Skip to main content
CVE-2023-43336 HIGH POC This Week

Sangoma Technologies FreePBX before cdr 15.0.18, 16.0.40, 15.0.16, and 16.0.17 was discovered to contain an access control issue via a modified parameter value, e.g., changing extension=self to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Freepbx
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-39057 HIGH POC This Week

An information leak in hirochanKAKIwaiting v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39054 HIGH POC This Week

An information leak in Tokudaya.ekimae_mc v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39053 HIGH POC This Week

An information leak in Hattoriya v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39051 HIGH POC This Week

An information leak in VISION MEAT WORKS Track Diner 10/10mbl v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39050 HIGH POC This Week

An information leak in Daiky-value.Fukueten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39048 HIGH POC This Week

An information leak in Tokudaya.honten v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39047 HIGH POC PATCH This Week

An information leak in shouzu sweets oz v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-39042 HIGH POC This Week

An information leak in Gyouza-newhushimi v13.6.1 allows attackers to obtain the channel access token and send crafted messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line Mini App
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5929 HIGH POC This Week

A vulnerability was found in Campcodes Simple Student Information System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5928 HIGH POC This Week

A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5927 HIGH POC This Week

A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5926 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5925 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5924 HIGH POC This Week

A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5923 HIGH POC This Week

A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Information System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-5919 HIGH POC This Week

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Company Website Cms
NVD VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-26454 HIGH This Week

Requests to fetch image metadata could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26453 HIGH This Week

Requests to cache an image could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-26452 HIGH This Week

Requests to cache an image and return its metadata could be abused to include SQL queries that would be executed unchecked. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-5860 HIGH PATCH This Week

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload RCE WordPress Icons Font Loader
NVD VulDB
CVSS 3.1
7.2
EPSS
5.4%
CVE-2023-39283 HIGH This Week

An SMM memory corruption vulnerability in the SMM driver (SMRAM write) in CsmInt10HookSmm in Insyde InsydeH2O with kernel 5.0 through 5.5 allows attackers to send arbitrary data to SMM which could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Insydeh2o
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31017 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to write arbitrary data to privileged locations by using reparse points. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Denial Of Service Path Traversal RCE Microsoft +2
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-31016 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Nvidia Denial Of Service RCE Microsoft Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-26455 HIGH This Week

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Open Xchange Appsuite
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-46352 HIGH This Week

In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Facebookconversiontrackingplus
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46725 HIGH PATCH This Week

FoodCoopShop is open source software for food coops and local shops. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Foodcoopshop
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46695 HIGH PATCH This Week

An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.2.7. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Python Denial Of Service Microsoft Django
NVD
CVSS 3.1
7.5
EPSS
49.8%
CVE-2023-31027 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability that allows Windows users with low levels of privilege to escalate privileges when an administrator is updating GPU drivers, which may. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Privilege Escalation Microsoft Virtual Gpu
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-29047 HIGH This Week

Imageconverter API endpoints provided methods that were not sufficiently validating and sanitizing client input, allowing to inject arbitrary SQL statements. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

SQLi Open Xchange Appsuite
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-5408 HIGH This Week

A privilege escalation flaw was found in the node restriction admission plugin of the kubernetes api server of OpenShift. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Kubernetes Openshift Container Platform
NVD GitHub
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-31020 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause improper access control, which may lead to denial of service or. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Denial Of Service Authentication Bypass Virtual Gpu
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-31019 HIGH This Week

NVIDIA GPU Display Driver for Windows contains a vulnerability in wksServicePlugin.dll, where the driver implementation does not restrict or incorrectly restricts access from the named pipe server to. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Microsoft Authentication Bypass Virtual Gpu
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy