Skip to main content
CVE-2023-4257 CRITICAL POC Act Now

Unchecked user input length in /subsys/net/l2/wifi/wifi_shell.c can cause buffer overflows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-45467 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-45466 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3Mv2 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-45465 CRITICAL POC Act Now

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection N3M Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.8%
CVE-2023-5572 CRITICAL POC PATCH Act Now

Server-Side Request Forgery (SSRF) in GitHub repository vriteio/vrite prior to 0.3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SSRF Vrite
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5557 HIGH POC This Week

A flaw was found in the tracker-miners package. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Tracker Miners Enterprise Linux
NVD
CVSS 3.1
7.7
EPSS
0.9%
CVE-2023-45468 HIGH POC This Week

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service N3M Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45464 HIGH POC This Week

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service N3M Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-45463 HIGH POC This Week

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service N3M Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5571 HIGH POC PATCH This Week

Improper Input Validation in GitHub repository vriteio/vrite prior to 0.3.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Vrite
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-45393 MEDIUM POC This Month

An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Utime Master
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-5573 MEDIUM POC PATCH This Month

Allocation of Resources Without Limits or Throttling in GitHub repository vriteio/vrite prior to 0.3.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Vrite
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-45162 CRITICAL Act Now

Affected 1E Platform versions have a Blind SQL Injection vulnerability that can lead to arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Platform
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4829 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.0.22. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Froxlor
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-4517 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository hestiacp/hestiacp prior to 1.8.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Hestiacp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-38000 MEDIUM POC This Month

Auth. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gutenberg
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-29464 CRITICAL Act Now

FactoryTalk Linx, in the Rockwell Automation PanelView Plus, allows an unauthenticated threat actor to read data from memory via crafted malicious packets. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Rockwell Information Disclosure Factorytalk Linx
NVD
CVSS 3.1
9.1
EPSS
9.6%
CVE-2023-4562 CRITICAL Act Now

Improper Authentication vulnerability in Mitsubishi Electric Corporation MELSEC-F Series main modules allows a remote unauthenticated attacker to obtain sequence programs from the product or write. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Fx3G 14 Mr Ds Firmware Fx3G 14 Mr Es Firmware Fx3G 14 Mt Ds Firmware Fx3G 14 Mt Dss Firmware +186
NVD
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-4263 HIGH This Week

Potential buffer overflow vulnerability in the Zephyr IEEE 802.15.4 nRF 15.4 driver. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34976 HIGH This Week

A SQL injection vulnerability has been reported to affect Video Station. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Video Station
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-34975 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Video Station
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-45276 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Automated Editor
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45270 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pinpoint Booking System
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45268 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Hitsteps Web Analytics
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45267 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Irivyou
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45391 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Utime Master
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-45109 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ZAKSTAN WhitePage plugin <= 1.1.5 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Whitepage
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45108 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Mailrelay
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-45107 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Goodbarber
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-38218 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Information Disclosure Authentication Bypass Commerce +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5564 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository froxlor/froxlor prior to 2.1.0-dev1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Froxlor
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-44182 HIGH This Week

An Unchecked Return Value vulnerability in the user interfaces to the Juniper Networks Junos OS and Junos OS Evolved, the CLI, the XML API, the XML Management Protocol, the NETCONF Management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-38219 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by a stored Cross-Site Scripting (XSS) vulnerability that. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Adobe XSS Commerce Magento
NVD
CVSS 3.1
8.7
EPSS
0.6%
CVE-2023-39999 MEDIUM POC This Month

Exposure of Sensitive Information to an Unauthorized Actor in WordPress from 6.3 through 6.3.1, from 6.2 through 6.2.2, from 6.1 through 6.13, from 6.0 through 6.0.5, from 5.9 through 5.9.7, from 5.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Fedora
NVD
CVSS 3.1
4.3
EPSS
1.0%
CVE-2023-33303 HIGH PATCH This Week

A insufficient session expiration in Fortinet FortiEDR version 5.0.0 through 5.0.1 allows attacker to execute unauthorized code or commands via api request. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Fortinet Authentication Bypass Fortiedr
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-43079 HIGH This Week

Dell OpenManage Server Administrator, versions 11.0.0.0 and prior, contains an Improper Access Control vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Dell Authentication Bypass Emc Openmanage Server Administrator
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-44194 HIGH This Week

An Incorrect Default Permissions vulnerability in Juniper Networks Junos OS allows an unauthenticated attacker with local access to the device to create a backdoor with root privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Juniper Junos
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-32974 HIGH This Week

A path traversal vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qnap Path Traversal Information Disclosure Qts Quts Hero +1
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-4499 HIGH PATCH This Week

A potential security vulnerability has been identified in the HP ThinUpdate utility (also known as HP Recovery Image and Software Download Tool) which may lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure HP Thinupdate
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-41682 HIGH This Week

A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 4.4.0, FortiSandbox 4.2.1 through 4.2.5, FortiSandbox 4.0.0 through 4.0.3,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Fortinet Path Traversal Denial Of Service Fortisandbox
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5240 HIGH This Week

Improper access control in PAM propagation scripts in Devolutions Server 2023.2.8.0 and ealier allows an attack with permission to manage PAM propagation scripts to retrieve passwords stored in it. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Devolutions Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-45130 HIGH PATCH This Week

Frontier is Substrate's Ethereum compatibility layer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Frontier
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39960 HIGH PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38220 HIGH PATCH This Week

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Improper Authorization vulnerability that could lead in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Authentication Bypass Commerce Magento
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5563 HIGH This Week

The SJA1000 CAN controller driver backend automatically attempt to recover from a bus-off event when built with CONFIG_CAN_AUTO_BUS_OFF_RECOVERY=y. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr
NVD GitHub
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44199 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-44198 HIGH This Week

An Improper Check for Unusual or Exceptional Conditions vulnerability in the SIP ALG of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated network-based attacker to cause. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Information Disclosure Junos
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-44197 HIGH This Week

An Out-of-Bounds Write vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Juniper Denial Of Service Junos +1
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-44192 HIGH This Week

An Improper Input Validation vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause memory leak, leading to Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-44191 HIGH This Week

An Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Juniper Denial Of Service Junos
NVD
CVSS 3.1
7.5
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy