Skip to main content
CVE-2023-41442 CRITICAL POC Act Now

An issue in Kloudq Technologies Limited Tor Equip 1.0, Tor Loco Mini 1.0 through 3.1 allows a remote attacker to execute arbitrary code via a crafted request to the MQTT component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Authentication Bypass Tor Loco Min Tor Equip Gateway Tor Shield +1
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-5245 CRITICAL POC PATCH Act Now

FileUtil.extract() enumerates all zip file entries and extracts each file without validating whether file paths in the archive are outside the intended directory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Path Traversal Mleap
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-47445 CRITICAL POC Act Now

Pre-School Enrollment version 1.0 is vulnerable to SQL Injection via the username parameter in preschool/admin/ page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Pre School Enrollment System
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-47444 HIGH POC This Week

An issue discovered in OpenCart 4.0.0.0 to 4.0.2.3 allows authenticated backend users having common/security write privilege can write arbitrary untrusted data inside config.php and admin/config.php,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Opencart
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-47637 HIGH POC PATCH This Week

Pimcore is an Open Source Data & Experience Management Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Pimcore
NVD GitHub
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48089 HIGH POC This Week

xxl-job-admin 2.4.0 is vulnerable to Remote Code Execution (RCE) via /xxl-job-admin/jobcode/save. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Xxl Job
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-48199 HIGH POC This Week

HTML Injection vulnerability in the 'manageApiKeys' component in Grocy <= 4.0.3 allows attackers to inject arbitrary HTML content without script execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Grocy
NVD GitHub
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-48014 HIGH POC PATCH This Week

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a stack overflow via the hevc_parse_vps_extension function at /media_tools/av_parsers.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-48013 HIGH POC PATCH This Week

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gf_filterpacket_del function at /gpac/src/filter_core/filter.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48011 HIGH POC PATCH This Week

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a heap-use-after-free via the flush_ref_samples function at /gpac/src/isomedia/movie_fragments.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Information Disclosure Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47347 HIGH POC This Week

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP messages whose Sequence Number is mutated to overflow bytes. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-47345 HIGH POC This Week

Buffer Overflow vulnerability in free5gc 3.3.0 allows attackers to cause a denial of service via crafted PFCP message with malformed PFCP Heartbeat message whose Recovery Time Stamp IE length is. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Denial Of Service Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-4602 MEDIUM POC PATCH This Month

The Namaste!. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Namaste Lms
NVD VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-41597 MEDIUM POC This Month

EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /admin/twitter.php?active_t. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Eyoucms
NVD GitHub
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-48365 CRITICAL KEV THREAT Act Now

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Request Smuggling Microsoft Qlik Sense
NVD
CVSS 3.1
9.9
EPSS
24.7%
CVE-2023-47308 CRITICAL PATCH Act Now

In the module "Newsletter Popup PRO with Voucher/Coupon code" (newsletterpop) before version 2.6.1 from Active Design for PrestaShop, a guest can perform SQL injection in affected versions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Newsletterpop
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-43979 CRITICAL PATCH Act Now

ETS Soft ybc_blog before v4.4.0 was discovered to contain a SQL injection vulnerability via the component Ybc_blogBlogModuleFrontController::getPosts(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Ybc Blog
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39335 CRITICAL Act Now

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Endpoint Manager Mobile
NVD
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-6105 MEDIUM POC This Month

An information disclosure vulnerability exists in multiple ManageEngine products that can result in encryption keys being exposed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Zoho Manageengine Analytics Plus Manageengine Appcreator Manageengine Application Control Plus +36
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2023-48200 MEDIUM POC This Month

Cross Site Scripting vulnerability in Grocy v.4.0.3 allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within /equipment/. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Grocy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2023-48198 MEDIUM POC This Month

A Cross-Site Scripting (XSS) vulnerability in the 'product description' component within '/api/stock/products' of Grocy version <= 4.0.3 allows attackers to obtain a victim's cookies. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grocy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-48197 MEDIUM POC This Month

Cross-Site Scripting (XSS) vulnerability in the ‘manageApiKeys’ component of Grocy 4.0.3 and earlier allows attackers to obtain victim's cookies when the victim clicks on the "see QR code" function. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Grocy
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-48088 MEDIUM POC This Month

xxl-job-admin 2.4.0 is vulnerable to Cross Site Scripting (XSS) via /xxl-job-admin/joblog/logDetailPage. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xxl Job
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-48087 MEDIUM POC This Month

xxl-job-admin 2.4.0 is vulnerable to Insecure Permissions via /xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailCat. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xxl Job
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47446 MEDIUM POC This Month

Pre-School Enrollment version 1.0 is vulnerable to Cross Site Scripting (XSS) on the profile.php page via fullname parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pre School Enrollment System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47309 MEDIUM POC This Month

Nukium nkmgls before version 3.0.2 is vulnerable to Cross Site Scripting (XSS) via NkmGlsCheckoutModuleFrontController::displayAjaxSavePhoneMobile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gls
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47636 MEDIUM POC PATCH This Month

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure SQLi Admin Classic Bundle
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-48224 CRITICAL PATCH Act Now

Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Fides
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2023-47678 CRITICAL Act Now

An improper access control vulnerability exists in RT-AC87U all versions. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Rt Ac87U Firmware
NVD
CVSS 3.1
9.1
EPSS
0.7%
CVE-2023-39337 CRITICAL Act Now

A security vulnerability in EPMM Versions 11.10, 11.9 and 11.8 older allows a threat actor with knowledge of an enrolled device identifier to access and extract sensitive information, including. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Manager Mobile
NVD
CVSS 3.1
9.1
EPSS
1.9%
CVE-2023-6112 HIGH This Week

Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
30.3%
CVE-2023-5997 HIGH This Week

Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-40923 HIGH PATCH This Week

MyPrestaModules ordersexport before v5.0 was discovered to contain multiple SQL injection vulnerabilities at send.php via the key and save_setting parameters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

PHP SQLi Orders Csv Excel Export Pro
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-43582 HIGH This Week

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-22818 HIGH This Week

Multiple DLL Search Order Hijack vulnerabilities were addressed in the SanDisk Security Installer for Windows that could allow attackers with local access to execute arbitrary code by executing the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Sandisk Security Installer
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-33873 HIGH This Week

This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Batch Management Communication Drivers Edge Enterprise Licensing +9
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-47586 HIGH This Week

Multiple heap-based buffer overflow vulnerabilities exist in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE V Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47585 HIGH This Week

Out-of-bounds read vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure V Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47584 HIGH This Week

Out-of-bounds write vulnerability exists in V-Server V4.0.18.0 and earlier and V-Server Lite V4.0.18.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE V Server
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47583 HIGH This Week

Multiple out-of-bounds read vulnerabilities exist in TELLUS Simulator V4.0.17.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Tellus
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47582 HIGH This Week

Access of uninitialized pointer vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47581 HIGH This Week

Out-of-bounds read vulnerability exists in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Information Disclosure Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-47580 HIGH This Week

Multiple improper restriction of operations within the bounds of a memory buffer issues exist in TELLUS V4.0.17.0 and earlier and TELLUS Lite V4.0.17.0 and earlier. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Tellus Tellus Lite
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-43591 HIGH This Week

Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43590 HIGH This Week

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41718 HIGH This Week

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2023-38543 HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-38043 HIGH This Week

A vulnerability exists on all versions of the Ivanti Secure Access Client below 22.6R1.1, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Denial Of Service Secure Access Client
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-35080 HIGH This Week

A vulnerability has been identified in the Ivanti Secure Access Windows client, which could allow a locally authenticated attacker to exploit a vulnerable configuration, potentially leading to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Ivanti Privilege Escalation Microsoft Information Disclosure +1
NVD
CVSS 3.1
7.8
EPSS
0.7%
CVE-2023-5720 HIGH This Week

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Quarkus
NVD
CVSS 3.1
7.5
EPSS
0.8%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy