Skip to main content
CVE-2023-46981 CRITICAL POC Act Now

SQL injection vulnerability in Novel-Plus v.4.2.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /common/log/list. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Novel Plus
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-47249 MEDIUM POC This Month

In International Color Consortium DemoIccMAX 79ecb74, a CIccXmlArrayType:::ParseText function (for unsigned short) in IccUtilXml.cpp in libIccXML.a has an out-of-bounds read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Demoiccmax
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-47260 MEDIUM This Month

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS via thumbnails. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redmine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47259 MEDIUM This Month

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in the Textile formatter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redmine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47258 MEDIUM This Month

Redmine before 4.2.11 and 5.0.x before 5.0.6 allows XSS in a Markdown formatter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Redmine
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-46964 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability in Hillstone Next Generation FireWall SG-6000-e3960 v.5.5 allows a remote attacker to execute arbitrary code via the use front-end filtering instead of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Sc 6000 E3960 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy