023-34575 CRITICAL POC Act Now

SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Op Art Save Cart
NVD VulDB
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-38888 CRITICAL POC PATCH Act Now

Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS RCE Dolibarr Erp Crm
NVD VulDB
CVSS 3.1
9.6
EPSS
1.2%
CVE-2023-43135 CRITICAL POC Act Now

There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

TP-Link Authentication Bypass Tl Er5120G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-39675 CRITICAL POC Act Now

SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Product Catalog Csv Excel Import
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-36109 CRITICAL POC Act Now

Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Jerryscript
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-43134 CRITICAL POC Act Now

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass 360R Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43374 CRITICAL POC Act Now

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hoteldruid
NVD
CVSS 3.1
9.8
EPSS
3.3%
CVE-2023-43373 CRITICAL POC Act Now

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hoteldruid
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2023-43371 CRITICAL POC Act Now

Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Hoteldruid
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-5074 CRITICAL POC THREAT Act Now

Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Authentication Bypass D View 8
NVD
CVSS 3.1
9.8
EPSS
67.9%
CVE-2023-43478 CRITICAL POC THREAT Act Now

fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Arcadyan Lh1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
17.4%
CVE-2023-43207 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-43206 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-43204 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-43203 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43202 CRITICAL POC Act Now

D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dwl 6610Ap Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-43201 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-43200 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43199 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43198 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43197 CRITICAL POC Act Now

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43196 CRITICAL POC Act Now

D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Di 7200G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-38887 HIGH POC PATCH This Week

File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

File Upload RCE Dolibarr Erp Crm
NVD VulDB
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-43138 HIGH POC This Week

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tl Er5120G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-43137 HIGH POC This Week

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tl Er5120G Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-42335 HIGH POC This Week

Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Crew Dispatch
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-42331 HIGH POC This Week

A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Elite Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43477 HIGH POC THREAT This Week

The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Arcadyan Lh1000 Firmware
NVD
CVSS 3.1
8.8
EPSS
15.7%
CVE-2023-36319 HIGH POC This Week

File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Openupload
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-41484 HIGH POC This Week

An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cimg
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-4853 HIGH POC PATCH This Week

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Denial Of Service Quarkus Build Of Optaplanner Build Of Quarkus Decision Manager +8
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-43620 HIGH POC PATCH This Week

An issue was discovered in Croc through 9.6.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Croc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43619 HIGH POC PATCH This Week

An issue was discovered in Croc through 9.6.5. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Croc
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-37279 HIGH POC PATCH This Week

Faktory is a language-agnostic persistent background job server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Faktory
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39677 HIGH POC THREAT This Week

MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Product Catalog Csv Excel Import Updateproducts
NVD
CVSS 3.1
7.5
EPSS
30.8%
CVE-2023-42147 HIGH POC This Week

An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cloudexplorer Lite
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-40930 MEDIUM POC This Month

An issue in the directory /system/bin/blkid of Skyworth v3.0 allows attackers to perform a directory traversal via mounting the Udisk to /mnt/. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Skyworth Os
NVD GitHub
CVSS 3.1
6.8
EPSS
1.2%
CVE-2023-42334 MEDIUM POC This Month

An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Crew Dispatch
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-39052 MEDIUM POC This Month

An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Earthgarden Waiting
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39045 MEDIUM POC This Month

An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kokoroe Members Card
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39041 MEDIUM POC This Month

An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Kukurudeli
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39044 MEDIUM POC This Month

An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Ajino Shiretoko
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-2508 MEDIUM POC This Month

The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Mobility Print Server
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-38875 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Php Login System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-40618 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Head Start
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5084 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Hestiacp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-42322 CRITICAL Act Now

Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Icms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43375 CRITICAL Act Now

Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Hoteldruid
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-40619 CRITICAL Act Now

phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()'. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE PHP Deserialization Phppgadmin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy