Skip to main content
CVE-2023-43128 CRITICAL POC Act Now

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-42279 CRITICAL POC Act Now

Dreamer CMS v4.1.3 was discovered to contain a SQL injection vulnerability via the model-form-management-field form. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Dreamer Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-34577 CRITICAL POC Act Now

SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Planned Popup
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43242 CRITICAL POC Act Now

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 816A2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-43241 CRITICAL POC Act Now

D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-43240 CRITICAL POC THREAT Act Now

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 816 A2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.2%
CVE-2023-43239 CRITICAL POC THREAT Act Now

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 816 A2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.2%
CVE-2023-43238 CRITICAL POC Act Now

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 816 A2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-43237 CRITICAL POC THREAT Act Now

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 816 A2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
12.2%
CVE-2023-43236 CRITICAL POC Act Now

D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 816 A2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-43235 CRITICAL POC Act Now

D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 823G Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-4760 CRITICAL POC PATCH Act Now

In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Tomcat RCE Path Traversal Microsoft Remote Application Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-42261 HIGH POC PATCH This Week

Mobile Security Framework (MobSF) <=v3.7.8 Beta is vulnerable to Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Mobile Security Framework
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-42280 HIGH POC This Week

mee-admin 1.5 is vulnerable to Directory Traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Path Traversal Mee Admin
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-43274 HIGH POC This Week

Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Shopping Cart
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-43669 HIGH POC PATCH This Week

The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Tungstenite Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-4504 HIGH POC This Week

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Heap Overflow Cups Libppd +2
NVD GitHub
CVSS 3.1
7.0
EPSS
0.7%
CVE-2023-5104 MEDIUM POC PATCH This Month

Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Nocodb
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-43632 CRITICAL PATCH Act Now

As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Edge Virtualization Engine
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2023-34576 CRITICAL PATCH Act Now

SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi PHP Op Art Product Faq
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-42810 CRITICAL PATCH Act Now

systeminformation is a System Information Library for Node.JS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

Node.js Command Injection Systeminformation
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-42807 CRITICAL Act Now

Frappe LMS is an open source learning management system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Learning
NVD GitHub
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-4291 CRITICAL Act Now

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Frauscher Diagnostic System 101
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-42458 MEDIUM POC PATCH This Month

Zope is an open-source web application server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Zope
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-40183 MEDIUM POC PATCH This Month

DataEase is an open source data visualization and analysis tool. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload Dataease
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-41993 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Ipados Iphone Os macOS +11
NVD
CVSS 3.1
8.8
EPSS
29.2%
CVE-2023-43634 HIGH PATCH This Week

When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-43633 HIGH PATCH This Week

On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-43631 HIGH PATCH This Week

On boot, the Pillar eve container checks for the existence and content of “/config/authorized_keys”. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Edge Virtualization Engine
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-43309 MEDIUM POC This Month

There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Webmin
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5068 HIGH This Week

Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Diascreen
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41992 HIGH KEV THREAT This Week

The issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Ipados Iphone Os macOS
NVD
CVSS 3.1
7.8
EPSS
2.9%
CVE-2023-43637 HIGH PATCH This Week

Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key would always have the last 16 bytes predetermined to be "arfoobarfoobarfo". Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Eve
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-38343 HIGH This Week

An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ivanti SSRF XXE Endpoint Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-42482 HIGH This Week

Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Samsung Denial Of Service Memory Corruption Exynos 2200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-42805 HIGH PATCH This Week

quinn-proto is a state machine for the QUIC transport protocol. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Quinn
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-42457 HIGH PATCH This Week

plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Apache Denial Of Service Nginx Rest
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-4152 HIGH This Week

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Frauscher Diagnostic System 101
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-38344 MEDIUM This Month

An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ivanti Endpoint Manager
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-42806 MEDIUM This Month

Hydra is the layer-two scalability solution for Cardano. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Hydra
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-39252 MEDIUM PATCH This Month

Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Dell Policy Manager For Secure Connect Gateway
NVD
CVSS 3.1
5.9
EPSS
0.3%
CVE-2023-41991 MEDIUM KEV THREAT This Month

A certificate validation issue was addressed. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os macOS
NVD
CVSS 3.1
5.5
EPSS
4.5%
CVE-2023-4753 MEDIUM This Month

OpenHarmony v3.2.1 and prior version has a system call function usage error. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Openharmony
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-41048 MEDIUM PATCH This Month

plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Namedfile
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4292 MEDIUM This Month

Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Frauscher Diagnostic System 101
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-41616 MEDIUM This Month

A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Student Management System
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-41614 MEDIUM This Month

A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Zoo Management System
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-42456 LOW PATCH Monitor

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every. Rated low severity (CVSS 3.3). This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Sudo
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy