Skip to main content
CVE-2023-44011 CRITICAL POC Act Now

An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Mojoportal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-43893 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-43892 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-43891 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-44009 CRITICAL POC Act Now

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mojoportal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-44008 CRITICAL POC Act Now

File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Mojoportal
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-43268 HIGH POC This Week

Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Deyue Remote Vehicle Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-43890 HIGH POC This Week

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
2.5%
CVE-2023-43835 HIGH POC This Week

Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE PHP Super Store Finder
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-43361 HIGH POC This Week

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Denial Of Service Vorbis Tools
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-5344 HIGH POC PATCH This Week

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Vim Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-41580 HIGH POC PATCH This Week

Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure PHP Phpipam
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-43836 MEDIUM POC This Month

There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jizhicms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-44012 MEDIUM POC This Month

Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Mojoportal
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2023-43980 CRITICAL Act Now

Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Testsitecreator
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-4659 CRITICAL Act Now

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Free5gc
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-20819 CRITICAL Act Now

In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Lr11 Lr12a +4
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43297 MEDIUM POC This Month

An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-3744 HIGH This Week

Server-Side Request Forgery vulnerability in SLims version 9.6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF PHP Senayan Library Management System
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-5328 HIGH This Week

A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Cl4Nx J Plus Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-3592 HIGH This Week

In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mosquitto
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-3769 HIGH This Week

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ingepac Fc5066 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5106 HIGH PATCH This Week

An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-3768 HIGH This Week

Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ingepac Da3451 Firmware Ingepac Ef Md Firmware Ingepac Fc5066 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-32820 HIGH This Week

In wlan firmware, there is a possible firmware assertion due to improper input handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Iot Yocto Android Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-5329 HIGH This Week

A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Datacube4 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-32830 MEDIUM This Month

In TVAPI, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32829 MEDIUM This Month

In apusys, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Yocto Iot Yocto +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32828 MEDIUM This Month

In vpu, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Iot Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32827 MEDIUM This Month

In camera middleware, there is a possible out of bounds write due to a missing input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32826 MEDIUM This Month

In camera middleware, there is a possible out of bounds write due to a missing input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32824 MEDIUM This Month

In rpmb , there is a possible double free due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32823 MEDIUM This Month

In rpmb , there is a possible memory corruption due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32822 MEDIUM This Month

In ftm, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32821 MEDIUM This Month

In video, there is a possible out of bounds write due to a permissions bypass. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-41728 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.5. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Rescue Shortcodes
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-44245 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Contact Form Website To Workflow Tool
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-44144 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Payment Gateway Per Product For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-44474 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Tiger Forms Drag And Drop Form Builder
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-44244 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Foogallery
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41856 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Click To Tweet
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41692 MEDIUM This Month

Unauth. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Attorney
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-41729 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brewlabs SendPress Newsletters sendpress allows DOM-Based XSS.26.1.20. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-37605 MEDIUM This Month

Weak Exception Handling vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Enterprise Mobility Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42132 MEDIUM This Month

FD Application Apr. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Fd Application
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-43267 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Emlog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44264 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS The Awesome Feed
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44242 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS 2J Slideshow
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44145 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Anchor Episodes Index Spotify For Podcasters
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2023-44477 MEDIUM This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cooked
NVD
CVSS 3.1
5.4
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy