Skip to main content
CVE-2023-40044 HIGH POC KEV THREAT Act Now

In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Ws Ftp Server
NVD
CVSS 3.1
8.8
EPSS
90.1%
CVE-2023-41449 CRITICAL POC Act Now

An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SSRF Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-4260 CRITICAL POC Act Now

Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
10.0
EPSS
0.8%
CVE-2023-43651 CRITICAL POC PATCH Act Now

JumpServer is an open source bastion host. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Jumpserver
NVD GitHub
CVSS 3.1
9.9
EPSS
1.7%
CVE-2023-5223 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Hcode Online Judge
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.9%
CVE-2023-42818 CRITICAL POC PATCH Act Now

JumpServer is an open source bastion host. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5222 CRITICAL POC THREAT Act Now

A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Vitogate 300 Firmware
NVD GitHub VulDB Exploit-DB
CVSS 3.1
9.8
EPSS
74.7%
CVE-2023-5221 CRITICAL POC Act Now

A vulnerability classified as critical has been found in ForU CMS. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Foru Cms
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-44172 CRITICAL POC Act Now

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-44171 CRITICAL POC Act Now

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-44170 CRITICAL POC Act Now

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-44169 CRITICAL POC Act Now

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-43291 CRITICAL POC Act Now

Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Deserialization Emlog
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-43222 CRITICAL POC Act Now

SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Seacms
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43216 CRITICAL POC Act Now

SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Seacms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-43187 CRITICAL POC THREAT Act Now

A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Nodebb
NVD GitHub
CVSS 3.1
9.8
EPSS
45.4%
CVE-2023-4264 CRITICAL POC Act Now

Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
9.6
EPSS
0.9%
CVE-2023-43652 CRITICAL POC Act Now

JumpServer is an open source bastion host. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-39347 CRITICAL POC PATCH Act Now

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Rated critical severity (CVSS 9.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Authentication Bypass Cilium
NVD GitHub
CVSS 3.1
9.0
EPSS
0.5%
CVE-2023-41452 HIGH POC This Week

Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-43192 HIGH POC This Week

SQL injection can exist in a newly created part of the SpringbootCMS 1.0 background, and the parameters submitted by users are not filtered. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Springbootcms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5184 HIGH POC This Week

Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-35793 HIGH POC This Week

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Access Controller
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-2315 HIGH POC PATCH This Week

Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal Opencart
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-32541 HIGH POC This Week

A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Microsoft Hancom Office 2020
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-43646 HIGH POC PATCH This Week

get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Get Func Name
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-43381 HIGH POC This Week

SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Blog
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-42460 HIGH POC PATCH This Week

Vyper is a Pythonic Smart Contract Language for the EVM. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Vyper
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0456 HIGH POC This Week

A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Apicast
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-43650 HIGH POC This Week

JumpServer is an open source bastion host. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Jumpserver
NVD GitHub
CVSS 3.1
7.4
EPSS
0.5%
CVE-2023-44047 HIGH POC This Week

Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Toll Tax Management System
NVD GitHub
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-44044 HIGH POC This Week

Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Super Store Finder
NVD GitHub
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-5192 MEDIUM POC PATCH This Month

Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Core
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-5135 MEDIUM POC PATCH This Month

The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Simple Cloudfare Turnstile
NVD VulDB
CVSS 3.1
6.4
EPSS
0.2%
CVE-2023-41448 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-41453 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-41451 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-41445 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-44043 MEDIUM POC This Month

A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Blackcat Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-43263 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Froala Editor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-43234 CRITICAL Act Now

DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Dedebiz
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-40455 CRITICAL Act Now

A permissions issue was addressed with additional restrictions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2023-38586 CRITICAL Act Now

An access issue was addressed with additional sandbox restrictions. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple macOS
NVD
CVSS 3.1
10.0
EPSS
1.0%
CVE-2023-35071 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-4737 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Admin Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-44080 CRITICAL Act Now

An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Codefever
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-20252 CRITICAL Act Now

A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Authentication Bypass Catalyst Sd Wan Manager
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-5176 CRITICAL Act Now

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-5175 CRITICAL Act Now

During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5174 CRITICAL Act Now

If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Use After Free Mozilla Microsoft Memory Corruption +3
NVD
CVSS 3.1
9.8
EPSS
1.0%
Page 1 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy