Skip to main content
CVE-2023-46747 CRITICAL POC KEV EUVD KEV THREAT Emergency

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Advanced Web Application Firewall Big Ip Carrier Grade Nat +16
NVD
CVSS 3.1
9.8
EPSS
96.5%
CVE-2023-43208 CRITICAL POC KEV THREAT Emergency

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Mirth Connect
NVD
CVSS 3.1
9.8
EPSS
82.7%
CVE-2023-5805 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Real Estate Portal System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Real Estate Portal System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-42406 CRITICAL POC Act Now

SQL injection vulnerability in D-Link Online behavior audit gateway DAR-7000 V31R02B1413C allows a remote attacker to obtain sensitive information and execute arbitrary code via the editrole.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE D-Link PHP SQLi Dar 7000 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-5804 CRITICAL POC Act Now

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0 and classified as critical.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Nipah Virus Testing Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-44267 CRITICAL POC Act Now

Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Art Gallery
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5794 CRITICAL POC Act Now

A vulnerability was found in PHPGurukul Online Railway Catering System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Railway Catering Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-46435 CRITICAL POC Act Now

Sourcecodester Packers and Movers Management System v1.0 is vulnerable to SQL Injection via mpms/?p=services/view_service&id. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Packers And Movers Management System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5792 CRITICAL POC Act Now

A vulnerability has been found in SourceCodester Sticky Notes App 1.0 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Sticky Notes App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-5790 CRITICAL POC Act Now

A vulnerability classified as critical was found in SourceCodester File Manager App 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP File Manager App
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5784 CRITICAL POC Act Now

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5782 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5781 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Tongda OA 2017 11.10.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-5780 CRITICAL POC Act Now

A vulnerability classified as critical was found in Tongda OA 2017 11.10. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-45869 CRITICAL POC Act Now

ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system commands remotely, when a highly privileged account accesses an XSS payload. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ilias
NVD
CVSS 3.1
9.0
EPSS
0.8%
CVE-2023-46748 HIGH POC KEV THREAT This Week

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Big Ip Access Policy Manager Big Ip Advanced Firewall Manager Big Ip Carrier Grade Nat Big Ip Ddos Hybrid Defender +16
NVD
CVSS 3.1
8.8
EPSS
4.5%
CVE-2023-5796 HIGH POC This Week

A vulnerability was found in CodeAstro POS System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pos System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5795 HIGH POC This Week

A vulnerability was found in CodeAstro POS System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Pos System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5787 HIGH POC This Week

A vulnerability was found in Shaanxi Chanming Education Technology Score Query System 5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Score Query System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5786 HIGH POC This Week

A vulnerability was found in GeoServer GeoWebCache up to 1.15.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Geowebcache
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-46449 HIGH POC This Week

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Inventory Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-5798 HIGH POC This Week

The Assistant WordPress plugin before 1.4.4 does not validate a parameter before making a request to it via wp_remote_get(), which could allow users with a role as low as Editor to perform SSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Assistant
NVD WPScan
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45868 HIGH POC This Week

The Learning Module in ILIAS 7.25 (2023-09-12 release) allows an attacker (with basic user privileges) to achieve a high-impact Directory Traversal attack on confidentiality and availability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Ilias
NVD
CVSS 3.1
8.1
EPSS
1.1%
CVE-2023-43352 HIGH POC This Week

An issue in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload to the Content Manager Menu component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Cms Made Simple
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-5139 HIGH POC This Week

Potential buffer overflow vulnerability at the following location in the Zephyr STM32 Crypto driver. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-27170 HIGH POC This Week

Xpand IT Write-back manager v2.3.1 allows attackers to perform a directory traversal via modification of the siteName parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Path Traversal Write Back Manager
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5785 HIGH POC This Week

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Application Security Gateway
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5783 HIGH POC This Week

A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-45867 MEDIUM POC This Month

ILIAS (2013-09-12 release) contains a medium-criticality Directory Traversal local file inclusion vulnerability in the ScormAicc module. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Authentication Bypass Ilias
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-5791 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Sticky Notes App 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Sticky Notes App
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-43906 MEDIUM POC This Month

Xolo CMS v0.11 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xolo Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46665 CRITICAL Act Now

Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39726 CRITICAL Act Now

An issue in Mintty v.3.6.4 and before allows a remote attacker to execute arbitrary code via crafted commands to the terminal. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Mintty
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-5754 CRITICAL Act Now

Sielco PolyEco1000 uses a weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-46661 CRITICAL Act Now

Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-0897 CRITICAL Act Now

Sielco PolyEco1000 is vulnerable to a session hijack vulnerability due to the cookie being vulnerable to a brute force attack, lack of SSL, and the session being visible in requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Session Fixation Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-42769 CRITICAL Act Now

The cookie session ID is of insufficient length and can be exploited by brute force, which may allow a remote attacker to obtain a valid session, bypass authentication, and manipulate the transmitter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Analog Fm Transmitter Exc5000Gx Firmware Analog Fm Transmitter Exc120Gx Firmware Analog Fm Transmitter Exc300Gx Firmware Analog Fm Transmitter Exc1600Gx Firmware +11
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5793 MEDIUM POC PATCH This Month

A vulnerability was found in flusity CMS and classified as problematic.php of the component Dashboard. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP XSS Flusity
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46450 MEDIUM POC This Month

Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Inventory Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-46664 CRITICAL Act Now

Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
9.1
EPSS
0.5%
CVE-2023-41095 CRITICAL Act Now

Missing Encryption of Security Keys vulnerability in Silicon Labs OpenThread SDK on 32 bit, ARM (SecureVault High modules) allows potential modification or extraction of network credentials stored in. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Openthread Sdk
NVD
CVSS 3.1
9.1
EPSS
0.2%
CVE-2023-46668 CRITICAL Act Now

If Elastic Endpoint (v7.9.0 - v8.10.3) is configured to use a non-default option in which the logging level is explicitly set to debug, and when Elastic Agent is simultaneously configured to collect. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Elastic Information Disclosure Endpoint
NVD
CVSS 3.1
9.1
EPSS
0.3%
CVE-2023-33559 HIGH This Week

A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows attackers to execute arbitrary code by supplying a crafted PHP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE PHP Ocomon
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5789 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Dragon Path 707GR1 up to 20231022. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dragon Path 707Gr1 Firmware
NVD VulDB
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5622 HIGH PATCH This Week

Under certain conditions, Nessus Network Monitor could allow a low privileged user to escalate privileges to NT AUTHORITY\SYSTEM on Windows hosts by replacing a specially crafted file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Microsoft Nessus Network Monitor
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-45317 HIGH This Week

The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Analog Fm Transmitter Exc5000Gx Firmware Analog Fm Transmitter Exc120Gx Firmware Analog Fm Transmitter Exc300Gx Firmware Analog Fm Transmitter Exc1600Gx Firmware +11
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-41966 HIGH This Week

The application suffers from a privilege escalation vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Analog Fm Transmitter Exc5000Gx Firmware Analog Fm Transmitter Exc120Gx Firmware Analog Fm Transmitter Exc300Gx Firmware Analog Fm Transmitter Exc1600Gx Firmware +11
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-5802 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Mihai Iova WordPress Knowledge base & Documentation Plugin - WP Knowledgebase plugin <= 1.3.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Knowledgebase
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-46663 HIGH This Week

Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Polyeco500 Firmware Polyeco300 Firmware Polyeco1000 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-46667 HIGH This Week

An issue was discovered in Fleet Server >= v8.10.0 and < v8.10.3 where Agent enrolment tokens are being inserted into the Fleet Server’s log file in plain text. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Information Disclosure Fleet Server
NVD
CVSS 3.1
8.1
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy