Skip to main content
CVE-2023-40194 HIGH POC This Week

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2023-39542 HIGH POC This Week

A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
3.3%
CVE-2023-38573 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Buffer Overflow Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2023-35985 HIGH POC This Week

An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-32616 HIGH POC This Week

A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Buffer Overflow Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-40610 HIGH POC PATCH This Week

Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Apache Authentication Bypass Superset
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-6308 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Apache File Upload Video Surveillance Management System
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6304 HIGH POC This Week

A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tr118 Firmware
NVD VulDB
CVSS 3.1
8.0
EPSS
9.5%
CVE-2023-49030 HIGH POC This Week

SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Klive
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5906 HIGH POC This Week

The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Job Manager Career
NVD WPScan
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-5239 HIGH POC This Week

The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Security Malware Scan
NVD WPScan
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-49047 HIGH POC This Week

Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Tenda Ax1803 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6312 HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-6311 HIGH POC This Week

A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical.php of the component Loan Type Page. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-6310 HIGH POC This Week

A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Loan Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-6302 HIGH POC This Week

A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Cszcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-41257 HIGH This Week

A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Foxit Reader
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-31275 HIGH This Week

An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Wps Office
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2023-4931 HIGH This Week

Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Plesk
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-6254 HIGH This Week

A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-0.X through 8.0.37. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-49068 HIGH PATCH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.2.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48268 HIGH PATCH This Week

Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-40703 HIGH PATCH This Week

Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost Denial Of Service
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-49322 HIGH This Week

Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Protection Linux Security 64 Atlant Client Security +3
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5607 HIGH This Week

An improper limitation of a path name to a restricted directory (path traversal) vulnerability in the TACC ePO extension, for on-premises ePO servers, prior to version 8.4.0 could lead to an. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Path Traversal Application And Change Control
NVD
CVSS 3.1
7.2
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy