Skip to main content
CVE-2023-48188 CRITICAL POC Act Now

SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE SQLi Op Art Devis
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-49044 CRITICAL POC Act Now

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-6329 CRITICAL POC THREAT Act Now

An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Idsecure
NVD
CVSS 3.1
9.8
EPSS
65.2%
CVE-2023-5974 CRITICAL POC Act Now

The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF WordPress Wpb Show Core
NVD WPScan
CVSS 3.1
9.8
EPSS
3.1%
CVE-2023-5604 CRITICAL POC Act Now

The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection WordPress PHP Asgaros Forum
NVD WPScan
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-4922 CRITICAL POC THREAT Act Now

The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure WordPress Wpb Show Core
NVD WPScan
CVSS 3.1
9.8
EPSS
15.7%
CVE-2023-49042 CRITICAL POC Act Now

Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49040 CRITICAL POC Act Now

An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-42000 CRITICAL POC Act Now

Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Udp
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-41999 CRITICAL POC Act Now

An authentication bypass exists in Arcserve UDP prior to version 9.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Udp
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-41998 CRITICAL POC THREAT Act Now

Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Udp
NVD
CVSS 3.1
9.8
EPSS
15.3%
CVE-2023-49046 CRITICAL POC Act Now

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49043 CRITICAL POC THREAT Act Now

Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow RCE Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
13.2%
CVE-2023-6309 CRITICAL POC Act Now

A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Command Injection Mosesdecoder
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
4.2%
CVE-2023-6306 CRITICAL POC Act Now

A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Free And Open Source Inventory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6305 CRITICAL POC PATCH Act Now

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP SQLi Free And Open Source Inventory Management System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5559 CRITICAL POC Act Now

The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service WordPress 10web Booster
NVD WPScan
CVSS 3.1
9.1
EPSS
2.8%
CVE-2023-40194 HIGH POC This Week

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-39542 HIGH POC This Week

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2023-38573 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Buffer Overflow Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-35985 HIGH POC This Week

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-32616 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Buffer Overflow Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-40610 HIGH POC PATCH This Week

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Authentication Bypass Superset
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-6308 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache File Upload Video Surveillance Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6304 HIGH POC This Week

A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tr118 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
9.5%
CVE-2023-49030 HIGH POC This Week

SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Klive
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5906 HIGH POC This Week

The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Job Manager Career
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5239 HIGH POC This Week

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Security Malware Scan
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-49047 HIGH POC This Week

Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6312 HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-6311 HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical.php of the component Loan Type Page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-6310 HIGH POC This Week

A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-6302 HIGH POC This Week

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cszcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-5958 MEDIUM POC This Month

The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Post Smtp
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5653 MEDIUM POC This Month

The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wassup Real Time Analytics
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5641 MEDIUM POC This Month

The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Free Easy Link Building
NVD WPScan
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5560 MEDIUM POC This Month

The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Useronline
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5325 MEDIUM POC This Month

The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Woocommerce Vietnam Checkout
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-49029 MEDIUM POC This Month

Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE XSS Absis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2023-6313 MEDIUM POC This Month

A vulnerability was found in SourceCodester URL Shortener 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Url Shortener
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6301 MEDIUM POC This Month

A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Best Courier Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6300 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Best Courier Management System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-4642 MEDIUM POC This Month

The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Race Condition Information Disclosure WordPress Kk Star Ratings
NVD WPScan
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-46480 CRITICAL Act Now

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE SSRF Owncast
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-46349 CRITICAL PATCH Act Now

In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Updateproducts
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-4590 CRITICAL Act Now

Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Frhed
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-6307 CRITICAL Act Now

A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Jimureport
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-42366 MEDIUM POC This Month

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Busybox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42365 MEDIUM POC This Month

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Busybox
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-42364 MEDIUM POC This Month

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption Busybox
NVD
CVSS 3.1
5.5
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy