Skip to main content
CVE-2023-47800 CRITICAL POC Act Now

Natus NeuroWorks and SleepWorks before 8.4 GMA3 utilize a default password of xltek for the Microsoft SQL Server service sa account, allowing a threat actor to perform remote code execution, data. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Authentication Bypass Neuroworks Eeg Sleepworks
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-47246 CRITICAL POC KEV THREAT Act Now

In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot, as exploited in the wild in November 2023. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat RCE Path Traversal Sysaid
NVD
CVSS 3.1
9.8
EPSS
98.9%
CVE-2023-39796 CRITICAL POC Act Now

SQL injection vulnerability in the miniform module in WBCE CMS v.1.6.0 allows remote unauthenticated attacker to execute arbitrary code via the DB_RECORD_TABLE parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SQLi Wbce Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
6.1%
CVE-2023-47128 CRITICAL POC PATCH Act Now

Piccolo is an object-relational mapping and query builder which supports asyncio. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Piccolo
NVD GitHub
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-6069 HIGH POC PATCH This Week

Improper Link Resolution Before File Access in GitHub repository froxlor/froxlor prior to 2.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Froxlor
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6073 MEDIUM POC This Month

Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Id 3 Firmware
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-4804 CRITICAL Act Now

An unauthorized user could access debug features in Quantum HD Unity products that were accidentally exposed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Quantum Hd Unity Compressor Firmware Quantum Hd Unity Acuair Firmware Quantum Hd Unity Condenser Vessel Firmware Quantum Hd Unity Evaporator Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-47129 CRITICAL PATCH Act Now

Statmic is a core Laravel content management system Composer package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

File Upload PHP Statamic
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-47121 CRITICAL PATCH Act Now

Discourse is an open source platform for community discussion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Discourse
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-6074 CRITICAL Act Now

A vulnerability was found in PHPGurukul Restaurant Table Booking System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-41285 HIGH This Week

A SQL injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-41284 HIGH This Week

A SQL injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Qumagie
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-39295 HIGH This Week

An OS command injection vulnerability has been reported to affect QuMagie. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Qumagie
NVD
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-47611 HIGH This Week

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Bgs5 Firmware Ehs5 Firmware Ehs6 Firmware Ehs8 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-47108 HIGH PATCH This Week

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Opentelemetry
NVD GitHub
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-6076 HIGH This Week

A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure PHP Restaurant Table Booking System
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-47120 HIGH PATCH This Week

Discourse is an open source platform for community discussion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Redis Denial Of Service Discourse
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-36014 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Google Microsoft Edge Chromium
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2023-23367 HIGH This Week

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qts Quts Hero Qutscloud
NVD
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-36024 HIGH PATCH This Week

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Google Microsoft Edge Chromium
NVD
CVSS 3.1
7.1
EPSS
1.1%
CVE-2023-4949 MEDIUM PATCH This Month

An attacker with local access to a system (either through a disk or external drive) can present a modified XFS partition to grub-legacy in such a way to exploit a memory corruption in grub’s XFS file. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Grub Xen
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2023-46733 MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

PHP Information Disclosure Session Fixation Symfony
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-36027 MEDIUM PATCH This Month

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Google Microsoft Edge Chromium
NVD
CVSS 3.1
6.3
EPSS
1.1%
CVE-2023-46735 MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Symfony
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-46734 MEDIUM PATCH This Month

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Symfony Twig
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-6075 MEDIUM This Month

A vulnerability classified as problematic has been found in PHPGurukul Restaurant Table Booking System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Restaurant Table Booking System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-47119 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Discourse
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-47164 MEDIUM This Month

Cross-site scripting vulnerability in HOTELDRUID 3.0.5 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Hoteldruid
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-46729 MEDIUM PATCH This Month

sentry-javascript provides Sentry SDKs for JavaScript. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Sentry Software Development Kit
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-45167 MEDIUM This Month

IBM AIX's 7.3 Python implementation could allow a non-privileged local user to exploit a vulnerability to cause a denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Python Denial Of Service IBM Vios Aix
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-30478 MEDIUM This Month

A vulnerability in Tribulant Software Newsletters newsletters-lite.8.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-46130 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Allocation of Resources Without Limits vulnerability could allow attackers to exhaust system resources through uncontrolled allocation.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-45806 MEDIUM PATCH This Month

Discourse is an open source platform for community discussion. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Discourse
NVD GitHub
CVSS 3.1
5.4
EPSS
1.0%
CVE-2023-29428 MEDIUM This Month

A vulnerability in Suplugins Superb Social Media Share Buttons and Follow Buttons superb-social-share-and-follow-buttons.1.3. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2023-47122 MEDIUM PATCH This Month

Gitsign is software for keyless Git signing using Sigstore. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Jwt Attack Gitsign
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-31078 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in MacSteini WP BrowserUpdate wp-browser-update allows Cross Site Request Forgery.4.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-31077 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp Export WP Page to Static HTML/CSS plugin <= 2.1.9 versions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Export Wp Page To Static Html Css
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-29440 MEDIUM This Month

A vulnerability in PressTigers Simple Job Board simple-job-board.10.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-29426 MEDIUM This Month

A vulnerability in Spreadshop Team Spreadshop Plugin spreadshop.6.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-47614 LOW Monitor

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Bgs5 Firmware Ehs5 Firmware Ehs6 Firmware Ehs8 Firmware +6
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-45816 LOW PATCH Monitor

Discourse is an open source platform for community discussion. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Discourse
NVD GitHub
CVSS 3.1
3.3
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy