Skip to main content
CVE-2023-43141 CRITICAL POC Act Now

TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass A3700r Firmware N600r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43457 CRITICAL POC Act Now

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Service Provider Management System
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-4521 CRITICAL POC THREAT Act Now

The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Import Xml And Rss Feeds
NVD WPScan
CVSS 3.1
9.8
EPSS
39.3%
CVE-2023-4490 CRITICAL POC Act Now

The WP Job Portal WordPress plugin before 2.0.6 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Job Portal
NVD WPScan
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-40163 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-39453 CRITICAL POC Act Now

A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-35002 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Imagegear
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-32614 CRITICAL POC Act Now

A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-32284 CRITICAL POC Act Now

An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Imagegear
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43131 CRITICAL POC Act Now

General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow General Device Manager
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41419 CRITICAL POC PATCH Act Now

An issue in Gevent before version 23.9.0 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Gevent
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-3547 HIGH POC This Week

The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF All In One B2B For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-32653 HIGH POC This Week

An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow RCE Buffer Overflow Imagegear
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-28393 HIGH POC This Week

A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Imagegear
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-23567 HIGH POC This Week

A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Imagegear
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-5151 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
81.5%
CVE-2023-5150 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
22.8%
CVE-2023-5149 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
21.0%
CVE-2023-5148 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
30.7%
CVE-2023-5147 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 up to 20151231. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
26.6%
CVE-2023-5146 HIGH POC THREAT This Week

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DAR-7000 and DAR-8000 up to 20151231 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload D-Link PHP Dar 7000 Firmware Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
32.9%
CVE-2023-42753 HIGH POC This Week

An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Linux Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-40581 HIGH POC PATCH This Week

yt-dlp is a youtube-dl fork with additional features and fixes. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Python Command Injection Microsoft Yt Dlp
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-43642 HIGH POC PATCH This Week

snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Java Denial Of Service Google Snappy Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-3550 HIGH POC This Week

Mediawiki v1.40.0 does not validate namespaces used in XML files. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Debian Linux
NVD
CVSS 3.1
7.3
EPSS
1.2%
CVE-2023-4300 HIGH POC This Week

The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Import Xml And Rss Feeds
NVD WPScan
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-4238 HIGH POC This Week

The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress PHP Prevent Files Folders Access
NVD WPScan
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-4156 HIGH POC This Week

A heap out-of-bounds read flaw was found in builtin.c in the gawk package. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Gawk Enterprise Linux Fedora
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-5153 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-8000 up to 20151231. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 7000 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
1.7%
CVE-2023-5152 MEDIUM POC This Month

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000 and DAR-8000 up to 20151231. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link PHP SQLi Dar 8000 Firmware
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
7.0%
CVE-2023-42426 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Froala Editor
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-43326 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moosocial
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-4549 MEDIUM POC This Month

The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Dologin Security
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-4476 MEDIUM POC This Month

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Locatoraid
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-4148 MEDIUM POC This Month

The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ditty
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-43339 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-43644 CRITICAL PATCH Act Now

Sing-box is an open source proxy system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Sing Box
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39640 CRITICAL PATCH Act Now

UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Cookie Law
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0626 CRITICAL Act Now

Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Docker Docker Desktop
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-0625 CRITICAL Act Now

Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog.12.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Docker Docker Desktop
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-41297 CRITICAL Act Now

Vulnerability of defects introduced in the design process in the HiviewTunner module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Emui Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-41294 CRITICAL Act Now

The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Harmonyos
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-43458 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Resort Reservation System
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43456 MEDIUM POC This Month

Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Service Provider Management System
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-4631 MEDIUM POC This Month

The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Dologin Security
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-4281 MEDIUM POC This Month

This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Activity Log
NVD WPScan
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-41296 CRITICAL Act Now

Vulnerability of missing authorization in the kernel module. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Emui Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-39407 CRITICAL Act Now

The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Harmonyos
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2023-43278 HIGH This Week

A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF PHP Seacms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-5165 HIGH This Week

Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Docker Desktop
NVD
CVSS 3.1
8.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy