Skip to main content
CVE-2023-40920 CRITICAL POC Act Now

Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Prixanconnect
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-43284 HIGH POC This Week

D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 100A53DBR-Retail devices allow an authenticated remote attacker to execute arbitrary code via an unspecified manipulation of the QoS POST. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link Dir 846 Firmware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-44839 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
8.1%
CVE-2023-44838 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44837 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44836 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44835 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44834 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44833 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44832 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-44831 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44830 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44829 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-44828 HIGH POC This Week

D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow D-Link Denial Of Service Dir 823G Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-43260 MEDIUM POC This Month

Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ur51 Firmware Ur52 Firmware Ur55 Firmware Ur32L Firmware +3
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-43269 CRITICAL Act Now

pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Pigcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-44024 CRITICAL PATCH Act Now

SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP SQLi One Page Checkout Social Login Mailchimp
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-43983 CRITICAL PATCH Act Now

Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Attribute Grid
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-43981 CRITICAL PATCH Act Now

Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

PHP Deserialization Test Site Creator
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-32485 CRITICAL PATCH Act Now

Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Privilege Escalation Dell Smartfabric Storage Software
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5423 CRITICAL Act Now

A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Online Pizza Ordering System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-5441 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Vim Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42755 MEDIUM POC PATCH This Month

A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Information Disclosure Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42754 MEDIUM POC PATCH This Month

A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Enterprise Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-43343 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Quick Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-2306 CRITICAL Act Now

Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Nicevision
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-5346 HIGH This Week

Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-4401 HIGH This Week

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Storage Software
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-43068 HIGH This Week

Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Dell Smartfabric Storage Software
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4570 HIGH PATCH This Week

An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Python Information Disclosure Measurementlink
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-45160 HIGH This Week

In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Microsoft Client
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45159 HIGH This Week

1E Client installer can perform arbitrary file deletion on protected files. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Client
NVD
CVSS 3.1
8.4
EPSS
0.2%
CVE-2023-39323 HIGH PATCH This Week

Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Go Fedora
NVD
CVSS 3.1
8.1
EPSS
1.8%
CVE-2023-43072 HIGH This Week

Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell Authentication Bypass Smartfabric Storage Software
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43069 HIGH This Week

Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Dell Docker Smartfabric Storage Software
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-26236 HIGH This Week

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Watchguard Microsoft Epp Firmware Edr Firmware +2
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-45198 HIGH PATCH This Week

ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ftpd Tnftpd
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-44212 HIGH This Week

Sensitive information disclosure and manipulation due to missing authorization. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-44211 HIGH This Week

Sensitive information disclosure and manipulation due to missing authorization. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-26237 MEDIUM This Month

An issue was discovered in WatchGuard EPDR 8.0.21.0002. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Watchguard Authentication Bypass Epp Firmware Edr Firmware Epdr Firmware +1
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-41175 MEDIUM This Month

A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service Buffer Overflow Libtiff +2
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-40745 MEDIUM This Month

LibTIFF is vulnerable to an integer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Denial Of Service Buffer Overflow Libtiff +3
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-44387 MEDIUM PATCH This Month

Gradle is a build tool with a focus on build automation and support for multi-language development. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Gradle
NVD GitHub
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-43073 MEDIUM This Month

Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dell Smartfabric Storage Software
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-43070 MEDIUM This Month

Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Dell Smartfabric Storage Software
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-44390 MEDIUM PATCH This Month

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Htmlsanitizer
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-45243 MEDIUM This Month

Sensitive information disclosure due to missing authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-45242 MEDIUM This Month

Sensitive information disclosure due to missing authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-45241 MEDIUM This Month

Sensitive information leak through log files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-45240 MEDIUM This Month

Sensitive information disclosure due to missing authorization. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Apple Information Disclosure Authentication Bypass Agent
NVD
CVSS 3.1
5.5
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy