Skip to main content
CVE-2023-43654 CRITICAL POC PATCH THREAT Act Now

TorchServe is a tool for serving and scaling PyTorch models in production. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Information Disclosure Torchserve
NVD GitHub
CVSS 3.1
9.8
EPSS
35.3%
CVE-2023-44166 CRITICAL POC Act Now

The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Movie Ticket Booking System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-44164 CRITICAL POC Act Now

The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Movie Ticket Booking System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-44163 CRITICAL POC Act Now

The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Movie Ticket Booking System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43739 CRITICAL POC Act Now

The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Book Store Project
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5053 CRITICAL POC Act Now

Hospital management system version 378c157 allows to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hospital Management System In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-5004 CRITICAL POC Act Now

Hospital management system version 378c157 allows to bypass authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hospital Management System In Php
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-43013 CRITICAL POC Act Now

Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Asset Management System
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30415 CRITICAL POC Act Now

Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Packers And Movers Management System
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43869 CRITICAL POC Act Now

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-38870 CRITICAL POC Act Now

A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Economizzer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-41450 HIGH POC This Week

An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-43014 HIGH POC This Week

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Asset Management System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5185 HIGH POC This Week

Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Gym Management System Project
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43740 HIGH POC This Week

Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Online Book Store Project
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43226 HIGH POC This Week

An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Dedecms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-5217 HIGH POC KEV PATCH THREAT This Week

Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Google Libvpx Edge +9
NVD GitHub
CVSS 3.1
8.8
EPSS
49.0%
CVE-2023-38877 HIGH POC This Week

A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Economizzer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-38874 HIGH POC THREAT This Week

A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Economizzer
NVD GitHub
CVSS 3.1
8.8
EPSS
28.5%
CVE-2023-42222 HIGH POC This Week

WebCatalog before 49.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Webcatalog
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-43662 HIGH POC This Week

ShokoServer is a media server which specializes in organizing anime. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Microsoft Shokoserver
NVD GitHub
CVSS 3.1
8.6
EPSS
8.1%
CVE-2023-26145 HIGH POC PATCH This Week

This affects versions of the package pydash before 6.0.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Python Command Injection Pydash
NVD GitHub
CVSS 3.1
8.1
EPSS
2.9%
CVE-2023-41444 HIGH POC This Week

An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Irec
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-4316 HIGH POC PATCH This Week

Zod in versions 3.21.0 up to and including 3.22.3 allows an attacker to perform a denial of service while validating emails. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Zod
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43868 HIGH POC This Week

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43867 HIGH POC This Week

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43866 HIGH POC This Week

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43865 HIGH POC This Week

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43864 HIGH POC This Week

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43863 HIGH POC This Week

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43862 HIGH POC This Week

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-43861 HIGH POC This Week

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43860 HIGH POC This Week

D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow D-Link Dir 619l Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-43323 MEDIUM POC This Month

mooSocial 3.1.8 is vulnerable to external service interaction on post function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moosocial
NVD GitHub
CVSS 3.1
6.5
EPSS
1.9%
CVE-2023-5215 MEDIUM POC This Month

A flaw was found in libnbd. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Libnbd Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-38873 MEDIUM POC This Month

The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Economizzer
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-41447 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-41446 MEDIUM POC This Month

Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE PHP Ajaxnewsticker
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2023-26149 MEDIUM POC PATCH This Month

Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Quill Mention
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-5244 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-44273 CRITICAL PATCH Act Now

Consensys gnark-crypto through 0.11.2 allows Signature Malleability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Gnark Crypto
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-44174 MEDIUM POC This Month

Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Movie Ticket Booking System
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44173 MEDIUM POC This Month

Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Movie Ticket Booking System
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-43884 MEDIUM POC This Month

A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Subrion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43878 MEDIUM POC This Month

Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Ritecms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43876 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS October
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43874 MEDIUM POC This Month

Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS E107 Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-43873 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS E107 Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43872 MEDIUM POC This Month

A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-43871 MEDIUM POC This Month

A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Wbce Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy