Skip to main content
CVE-2023-41262 CRITICAL POC Act Now

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Scrutinizer
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43149 HIGH POC This Week

SPA-Cart 1.9.0.3 is vulnerable to Cross Site Request Forgery (CSRF) that allows a remote attacker to add an admin user with role status. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spa Cart
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43147 HIGH POC This Week

PHPJabbers Limo Booking Software 1.0 is vulnerable to Cross Site Request Forgery (CSRF) to add an admin user via the Add Users Function, aka an index.php?controller=pjAdminUsers&action=pjActionCreate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Limo Booking Software
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-43148 HIGH POC This Week

SPA-Cart 1.9.0.3 has a Cross Site Request Forgery (CSRF) vulnerability that allows a remote attacker to delete all accounts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Spa Cart
NVD GitHub
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-27395 HIGH POC PATCH This Week

A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow RCE Heap Overflow Vpn
NVD
CVSS 3.1
8.1
EPSS
1.5%
CVE-2023-27516 HIGH POC PATCH This Week

An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Vpn
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5072 HIGH POC PATCH This Week

Denial of Service in JSON-Java versions up to and including 20230618. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Java Denial Of Service Json Java
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-45142 HIGH POC PATCH This Week

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Opentelemetry
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-25774 HIGH POC This Week

A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Vpn
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-23581 HIGH POC This Week

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Vpn
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-22308 HIGH POC This Week

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Vpn
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-32634 HIGH POC PATCH This Week

An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Vpn
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2023-5556 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository structurizr/onpremises prior to 3194. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS On Premises Installation
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-5555 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Learning
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22325 MEDIUM POC PATCH This Month

A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Denial Of Service Vpn
NVD
CVSS 3.1
5.9
EPSS
1.0%
CVE-2023-5046 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Procost allows SQL Injection, Command Line Execution through SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Procost
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-5045 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Kayisi allows SQL Injection, Command Line Execution through SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Kayisi
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-23737 CRITICAL Act Now

Unauth. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Broken Link Checker
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5554 CRITICAL Act Now

Lack of TLS certificate verification in log transmission of a financial module within LINE client for iOS prior to 13.16.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Line
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2023-40833 CRITICAL Act Now

An issue in Thecosy IceCMS v.1.0.0 allows a remote attacker to gain privileges via the Id and key parameters in getCosSetting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Icecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-29453 CRITICAL Act Now

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Google Zabbix Agent2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-45138 CRITICAL PATCH Act Now

Change Request is an pplication allowing users to request changes on a wiki without publishing the changes directly. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Change Request
NVD GitHub
CVSS 3.1
9.6
EPSS
71.2%
CVE-2023-45511 MEDIUM POC This Month

A memory leak in tsMuxer version git-2539d07 allows attackers to cause a Denial of Service (DoS) via a crafted MP4 file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Tsmuxer
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-41261 MEDIUM POC This Month

An issue was discovered in /fcgi/scrut_fcgi.fcgi in Plixer Scrutinizer before 19.3.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Scrutinizer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-31192 MEDIUM POC PATCH This Month

An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Vpn
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2023-32723 CRITICAL Act Now

Request to LDAP is sent before user permissions are checked. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-27313 HIGH This Week

SnapCenter versions 3.x and 4.x prior to 4.9 are susceptible to a vulnerability which may allow an authenticated unprivileged user to gain access as an admin user. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Snapcenter
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-45133 HIGH PATCH This Week

Babel is a compiler for writingJavaScript. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Debian Linux Babel Babel Helper Define Polyfill Provider Babel Plugin Polyfill Corejs2 +5
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-45106 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Urvanov Syntax Highlighter
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45103 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Permalinks Customizer
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45102 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Blog Manager Light plugin <= 1.20 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Blog Manager Light
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41131 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Jonk @ Follow me Darling Sp*tify Play Button for WordPress plugin <= 2.10 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Spotify Play Button
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-32124 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Arul Prasad J Publish Confirm Message plugin <= 1.3.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Publish Confirm Message
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45068 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Contact Form by Supsystic plugin <= 1.7.27 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Contact Form
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45063 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ai Content Writing Assistant
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45060 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com Interactive World Map plugin <= 3.2.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Interactive World Map
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45058 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Short Url
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45052 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in dan009 WP Bing Map Pro plugin < 5.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Bing Map Pro
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45011 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Power Stats
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-44998 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Category Meta
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-23651 HIGH This Week

Auth. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google SQLi Mainwp Google Analytics Extension
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-45047 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in LeadSquared, Inc LeadSquared Suite plugin <= 0.7.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Leadsquared Suite
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-32724 HIGH This Week

Memory pointer is in a property of the Ducktape object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Zabbix
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-1943 HIGH PATCH This Week

Privilege Escalation in kOps using GCE/GCP Provider in Gossip Mode. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Operations
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-32275 MEDIUM POC This Month

An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Vpn
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2023-27316 HIGH This Week

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Snapcenter
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-23632 HIGH This Week

BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privileged Remote Access
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32722 HIGH This Week

The zabbix/src/libs/zbxjson module is vulnerable to a buffer overflow when parsing JSON files via zbx_json_open. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zabbix
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-41263 LOW POC Monitor

An issue was discovered in Plixer Scrutinizer before 19.3.1. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Scrutinizer
NVD GitHub
CVSS 3.1
3.7
EPSS
0.4%
CVE-2023-44175 HIGH This Week

A Reachable Assertion vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows to send specific genuine PIM packets to the device resulting in rpd. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos Junos Os Evolved
NVD
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy