Skip to main content
CVE-2023-6054 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6053 CRITICAL POC Act Now

A vulnerability, which was classified as critical, has been found in Tongda OA 2017 up to 11.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-6052 CRITICAL POC Act Now

A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-47248 CRITICAL POC PATCH THREAT Act Now

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache RCE Deserialization Pyarrow
NVD GitHub
CVSS 3.1
9.8
EPSS
14.4%
CVE-2023-43791 HIGH POC PATCH This Week

Label Studio is a multi-type data labeling and annotation tool with standardized output format. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Python Label Studio
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-46894 HIGH POC This Week

An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via weak cryptographic algorithm. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Esptool
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26156 HIGH POC PATCH This Week

Versions of the package chromedriver before 119.0.1 are vulnerable to Command Injection when setting the chromedriver.path to an arbitrary system binary. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available.

Command Injection Authentication Bypass Chromedriver
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2023-45884 MEDIUM POC PATCH This Month

Cross Site Request Forgery (CSRF) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to view sensitive information via the flexibleLayout plugin. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Openmct
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2023-47373 MEDIUM POC This Month

The leakage of channel access token in DRAGON FAMILY Line 13.6.1 allows remote attackers to send malicious notifications to victims. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47372 MEDIUM POC This Month

The leakage of channel access token in UPDATESALON C-LOUNGE Line 13.6.1 allows remote attackers to send malicious notifications to victims. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47370 MEDIUM POC This Month

The leakage of channel access token in bluetrick Line 13.6.1 allows remote attackers to send malicious notifications to victims. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47368 MEDIUM POC This Month

The leakage of channel access token in taketorinoyu Line 13.6.1 allows remote attackers to send malicious notifications to victims. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47369 MEDIUM POC This Month

The leakage of channel access token in best_training_member Line 13.6.1 allows remote attackers to send malicious notifications. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47367 MEDIUM POC This Month

The leakage of channel access token in platinum clinic Line 13.6.1 allows remote attackers to send malicious notifications to victims. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47366 MEDIUM POC This Month

The leakage of channel access token in craft_members Line 13.6.1 allows remote attackers to send malicious notifications to victims. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47365 MEDIUM POC This Month

The leakage of channel access token in Lil.OFF-PRICE STORE Line 13.6.1 allows remote attackers to send malicious notifications to victims. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47364 MEDIUM POC This Month

The leakage of channel access token in nagaoka taxi Line 13.6.1 allows remote attackers to send malicious notifications to victims. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-47363 MEDIUM POC This Month

The leakage of channel access token in F.B.P members Line 13.6.1 allows remote attackers to send malicious notifications to victims. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-20902 MEDIUM POC PATCH This Month

A timing condition in Harbor 2.6.x and below, Harbor 2.7.2 and below, Harbor 2.8.2 and below, and Harbor 1.10.17 and below allows an attacker with network access to create jobs/stop job tasks and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure Harbor
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-5550 CRITICAL PATCH Act Now

In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user who also has direct access to the web server outside of the Moodle webroot could. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-47610 CRITICAL Act Now

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists in Telit Cinterion EHS5/6/8 that could allow a remote unauthenticated attacker to execute arbitrary code on the targeted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Bgs5 Firmware Ehs5 Firmware Ehs6 Firmware +7
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-41137 CRITICAL Act Now

Symmetric encryption used to protect messages between the AppsAnywhere server and client can be broken by reverse engineering the client and used to impersonate the AppsAnywhere server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Appsanywhere Client
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-4612 CRITICAL Act Now

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.0.0-RC7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Central Authentication Service
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-45885 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in NASA Open MCT (aka openmct) through 3.1.0 allows attackers to run arbitrary code via the new component feature in the flexibleLayout plugin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Openmct
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-37790 MEDIUM POC This Month

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Clarity
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-4218 MEDIUM POC PATCH This Month

In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Public exploit code available.

XXE Eclipse Ide Org Eclipse Core Runtime Pde
NVD GitHub
CVSS 3.1
5.0
EPSS
0.4%
CVE-2023-5540 HIGH PATCH This Week

A remote code execution risk was identified in the IMSCP activity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-5539 HIGH PATCH This Week

A remote code execution risk was identified in the Lesson activity. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Moodle Extra Packages For Enterprise Linux Fedora
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-40055 HIGH This Week

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Network Configuration Manager
NVD
CVSS 3.1
8.8
EPSS
2.1%
CVE-2023-40054 HIGH This Week

The Network Configuration Manager was susceptible to a Directory Traversal Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Network Configuration Manager
NVD
CVSS 3.1
8.8
EPSS
3.0%
CVE-2023-46743 MEDIUM POC This Month

application-collabora is an integration of Collabora Online in XWiki. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Application Collabora
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-47489 HIGH This Week

CSV injection in export as csv in Combodo iTop v.3.1.0-2-11973 allows a local attacker to execute arbitrary code via a crafted script to the export-v2.php and ajax.render.php components. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE PHP Itop
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-39198 HIGH PATCH This Week

A race condition was found in the QXL driver in the Linux kernel. Rated high severity (CVSS 7.5). This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Linux Memory Corruption Denial Of Service Privilege Escalation +3
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2023-5954 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise inbound client requests triggering a policy check can lead to an unbounded consumption of memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-4379 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 15.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-45283 HIGH PATCH This Week

The filepath package does not recognize paths with a \??\ prefix as special. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Go
NVD
CVSS 3.1
7.5
EPSS
2.8%
CVE-2023-29975 HIGH This Week

An issue discovered in Pfsense CE version 2.6.0 allows attackers to change the password of any user without verification. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Pfsense
NVD
CVSS 3.1
7.2
EPSS
1.7%
CVE-2023-47613 HIGH This Week

A CWE-23: Relative Path Traversal vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Path Traversal Bgs5 Firmware Ehs5 Firmware Ehs6 Firmware Ehs8 Firmware +6
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-41138 MEDIUM This Month

The AppsAnywhere macOS client-privileged helper can be tricked into executing arbitrary commands with elevated permissions by a local user process. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Appsanywhere Client
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-34169 MEDIUM This Month

A vulnerability in sakurainternet TS Webfonts for さくらのレンタルサーバ ts-webfonts-for-sakura.1.2. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-5547 MEDIUM PATCH This Month

The course upload preview contained an XSS risk for users uploading unsafe data. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle Enterprise Linux Fedora
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5541 MEDIUM PATCH This Month

The CSV grade import method contained an XSS risk for users importing the spreadsheet, if it contained unsafe content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Moodle
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47612 MEDIUM This Month

A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Bgs5 Firmware Ehs5 Firmware Ehs6 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-47488 MEDIUM This Month

Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Itop
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-46492 MEDIUM This Month

Cross Site Scripting vulnerability in MLDB.ai v.2017.04.17.0 allows a remote attacker to execute arbitrary code via a crafted payload to the public_html/doc/index.html. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Machine Learning Database
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-37533 MEDIUM This Month

HCL Connections is vulnerable to reflected cross-site scripting (XSS) where an attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user after. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Connections
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-6039 MEDIUM PATCH This Month

A use-after-free flaw was found in lan78xx_disconnect in drivers/net/usb/lan78xx.c in the network sub-component, net/usb/lan78xx in the Linux Kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free Denial Of Service Linux Memory Corruption Linux Kernel
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-47615 MEDIUM This Month

A CWE-526: Exposure of Sensitive Information Through Environmental Variables vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bgs5 Firmware Ehs5 Firmware Ehs6 Firmware Ehs8 Firmware +6
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46614 MEDIUM This Month

A vulnerability in Mat Bao Corporation WP Helper Premium wp-helper-lite.5.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-34177 MEDIUM This Month

A vulnerability in keha WP-Cache.com wp-cachecom.com: from n/a through <= 1.1.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy