Skip to main content
CVE-2023-48699 CRITICAL POC PATCH Act Now

fastbots is a library for fast bot and scraper development using selenium and the Page Object Model (POM) design. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Code Injection Information Disclosure Fastbots
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-48306 CRITICAL POC Act Now

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49105 CRITICAL POC THREAT Act Now

An issue was discovered in ownCloud owncloud/core before 10.13.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Owncloud Server
NVD
CVSS 3.1
9.8
EPSS
11.1%
CVE-2023-48230 CRITICAL POC PATCH Act Now

Cap'n Proto is a data interchange format and capability-based RPC system. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE Capnproto
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2023-48228 CRITICAL POC PATCH Act Now

authentik is an open-source identity provider. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Authentik
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-5055 CRITICAL POC Act Now

Possible variant of CVE-2021-3434 in function le_ecred_reconf_req. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Stack Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49103 HIGH POC KEV THREAT This Week

An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Docker Graph Api
NVD GitHub
CVSS 3.1
7.5
EPSS
78.4%
CVE-2023-45886 HIGH POC This Week

The BGP daemon (bgpd) in IP Infusion ZebOS through 7.10.6 allow remote attackers to cause a denial of service by sending crafted BGP update messages containing a malformed attribute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Big Ip Next Big Ip Next Service Proxy For Kubernetes Big Ip Next Cloud Native Network Functions Big Ip Local Traffic Manager +2
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2023-48239 HIGH POC PATCH This Week

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
7.1
EPSS
0.9%
CVE-2023-48307 CRITICAL PATCH Act Now

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-6248 CRITICAL Act Now

The Syrus4 IoT gateway utilizes an unsecured MQTT server to download and execute arbitrary commands, allowing a remote unauthenticated attacker to execute code on any Syrus4 device connected to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Syrus 4G Iot Telematics Gateway Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-49060 CRITICAL Act Now

An attacker could have accessed internal pages or data by ex-filtrating a security key from ReaderMode via the `referrerpolicy` attribute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Information Disclosure Firefox
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-4149 CRITICAL Act Now

A vulnerability in the web-based management allows an unauthenticated remote attacker to inject arbitrary system commands and gain full system control. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection 0852 0602 Firmware 0852 0603 Firmware 0852 1605 Firmware
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-42770 CRITICAL PATCH Act Now

Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure St Ipm 6350 Firmware St Ipm 8460 Firmware Vt Mipm 135 D Firmware Vt Mipm 245 D Firmware +2
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-40151 CRITICAL PATCH Act Now

When user authentication is not enabled the shell can execute commands with the highest privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure St Ipm 6350 Firmware St Ipm 8460 Firmware Vt Mipm 135 D Firmware Vt Mipm 245 D Firmware +2
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-48301 MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-48124 MEDIUM POC This Month

Cross Site Scripting in SUP Online Shopping v.1.0 allows a remote attacker to execute arbitrary code via the Name, Email and Address parameters in the Register New Account component. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Sup Online Shopping
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46935 MEDIUM POC This Month

eyoucms v1.6.4 is vulnerable Cross Site Scripting (XSS), which can lead to stealing sensitive information of logged-in users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6142 MEDIUM POC This Month

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload XSS Dev Blog
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-47643 MEDIUM POC PATCH This Month

SuiteCRM is a Customer Relationship Management (CRM) software application. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Suitecrm
NVD GitHub
CVSS 3.1
5.3
EPSS
3.0%
CVE-2023-20272 HIGH This Week

A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Information Disclosure Identity Services Engine
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-22521 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in version 3.4.6 of Crowd Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Atlassian Crowd
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-22516 HIGH This Week

This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.0, and 9.3.0 of Bamboo Data Center and Server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Atlassian Bamboo
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-6213 HIGH This Week

Memory safety bugs present in Firefox 119. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6212 HIGH This Week

Memory safety bugs present in Firefox 119, Firefox ESR 115.4, and Thunderbird 115.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Mozilla RCE Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6208 HIGH This Week

When using X11, text selected by the page using the Selection API was erroneously copied into the primary selection, a temporary storage not unlike the clipboard. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6207 HIGH This Week

Ownership mismanagement led to a use-after-free in ReadableByteStreams This vulnerability affects Firefox < 120, Firefox ESR < 115.5.0, and Thunderbird < 115.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Memory Corruption Information Disclosure Firefox +3
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-4424 HIGH This Week

An malicious BLE device can cause buffer overflow by sending malformed advertising packet BLE device using Zephyr OS, leading to DoS or potential RCE on the victim BLE device. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Zephyr
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-6144 MEDIUM POC This Month

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Authentication Bypass Dev Blog
NVD GitHub
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-48305 MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.4
EPSS
0.2%
CVE-2023-48304 MEDIUM POC PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-20274 HIGH This Week

A vulnerability in the installer script of Cisco AppDynamics PHP Agent could allow an authenticated, local attacker to elevate privileges on an affected device. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Cisco PHP Appdynamics
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-6235 HIGH This Week

An uncontrolled search path element vulnerability has been found in the Duet Display product, affecting version 2.5.9.1. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Duet Display
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48226 LOW POC Monitor

OpenReplay is a self-hosted session replay suite. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Openreplay
NVD GitHub
CVSS 3.1
3.5
EPSS
0.8%
CVE-2023-21418 HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API irissetup.cgi was vulnerable to path traversal attacks that allows for file deletion. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2018 Axis Os 2020 Axis Os 2022
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-21417 HIGH This Week

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API manageoverlayimage.cgi was vulnerable to path traversal attacks that allows for file/folder deletion. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Axis Os Axis Os 2020 Axis Os 2022
NVD
CVSS 3.1
7.1
EPSS
0.7%
CVE-2023-5553 MEDIUM This Month

During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Axis Os Axis Os 2022
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-6238 MEDIUM This Month

A buffer overflow vulnerability was found in the NVM Express (NVMe) driver in the Linux kernel. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Linux Linux Kernel Fedora
NVD
CVSS 3.1
6.7
EPSS
0.3%
CVE-2023-48700 MEDIUM PATCH This Month

The Nautobot Device Onboarding plugin uses the netmiko and NAPALM libraries to simplify the onboarding process of a new device into Nautobot down to, in many cases, an IP Address and a Location. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Nautobot Plugin Device Onboarding
NVD GitHub
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-6211 MEDIUM This Month

If an attacker needed a user to load an insecure http: page and knew that user had enabled HTTPS-only mode, the attacker could have tricked the user into clicking to grant an HTTPS-only exception if. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-6210 MEDIUM This Month

When an https: web page created a pop-up from a "javascript:" URL, that pop-up was incorrectly allowed to load blockable content such as iframes from insecure http: URLs This vulnerability affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6209 MEDIUM This Month

Relative URLs starting with three slashes were incorrectly parsed, and a path-traversal "/../" part in the path could be used to override the specified host. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Mozilla Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.5
EPSS
1.4%
CVE-2023-6205 MEDIUM This Month

It was possible to cause the use of a MessagePort after it had already been freed, which could potentially have led to an exploitable crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Mozilla Denial Of Service Memory Corruption Firefox +3
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-6204 MEDIUM This Month

On some systems-depending on the graphics settings and drivers-it was possible to force an out-of-bounds read and leak memory data into the images created on the canvas element. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Mozilla Firefox Firefox Esr +2
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-21416 MEDIUM This Month

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi was vulnerable to a Denial-of-Service attack allowing for an attacker to block access to the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axis Os Axis Os 2022
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-48701 MEDIUM PATCH This Month

Statamic CMS is a Laravel and Git powered content management system (CMS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Statamic
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-49104 MEDIUM This Month

An issue was discovered in ownCloud owncloud/oauth2 before 0.6.1, when Allow Subdomains is enabled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Oauth2
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-49061 MEDIUM This Month

An attacker could have performed HTML template injection via Reader Mode and exfiltrated user information. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Apple Open Redirect Firefox
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-48302 MEDIUM PATCH This Month

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Nextcloud Nextcloud Server
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-20265 MEDIUM This Month

A vulnerability in the web-based management interface of a small subset of Cisco IP Phones could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Ip Dect 110 Firmware Ip Dect 210 Firmware Unified Ip Phone 6901 Firmware +1
NVD
CVSS 3.1
5.4
EPSS
0.5%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy