Skip to main content
CVE-2022-45362 HIGH POC THREAT Act Now

Server-Side Request Forgery (SSRF) vulnerability in Paytm Paytm Payment Gateway.7.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 32.9%.

SSRF Payment Gateway
NVD
CVSS 3.1
7.2
EPSS
32.9%
CVE-2023-4122 HIGH POC This Week

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Student Information System
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2023-6580 HIGH POC This Week

A vulnerability, which was classified as critical, was found in D-Link DIR-846 FW100A53DBR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Deserialization Dir 846 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-6575 HIGH POC This Week

A vulnerability was found in Byzoro S210 up to 20231121. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Smart S210 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
2.8%
CVE-2023-6574 HIGH POC This Week

A vulnerability was found in Byzoro Smart S20 up to 20231120 and classified as critical. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload PHP Smart S20 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.6%
CVE-2023-49468 HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-49467 HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49465 HIGH POC This Week

Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Libde265
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49464 HIGH POC This Week

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libheif
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49463 HIGH POC This Week

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libheif
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49462 HIGH POC This Week

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libheif
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-49460 HIGH POC This Week

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Libheif
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48841 HIGH POC This Week

Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Appointment Scheduler
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48835 HIGH POC This Week

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Car Rental Script
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48830 HIGH POC This Week

Shuttle Booking Software 2.0 is vulnerable to CSV Injection in the Languages section via an export. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Shuttle Booking Software
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48826 HIGH POC This Week

Time Slots Booking Calendar 4.0 is vulnerable to CSV Injection via the unique ID field of the Reservations List. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Time Slots Booking Calendar
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-48207 HIGH POC This Week

Availability Booking Calendar 5.0 allows CSV injection via the unique ID field in the Reservations list component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Availability Booking Calendar
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-43304 HIGH POC This Week

An issue in PARK DANDAN mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-43302 HIGH POC This Week

An issue in sanTas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-43301 HIGH POC This Week

An issue in DARTS SHOP MAXIM mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-48861 HIGH POC This Week

DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Ttplayer
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49967 HIGH POC This Week

Typecho v1.2.1 was discovered to be vulnerable to an XML Quadratic Blowup attack via the component /index.php/action/xmlrpc. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Typecho
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-39167 HIGH POC This Week

In SENEC Storage Box V1,V2 and V3 an unauthenticated remote attacker can obtain the devices' logfiles that contain sensitive data. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Authentication Bypass Senec Storage Box Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-49958 HIGH POC This Week

An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Charge Point Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-49957 HIGH POC This Week

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Charge Point Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-49956 HIGH POC This Week

An issue was discovered in Dalmann OCPP.Core before 1.3.0 for OCPP (Open Charge Point Protocol) for electric vehicles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Open Charge Point Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-49955 HIGH POC This Week

An issue was discovered in Dalmann OCPP.Core before 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Open Charge Point Protocol
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-48840 HIGH POC This Week

A lack of rate limiting in pjActionAjaxSend in Appointment Scheduler 3.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Appointment Scheduler
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48834 HIGH POC This Week

A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Car Rental Script
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48833 HIGH POC This Week

A lack of rate limiting in pjActionAJaxSend in Time Slots Booking Calendar 4.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Time Slots Booking Calendar
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-48831 HIGH POC This Week

A lack of rate limiting in pjActionAJaxSend in Availability Booking Calendar 5.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Availability Booking Calendar
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-39171 HIGH POC This Week

SENEC Storage Box V1,V2 and V3 accidentially expose a management UI accessible with publicly known admin credentials. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Senec Storage Box Firmware
NVD
CVSS 3.1
7.2
EPSS
1.1%
CVE-2023-33412 HIGH This Week

The web interface in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions before. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure M11Sdv 4C Ln4F Firmware M11Sdv 4Ct Ln4F Firmware M11Sdv 8C Ln4F Firmware M11Sdv 8Ct Ln4F Firmware +352
NVD VulDB
CVSS 3.1
8.8
EPSS
1.2%
CVE-2023-33413 HIGH This Week

The configuration functionality in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass M11Sdv 4C Ln4F Firmware M11Sdv 4Ct Ln4F Firmware M11Sdv 8C Ln4F Firmware M11Sdv 8Ct Ln4F Firmware +352
NVD VulDB
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-6576 HIGH This Week

A vulnerability was found in Byzoro S210 up to 20231123. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Smart S210 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-39909 HIGH This Week

Ericsson Network Manager before 23.2 mishandles Access Control and thus unauthenticated low-privilege users can access the NCM application. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ericsson Network Manager
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-43303 HIGH This Week

An issue in craftbeer bar canvas mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token (via captured network traffic). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Line
NVD VulDB
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-43300 HIGH This Week

An issue in urban_project mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.5%
CVE-2023-5058 HIGH This Week

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Securecore Technology
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-33411 HIGH This Week

A web server in the Intelligent Platform Management Interface (IPMI) baseboard management controller (BMC) implementation on Supermicro X11 and M11 based devices, with firmware versions up to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

X11Ssl Cf Firmware X11Dac Firmware X11Dai N Firmware X11Ddw L Firmware X11Ddw Nt Firmware +352
NVD VulDB
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-4486 HIGH This Week

Under certain circumstances, invalid authentication credentials could be sent to the login endpoint of Johnson Controls Metasys NAE55, SNE, and SNC engines prior to versions 11.0.6 and 12.0.4 and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Nae55 Firmware Sne22000 Firmware Sne11000 Firmware Sne10500 Firmware +6
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46307 HIGH This Week

An issue was discovered in server.js in etcd-browser 87ae63d75260. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Etcd Browser
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-41106 HIGH This Week

An issue was discovered in Zimbra Collaboration (ZCS) before 10.0.3. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Collaboration
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-5761 HIGH PATCH This Week

The Burst Statistics - Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'url' parameter in versions 1.4.0 to 1.4.6.1 (free) and versions 1.4.0 to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress SQLi Burst Statistics
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41804 HIGH This Week

Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates - Elementor, WordPress & Beaver Builder Templates.2.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

SSRF WordPress Starter Templates
NVD
CVSS 3.1
7.1
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy