Skip to main content
CVE-2023-48022 CRITICAL POC THREAT Emergency

Anyscale Ray 2.6.3 and 2.8.0 expose an unauthenticated job submission API that allows remote code execution by design. The vendor considers this expected behavior for a compute framework intended for trusted network environments, but internet-exposed Ray clusters are actively exploited by cryptominers and data exfiltration campaigns.

NVD
CVSS 3.1
9.8
EPSS
92.2%
Threat
8.2
CVE-2023-46944 HIGH POC PATCH Act Now

An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Gitlens
NVD GitHub
CVSS 3.1
7.8
EPSS
1.3%
CVE-2023-48193 CRITICAL POC Act Now

Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jumpserver
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-41264 CRITICAL POC Act Now

Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Authentication Bypass Usercube
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2023-49313 CRITICAL POC Act Now

A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Authentication Bypass Xmachoviewer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-3545 CRITICAL POC PATCH Act Now

Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

File Upload RCE Microsoft Apache PHP +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.0%
CVE-2023-3533 CRITICAL POC PATCH Act Now

Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Path Traversal File Upload RCE PHP +1
NVD GitHub
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-3368 CRITICAL POC PATCH THREAT Act Now

Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP RCE Command Injection Chamilo
NVD GitHub
CVSS 3.1
9.8
EPSS
68.9%
CVE-2023-47503 CRITICAL POC Act Now

An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Jfinal Cms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-4220 MEDIUM POC PATCH THREAT This Month

Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

RCE File Upload PHP XSS Chamilo Lms
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
76.1%
CVE-2023-48023 CRITICAL POC THREAT Act Now

Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Ray
NVD
CVSS 3.1
9.1
EPSS
35.1%
CVE-2023-4226 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
2.4%
CVE-2023-4225 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4224 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4223 HIGH POC PATCH This Week

Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE File Upload PHP Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
1.8%
CVE-2023-4222 HIGH POC PATCH This Week

Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-4221 HIGH POC PATCH This Week

Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP RCE Command Injection Chamilo Lms
NVD GitHub
CVSS 3.1
8.8
EPSS
3.5%
CVE-2023-29770 HIGH POC This Week

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Sentrifugo
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-46589 HIGH POC PATCH This Week

Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tomcat Apache Information Disclosure Request Smuggling
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2023-6225 MEDIUM POC PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS WordPress Shortcodes Ultimate
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-49078 MEDIUM POC PATCH This Month

raptor-web is a CMS for game server communities that can be used to host information and keep track of players. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Raptor Web
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-45286 MEDIUM POC PATCH This Month

A race condition in go-resty can result in HTTP request body disclosure across requests. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Information Disclosure Resty
NVD GitHub
CVSS 3.1
5.9
EPSS
0.7%
CVE-2023-6201 HIGH This Week

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Panorama
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-40056 HIGH This Week

SQL Injection Remote Code Vulnerability was found in the SolarWinds Platform. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Solarwinds Platform
NVD
CVSS 3.1
8.8
EPSS
4.8%
CVE-2023-6239 HIGH This Week

Under rare conditions, the effective permissions of an object might be incorrectly calculated if the object has a specific configuration of metadata-driven permissions in M-Files Server versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass M Files Server
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-42004 HIGH This Week

IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection IBM Security Guardium
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-6226 MEDIUM POC PATCH This Month

The WP Shortcodes Plugin - Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass WordPress Shortcodes Ultimate
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-45539 HIGH This Week

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Haproxy
NVD
CVSS 3.1
8.2
EPSS
1.5%
CVE-2023-49314 HIGH This Week

Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Code Injection Apple Desktop
NVD GitHub
CVSS 3.1
7.8
EPSS
4.3%
CVE-2023-6219 HIGH PATCH This Week

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Bookingpress
NVD VulDB
CVSS 3.1
7.2
EPSS
2.1%
CVE-2023-6151 HIGH This Week

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.105. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Belediye
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-6150 HIGH This Week

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.105. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure E Belediye
NVD VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2023-30590 HIGH This Week

The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Node Js
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-48848 HIGH This Week

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Ureport
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-49062 HIGH PATCH This Week

Katran could disclose non-initialized kernel memory as part of an IP header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Katran
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-34054 HIGH PATCH This Week

In Reactor Netty HTTP Server, versions 1.1.x prior to 1.1.13 and versions 1.0.x prior to 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Reactor Netty
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-34053 HIGH PATCH This Week

In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Framework
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-4398 HIGH This Week

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Zyxel Zld
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-30585 HIGH This Week

A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Microsoft Node Js
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-49075 HIGH PATCH This Week

The Admin Classic Bundle provides a Backend UI for Pimcore. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Admin Classic Bundle
NVD GitHub
CVSS 3.1
7.2
EPSS
1.4%
CVE-2023-24023 MEDIUM This Month

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required. No vendor patch available.

Code Injection Bluetooth Core Specification Windows 10 1809 Windows 10 21h2 Windows 10 22h2 +6
NVD
CVSS 3.1
6.8
EPSS
1.3%
CVE-2023-42504 MEDIUM PATCH This Month

An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Denial Of Service Superset
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2023-34055 MEDIUM PATCH This Month

In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java Information Disclosure Spring Boot
NVD
CVSS 3.1
6.5
EPSS
1.2%
CVE-2023-48042 MEDIUM This Month

Cross Site Scripting (XSS) in Search filters in Prestashop Amazzing filter version up to version 3.2.5, allows remote attackers to inject arbitrary JavaScript code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Amazzing Filter
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6359 MEDIUM This Month

A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Alumne Lms
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-35139 MEDIUM This Month

A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Zyxel Zld
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5981 MEDIUM This Month

A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Debian Linux Gnutls Linux Fedora
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-49092 MEDIUM This Month

RustCrypto/RSA is a portable RSA implementation in pure Rust. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Rsa
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-32065 MEDIUM PATCH This Month

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Orocommerce
NVD GitHub
CVSS 3.1
5.8
EPSS
0.5%
CVE-2023-29060 MEDIUM This Month

The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Facschorus
NVD
CVSS 3.1
5.7
EPSS
0.3%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy