Skip to main content
CVE-2023-43281 MEDIUM POC This Month

Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Stb Image H
NVD GitHub
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-37911 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-5744 MEDIUM POC PATCH This Month

The Very Simple Google Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vsgmap' shortcode in all versions up to, and including, 2.9 due to insufficient input. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Google XSS WordPress Very Simple Google Maps
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-46583 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) " Testing Management System v.1.0 allows attackers to execute arbitrary code via a crafted payload injected into the State. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Nipah Virus Testing Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-36085 MEDIUM POC This Month

The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Open Redirect Sisqualwfm
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46010 CRITICAL Act Now

An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE PHP Seacms
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-31580 MEDIUM POC PATCH This Month

light-oauth2 before version 2.1.27 obtains the public key without any verification. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Light Oauth2
NVD GitHub
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-46134 CRITICAL PATCH Act Now

D-Tale is the combination of a Flask back-end and a React front-end to view & analyze Pandas data structures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE Python XSS D Tale
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5746 CRITICAL Act Now

A vulnerability regarding use of externally-controlled format string is found in the cgi component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Synology Bc500 Firmware Tc500 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-5731 CRITICAL Act Now

Memory safety bugs present in Firefox 118. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-5730 CRITICAL Act Now

Memory safety bugs present in Firefox 118, Firefox ESR 115.3, and Thunderbird 115.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-46358 CRITICAL Act Now

In the module "Referral and Affiliation Program" (referralbyphone) version 3.5.1 and before from Snegurka for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Referralbyphone
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46158 CRITICAL Act Now

IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 could provide weaker than expected security due to improper resource expiration handling. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Websphere Application Server Liberty
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-42494 CRITICAL Act Now

EisBaer Scada - CWE-749: Exposed Dangerous Method or Function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42493 CRITICAL Act Now

EisBaer Scada - CWE-256: Plaintext Storage of a Password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-42492 CRITICAL Act Now

EisBaer Scada - CWE-321: Use of Hard-coded Cryptographic Key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-42491 CRITICAL Act Now

EisBaer Scada - CWE-285: Improper Authorization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-42489 CRITICAL Act Now

EisBaer Scada - CWE-732: Incorrect Permission Assignment for Critical Resource. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Eisbaer Scada
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39930 CRITICAL Act Now

A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingid Radius Pcv
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-37283 CRITICAL Act Now

Under a very specific and highly unrecommended configuration, authentication bypass is possible in the PingFederate Identifier First Adapter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Pingfederate
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-30912 CRITICAL Act Now

A remote code execution issue exists in HPE OneView. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Oneview
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-45137 MEDIUM POC PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46396 MEDIUM POC This Month

Audimex 15.0.0 is vulnerable to Cross Site Scripting (XSS) in /audimex/cgi-bin/wal.fcgi via company parameter search filters. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Audimex
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-44769 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Zenario
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-43360 MEDIUM POC This Month

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Cms Made Simple
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-46232 MEDIUM POC PATCH This Month

era-compiler-vyper is the EraVM Vyper compiler for zkSync Era, a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Zkvyper
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-46137 MEDIUM POC PATCH This Month

Twisted is an event-based framework for internet applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Request Smuggling Twisted
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-46123 MEDIUM POC This Month

jumpserver is an open source bastion machine, professional operation and maintenance security audit system that complies with 4A specifications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Jumpserver
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-46233 CRITICAL PATCH Act Now

crypto-js is a JavaScript library of crypto standards. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Crypto Js
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-27262 CRITICAL Act Now

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-27260 CRITICAL Act Now

Unauthenticated SQL injection in the GetAssignmentsDue method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-27255 CRITICAL Act Now

Unauthenticated SQL injection in the DeleteRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-27254 CRITICAL Act Now

Unauthenticated SQL injection in the GetRoomChanges method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-26584 CRITICAL Act Now

Unauthenticated SQL injection in the GetStudentInconsistencies method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-26583 CRITICAL Act Now

Unauthenticated SQL injection in the GetCurrentPeriod method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-26582 CRITICAL Act Now

Unauthenticated SQL injection in the GetExcursionDetails method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-26581 CRITICAL Act Now

Unauthenticated SQL injection in the GetVisitors method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-26573 CRITICAL Act Now

Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier allows denial of service or theft of database login credentials. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Idweb
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-26572 CRITICAL Act Now

Unauthenticated SQL injection in the GetExcursionList method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-26569 CRITICAL Act Now

Unauthenticated SQL injection in the StudentPopupDetails_Timetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-26568 CRITICAL Act Now

Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Idweb
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-29973 MEDIUM POC This Month

Pfsense CE version 2.6.0 is vulnerable to No rate limit which can lead to an attacker creating multiple malicious users in firewall. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Pfsense
NVD
CVSS 3.1
4.9
EPSS
1.6%
CVE-2023-5044 HIGH PATCH This Week

Code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Kubernetes Code Injection Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
8.8
EPSS
56.6%
CVE-2023-5043 HIGH PATCH This Week

Ingress nginx annotation injection causes arbitrary command execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Nginx Ingress Nginx
NVD GitHub
CVSS 3.1
8.8
EPSS
2.2%
CVE-2023-42852 HIGH This Week

A logic issue was addressed with improved checks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apple Safari Ipados Iphone Os +5
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-41976 HIGH This Week

A use-after-free issue was addressed with improved memory management. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Apple RCE Memory Corruption Safari +5
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-40447 HIGH This Week

The issue was addressed with improved memory handling. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Apple Safari Ipados +4
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-5472 HIGH This Week

Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-4607 HIGH This Week

An authenticated XCC user can change permissions for any user through a crafted API command. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Thinkagile Hx5530 Firmware Thinkagile Hx7530 Firmware Thinkagile Vx3331 Firmware Thinkagile Hx1331 Firmware +119
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-46204 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Duplicate Theme
NVD
CVSS 3.1
8.8
EPSS
0.3%
Prev Page 3 of 7 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy