Skip to main content
CVE-2023-43130 CRITICAL POC Act Now

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-43129 CRITICAL POC Act Now

D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Dir 806 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
2.4%
CVE-2023-43270 CRITICAL POC Act Now

dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dst Admin
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-43144 CRITICAL POC Act Now

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Asset Management System Project In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-31719 CRITICAL POC THREAT Act Now

FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fuxa
NVD GitHub
CVSS 3.1
9.8
EPSS
27.4%
CVE-2023-38346 HIGH POC PATCH This Week

An issue was discovered in Wind River VxWorks 6.9 and 7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Vxworks
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-42821 HIGH POC PATCH This Week

The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Denial Of Service Markdown
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-43783 HIGH POC This Week

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cadence
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31718 HIGH POC This Week

FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

LFI PHP Information Disclosure Fuxa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-31717 HIGH POC This Week

A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Fuxa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-40989 CRITICAL PATCH Act Now

SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Jeecg Boot
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-43762 CRITICAL Act Now

Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE F Secure Policy Manager Policy Manager Proxy
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-23364 CRITICAL Act Now

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Multimedia Console
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-23363 CRITICAL Act Now

A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42811 MEDIUM POC PATCH This Month

aes-gcm is a pure Rust implementation of the AES-GCM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Jwt Attack Aes Gcm Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-43782 MEDIUM POC This Month

Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cadence
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-43090 MEDIUM POC PATCH This Month

A vulnerability was found in GNOME Shell. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Authentication Bypass Gnome Shell Fedora
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42798 CRITICAL PATCH Act Now

AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Automataci
NVD GitHub
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-41031 HIGH This Week

Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rx4 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-41029 HIGH This Week

Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rx4 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-41027 HIGH This Week

Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rx4 1500 Firmware
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5002 HIGH PATCH This Week

A flaw was found in pgAdmin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This OS Command Injection vulnerability could allow attackers to execute arbitrary operating system commands on the host.

PostgreSQL Command Injection Pgadmin 4 Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-23362 HIGH This Week

An OS command injection vulnerability has been reported to affect QNAP operating systems. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero Qutscloud
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-42812 MEDIUM POC This Month

Galaxy is an open-source platform for FAIR data analysis. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Galaxy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-34319 HIGH PATCH This Week

The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Buffer Overflow Xen Debian Linux Linux Kernel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43766 HIGH This Week

Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43784 HIGH This Week

Plesk Onyx 17.8.11 has accessKeyId and secretAccessKey fields that are related to an Amazon AWS Firehose component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Onyx
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43767 HIGH This Week

Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43765 HIGH This Week

Certain WithSecure products allow Denial of Service in the aeelf component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43761 HIGH This Week

Certain WithSecure products allow Denial of Service (infinite loop). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-43760 HIGH This Week

Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Client Security Elements Endpoint Protection Email And Server Security Server Security +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-31716 HIGH This Week

FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

LFI PHP Information Disclosure Fuxa
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-43640 MEDIUM PATCH This Month

TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

Information Disclosure SQLi Taxonworks
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-23766 MEDIUM This Month

An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4774 MEDIUM PATCH This Month

The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Connect Matomo
NVD VulDB
CVSS 3.1
6.4
EPSS
0.3%
CVE-2023-4716 MEDIUM PATCH This Month

The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Media Library Assistant
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-43770 MEDIUM KEV PATCH THREAT This Month

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Webmail Debian Linux
NVD GitHub
CVSS 3.1
6.1
EPSS
58.5%
CVE-2023-43763 MEDIUM This Month

Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft F Secure Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-43771 MEDIUM PATCH This Month

In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Not Quite Ptp
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy