Skip to main content
CVE-2023-5294 HIGH POC This Week

A vulnerability has been found in ECshop 4.1.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Ecshop
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-5284 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Engineers Online Portal
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5283 HIGH POC This Week

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Engineers Online Portal
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5272 HIGH POC This Week

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5271 HIGH POC This Week

A vulnerability was found in SourceCodester Best Courier Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5270 HIGH POC This Week

A vulnerability was found in SourceCodester Best Courier Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Best Courier Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5266 HIGH POC This Week

A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dedebiz
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-5289 HIGH POC PATCH This Week

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Rdiffweb
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5263 HIGH POC This Week

A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Zzzcms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5262 HIGH POC This Week

A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Rapidcms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-44466 HIGH POC PATCH THREAT This Week

An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Buffer Overflow RCE Linux Linux Kernel
NVD GitHub
CVSS 3.1
8.8
EPSS
54.6%
CVE-2023-5297 HIGH POC This Week

A vulnerability was found in Xinhu RockOA 2.3.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Rockoa
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5296 HIGH POC This Week

A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Rockoa
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-5285 HIGH POC This Week

A vulnerability classified as critical was found in Tongda OA 2017. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5268 HIGH POC This Week

A vulnerability was found in DedeBIZ 6.2 and classified as critical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dedebiz
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-5264 HIGH POC This Week

A vulnerability classified as critical was found in huakecms 3.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Huakecms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-43655 HIGH PATCH This Week

Composer is a dependency manager for PHP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

RCE PHP Composer Debian Linux Fedora
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-32477 HIGH PATCH This Week

Dell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Microsoft Dell Authentication Bypass Common Event Enabler
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44464 HIGH PATCH This Week

pretix before 2023.7.2 allows Pillow to parse EPS files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Pretix
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-39410 HIGH PATCH This Week

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.11.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Apache Deserialization Avro
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2023-3413 HIGH This Week

An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-3917 HIGH This Week

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-30591 HIGH PATCH This Week

Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Nodebb
NVD GitHub
CVSS 3.1
7.5
EPSS
53.8%
CVE-2023-5077 HIGH PATCH This Week

The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-3922 HIGH This Week

An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy