Skip to main content
CVE-2023-48887 CRITICAL POC PATCH Act Now

A deserialization vulnerability in Jupiter v1.3.1 allows attackers to execute arbitrary commands via sending a crafted RPC request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Jupiter
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-48886 CRITICAL POC Act Now

A deserialization vulnerability in NettyRpc v1.2 allows attackers to execute arbitrary commands via sending a crafted RPC request. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Nettyrpc
NVD GitHub
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-48801 CRITICAL POC Act Now

In TOTOLINK X6000R_Firmware V9.4.0cu.852_B20230719, the shttpd file sub_415534 function obtains fields from the front-end, connects them through the snprintf function, and passes them to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X6000r Firmware
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-48842 CRITICAL POC Act Now

D-Link Go-RT-AC750 revA_v101b03 was discovered to contain a command injection vulnerability via the service parameter at hedwig.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Command Injection Go Rt Ac750 Firmware
NVD
CVSS 3.1
9.8
EPSS
3.7%
CVE-2023-49371 CRITICAL POC Act Now

RuoYi up to v4.6 was discovered to contain a SQL injection vulnerability via /system/dept/edit. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Ruoyi
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2023-43455 CRITICAL POC Act Now

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the command parameter of the setting/setTracerouteCfg component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection X6000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-43454 CRITICAL POC Act Now

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the hostName parameter of the switchOpMode component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection X6000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-43453 CRITICAL POC Act Now

An issue in TOTOLINK X6000R V9.4.0cu.652_B20230116 and V9.4.0cu.852_B20230719 allows a remote attacker to execute arbitrary code via the IP parameter of the setDiagnosisCfg component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection X6000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-48893 HIGH POC This Week

SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Senayan Library Management System Bulian
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-48813 HIGH POC This Week

Senayan Library Management Systems (Slims) 9 Bulian v9.6.1 is vulnerable to SQL Injection via admin/modules/reporting/customs/fines_report.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Senayan Library Management System Bulian
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-5427 HIGH POC This Week

Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Denial Of Service Memory Corruption 5th Gen Gpu Architecture Kernel Driver Bifrost Gpu Kernel Driver +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-45253 HIGH POC This Week

An issue was discovered in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, allows attackers to manipulate files and escalate privileges via RollingFileAppender.DeleteFile. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Huddlycameraservices
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-45252 HIGH POC This Week

DLL Hijacking vulnerability in Huddly HuddlyCameraService before version 8.0.7, not including version 7.99, due to the installation of the service in a directory that grants write privileges to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Huddlycameraservice
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-48016 HIGH POC This Week

Restaurant Table Booking System V1.0 is vulnerable to SQL Injection in rtbs/admin/index.php via the username parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Restaurant Table Booking System
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-6462 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in SourceCodester User Registration and Login System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS User Registration And Login System
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-49276 MEDIUM POC PATCH This Month

Uptime Kuma is an open source self-hosted monitoring tool. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Google XSS Uptime Kuma
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6461 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Reflected in GitHub repository viliusle/minipaint prior to 4.14.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Minipaint
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5636 CRITICAL Act Now

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Command Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection File Upload Arslansoft Education Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-5634 CRITICAL Act Now

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ArslanSoft Education Portal allows SQL Injection.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Arslansoft Education Portal
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-6463 MEDIUM POC This Month

A vulnerability has been found in SourceCodester User Registration and Login System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS User Registration And Login System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-44382 CRITICAL PATCH Act Now

October is a Content Management System (CMS) and web platform to assist with development workflow. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP October
NVD GitHub
CVSS 3.1
9.1
EPSS
0.9%
CVE-2023-38268 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF IBM Infosphere Information Server
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-6449 MEDIUM PATCH This Month

The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

WordPress File Upload RCE Contact Form 7
NVD GitHub VulDB
CVSS 3.1
6.6
EPSS
8.7%
CVE-2023-45168 HIGH This Week

IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow IBM Vios Aix
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-5635 HIGH This Week

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ArslanSoft Education Portal allows Account Footprinting.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Arslansoft Education Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-5637 HIGH This Week

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Arslansoft Education Portal
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-40699 HIGH PATCH This Week

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service IBM Infosphere Information Server
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-4518 HIGH This Week

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Relion 670 Firmware Relion 650 Firmware Relion Sam600 Io Firmware
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-5995 HIGH This Week

An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-5226 HIGH This Week

An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-44402 HIGH PATCH This Week

Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Apple Electron
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-28895 MEDIUM This Month

The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Mib3 Firmware
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-26024 MEDIUM This Month

IBM Planning Analytics on Cloud Pak for Data 4.0 could allow an attacker on a shared network to obtain sensitive information caused by insecure network communication. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Planning Analytics On Cloud Pak For Data
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2023-4912 MEDIUM This Month

An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-49281 MEDIUM PATCH This Month

Calendarinho is an open source calendaring application to manage large teams of consultants. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Calendarinho
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-48314 MEDIUM This Month

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Microsoft Nextcloud Collabora Online
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49277 MEDIUM PATCH This Month

dpaste is an open source pastebin application written in Python using the Django framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Python XSS Authentication Bypass Dpaste
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-42019 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service IBM Infosphere Information Server
NVD
CVSS 3.1
5.9
EPSS
0.5%
CVE-2023-42006 MEDIUM This Month

IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass IBM
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-46174 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42022 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-42009 MEDIUM This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-43015 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS IBM Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6033 MEDIUM This Month

Improper neutralization of input in Jira integration configuration in GitLab CE/EE, affecting all versions from 15.10 prior to 16.6.1, 16.5 prior to 16.5.3, and 16.4 prior to 16.4.3 allows attacker. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS Atlassian
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-43021 MEDIUM PATCH This Month

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure IBM Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-5915 MEDIUM This Month

A vulnerability of Uncontrolled Resource Consumption has been identified in STARDOM provided by Yokogawa Electric Corporation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Stardom Fcj Firmware Stardom Fcn Firmware
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2023-3949 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 11.3 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-44381 MEDIUM PATCH This Month

October is a Content Management System (CMS) and web platform to assist with development workflow. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection PHP October
NVD GitHub
CVSS 3.1
4.9
EPSS
0.5%
CVE-2023-46746 MEDIUM PATCH This Month

PostHog provides open-source product analytics, session recording, feature flagging and A/B testing that you can self-host. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Posthog
NVD GitHub
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-4317 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass
NVD
CVSS 3.1
4.3
EPSS
0.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy