Skip to main content
CVE-2023-48861 HIGH POC This Week

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Ttplayer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49967 HIGH POC This Week

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Typecho
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39167 HIGH POC This Week

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Senec Storage Box Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-49958 HIGH POC This Week

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Charge Point Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-49957 HIGH POC This Week

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Charge Point Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-49956 HIGH POC This Week

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Charge Point Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-49955 HIGH POC This Week

An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Charge Point Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-48840 HIGH POC This Week

A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Appointment Scheduler
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48834 HIGH POC This Week

A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Car Rental Script
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48833 HIGH POC This Week

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Time Slots Booking Calendar
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48831 HIGH POC This Week

A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Availability Booking Calendar
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-39171 HIGH POC This Week

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Senec Storage Box Firmware
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-46218 MEDIUM POC PATCH This Month

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Curl Fedora
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-6566 MEDIUM POC PATCH This Month

Business Logic Errors in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2023-49493 MEDIUM POC This Month

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the v parameter at selectimages.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49492 MEDIUM POC This Month

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Dedecms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-48206 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Courier Management System
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6568 MEDIUM POC PATCH This Month

A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python XSS Mlflow
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-35039 CRITICAL Act Now

Improper Restriction of Excessive Authentication Attempts vulnerability in Be Devious Web Development Password Reset with Code for WordPress REST API allows Authentication Abuse.0.15. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Password Reset With Code For Wordpress Rest Api
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40301 CRITICAL Act Now

NETSCOUT nGeniusPULSE 3.8 has a Command Injection Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection Ngeniuspulse
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-40300 CRITICAL Act Now

NETSCOUT nGeniusPULSE 3.8 has a Hardcoded Cryptographic Key. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ngeniuspulse
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-39169 CRITICAL Act Now

The affected devices use publicly available default credentials with administrative privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Senec Storage Box Firmware
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-50164 CRITICAL PATCH Act Now

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal RCE Information Disclosure File Upload Struts
NVD
CVSS 3.1
9.8
EPSS
80.8%
CVE-2023-41913 CRITICAL Act Now

strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Strongswan
NVD GitHub
CVSS 3.1
9.8
EPSS
2.3%
CVE-2023-35618 CRITICAL PATCH Act Now

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Google Use After Free Microsoft Memory Corruption Information Disclosure +1
NVD
CVSS 3.1
9.6
EPSS
2.9%
CVE-2023-48958 MEDIUM POC This Month

gpac 2.3-DEV-rev617-g671976fcc-master contains memory leaks in gf_mpd_resolve_url media_tools/mpd.c:4589. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-40238 MEDIUM POC This Month

A LogoFAIL issue was discovered in BmpDecoderDxe in Insyde InsydeH2O with kernel 5.2 before 05.28.47, 5.3 before 05.37.47, 5.4 before 05.45.47, 5.5 before 05.53.47, and 5.6 before 05.60.47 for. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Lenovo Information Disclosure Esprimo D556 2 Firmware Esprimo D6011 Firmware Esprimo D6012 Firmware +182
NVD
CVSS 3.1
5.5
EPSS
1.9%
CVE-2023-46974 MEDIUM POC This Month

Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Courier Management System
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-48838 MEDIUM POC This Month

Appointment Scheduler 3.0 is vulnerable to Multiple HTML Injection issues via the SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Appointment Scheduler
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48837 MEDIUM POC This Month

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Car Rental Script
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48836 MEDIUM POC This Month

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Car Rental Script
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48828 MEDIUM POC This Month

Time Slots Booking Calendar 4.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time Slots Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48827 MEDIUM POC This Month

Time Slots Booking Calendar 4.0 is vulnerable to Multiple HTML Injection issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Time Slots Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48825 MEDIUM POC This Month

Availability Booking Calendar 5.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Availability Booking Calendar
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48824 MEDIUM POC This Month

BoidCMS 2.0.1 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the title, subtitle, footer, or keywords parameter in a page=create action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Boidcms
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-48172 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability in Shuttle Booking Software 2.0 allows a remote attacker to inject JavaScript via the name, description, title, or address parameter to index.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Shuttle Booking Software
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-46857 MEDIUM POC This Month

Squidex before 7.9.0 allows XSS via an SVG document to the Upload Assets feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Squidex
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-46871 MEDIUM POC This Month

GPAC version 2.3-DEV-rev602-ged8424300-master in MP4Box contains a memory leak in NewSFDouble scenegraph/vrml_tools.c:300. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-48205 MEDIUM POC This Month

Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Leave Management System
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-43299 MEDIUM POC This Month

An issue in DA BUTCHERS mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-43298 MEDIUM POC This Month

An issue in SCOL Members Card mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-40302 CRITICAL Act Now

NETSCOUT nGeniusPULSE 3.8 has Weak File Permissions Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ngeniuspulse
NVD
CVSS 3.1
9.1
EPSS
0.8%
CVE-2023-39172 CRITICAL Act Now

The affected devices transmit sensitive information unencrypted allowing a remote unauthenticated attacker to capture and modify network traffic. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Senec Storage Box Firmware
NVD
CVSS 3.1
9.1
EPSS
0.6%
CVE-2023-33412 HIGH This Week

The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure M11Sdv 4C Ln4F Firmware M11Sdv 4Ct Ln4F Firmware M11Sdv 8C Ln4F Firmware M11Sdv 8Ct Ln4F Firmware +352
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-33413 HIGH This Week

The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass M11Sdv 4C Ln4F Firmware M11Sdv 4Ct Ln4F Firmware M11Sdv 8C Ln4F Firmware M11Sdv 8Ct Ln4F Firmware +352
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6576 HIGH This Week

A vulnerability was found in Byzoro S210 up to 20231123. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Smart S210 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-39909 HIGH This Week

Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ericsson Network Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-43303 HIGH This Week

An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token (via captured network traffic). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Line
NVD VulDB
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-6577 MEDIUM POC This Month

A vulnerability was found in Byzoro PatrolFlow 2530Pro up to 20231126. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Patrolflow Am 2530Pro Firmware
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
1.2%
CVE-2023-46916 MEDIUM POC This Month

Maxima Max Pro Power 1.0 486A devices allow BLE traffic replay. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Maxima Max Pro Power Firmware
NVD
CVSS 3.1
4.3
EPSS
0.5%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy