Skip to main content
CVE-2023-5693 CRITICAL POC Act Now

A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Internet Banking System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-46301 CRITICAL POC PATCH Act Now

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Iterm2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46300 CRITICAL POC PATCH Act Now

iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Iterm2
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-46303 HIGH POC This Week

link_to_local_path in ebooks/conversion/plugins/html_input.py in calibre before 6.19.0 can, by default, add resources outside of the document root. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Calibre
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-46298 HIGH POC PATCH This Week

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Next Js
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-5696 MEDIUM POC This Month

A vulnerability was found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5695 MEDIUM POC This Month

A vulnerability was found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5694 MEDIUM POC This Month

A vulnerability was found in CodeAstro Internet Banking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Internet Banking System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46095 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Smooth Scroll Links
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46089 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Userback
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46085 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Ultimate Review
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46317 HIGH PATCH This Week

Knot Resolver before 5.7.0 performs many TCP reconnections upon receiving certain nonsensical responses from servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Knot Resolver
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46315 HIGH PATCH This Week

The zanllp sd-webui-infinite-image-browsing (aka Infinite Image Browsing) extension before 977815a for stable-diffusion-webui (aka Stable Diffusion web UI), if Gradio authentication is enabled. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Stable Diffusion Webui Infinite Image Browsing
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-38276 HIGH PATCH This Week

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in environment variables which could aid in further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Dashboards On Cloud Pak For Data
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-38275 HIGH PATCH This Week

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 exposes sensitive information in container images which could lead to further attacks against the system. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Cognos Dashboards On Cloud Pak For Data
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-46306 MEDIUM This Month

The web administration interface in NetModule Router Software (NRSW) 4.6 before 4.6.0.106 and 4.8 before 4.8.0.101 executes an OS command constructed with unsanitized user input: shell metacharacters. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

PHP Command Injection Netmodule Router Software
NVD
CVSS 3.1
6.6
EPSS
1.0%
CVE-2023-38735 MEDIUM PATCH This Month

IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass IBM Cognos Dashboards On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy