Skip to main content
CVE-2023-6619 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Attendance System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6617 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Simple Student Attendance System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-6612 CRITICAL POC THREAT Act Now

A vulnerability was found in Totolink X5000R 9.1.0cu.2300_B20230112. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X5000r Firmware
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
30.7%
CVE-2023-49443 CRITICAL POC Act Now

DoraCMS v2.1.8 was discovered to re-use the same code for verification of valid usernames and passwords. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Doracms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49007 CRITICAL POC Act Now

In Netgear Orbi RBR750 firmware before V7.2.6.21, there is a stack-based buffer overflow in /usr/sbin/httpd. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Netgear Rbr750 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
9.0%
CVE-2023-48929 CRITICAL POC Act Now

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Session Fixation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Session Fixation System Sentinel Anyware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-5008 CRITICAL POC Act Now

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Student Information System
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-26158 HIGH POC This Week

All versions of the package mockjs are vulnerable to Prototype Pollution via the Util.extend function due to missing check if the attribute resolves to the object prototype. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Prototype Pollution Mock Js
NVD GitHub
CVSS 3.1
8.2
EPSS
0.8%
CVE-2023-43305 HIGH POC This Week

An issue in studio kent mini-app on Line v13.6.1 allows attackers to send crafted malicious notifications via leakage of the channel access token. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Line
NVD GitHub
CVSS 3.1
8.2
EPSS
0.6%
CVE-2023-6611 HIGH POC This Week

A vulnerability was found in Tongda OA 2017 up to 11.9. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Oa Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6608 HIGH POC This Week

A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Oa Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6607 HIGH POC This Week

A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Tongda Office Anywhere
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-48122 HIGH POC PATCH This Week

An issue in microweber v.2.0.1 and fixed in v.2.0.4 allows a remote attacker to obtain sensitive information via the HTTP GET method. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-6610 HIGH POC This Week

An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux
NVD
CVSS 3.1
7.1
EPSS
0.4%
CVE-2023-6606 HIGH POC This Week

An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Linux Linux Kernel Enterprise Linux +3
NVD
CVSS 3.1
7.1
EPSS
0.5%
CVE-2023-6616 MEDIUM POC This Month

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as problematic.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Simple Student Attendance System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-48928 MEDIUM POC This Month

Franklin Fueling Systems System Sentinel AnyWare (SSA) version 1.6.24.492 is vulnerable to Open Redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect System Sentinel Anyware
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-46498 CRITICAL PATCH Act Now

An issue in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information and execute arbitrary code via the /deleteCustomer/route.json file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Node.js RCE Evershop
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-48423 CRITICAL Act Now

In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Android
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-43742 CRITICAL Act Now

An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Mx Se Firmware Mx Se Ii Firmware Mx E Firmware +3
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49484 MEDIUM POC This Month

Dreamer CMS v4.1.3 was discovered to contain a cross-site scripting (XSS) vulnerability in the article management department. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dreamer Cms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-49444 MEDIUM POC This Month

An arbitrary file upload vulnerability in DoraCMS v2.1.8 allow attackers to execute arbitrary code via uploading a crafted HTML or image file to the user avatar. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload XSS Doracms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-6615 MEDIUM POC This Month

A vulnerability, which was classified as problematic, has been found in Typecho 1.2.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Typecho
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.7%
CVE-2023-6618 HIGH This Week

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP Simple Student Attendance System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-6613 MEDIUM POC This Month

A vulnerability classified as problematic has been found in Typecho 1.2.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Typecho
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.6%
CVE-2023-47565 HIGH KEV THREAT This Week

An OS command injection vulnerability has been found to affect legacy QNAP VioStor NVR models running QVR Firmware 4.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap Command Injection Qvr Firmware
NVD
CVSS 3.1
8.8
EPSS
73.3%
CVE-2023-46157 HIGH This Week

File-Manager in MGT CloudPanel 2.0.0 through 2.3.2 allows the lowest privilege user to achieve OS command injection by changing file ownership and changing file permissions to 4755. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Cloudpanel
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-43743 HIGH This Week

A SQL injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Mx Se Firmware Mx Se Ii Firmware Mx E Firmware Mx Virtual Firmware +2
NVD GitHub
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-46496 HIGH PATCH This Week

Directory Traversal vulnerability in EverShop NPM versions before v.1.0.0-rc.8 allows a remote attacker to obtain sensitive information via a crafted request to the DELETE function in api/files. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Node.js Path Traversal Evershop
NVD
CVSS 3.1
8.3
EPSS
1.2%
CVE-2023-6599 MEDIUM POC PATCH This Month

Missing Standardized Error Handling Mechanism in GitHub repository microweber/microweber prior to 2.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Microweber
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-48421 HIGH This Week

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/platform/pixel/pixel_gpu_slc.c, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48409 HIGH This Week

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Google Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48407 HIGH This Week

there is a possible DCK won't be deleted after factory reset due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-48402 HIGH This Week

In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-32460 HIGH This Week

Dell PowerEdge BIOS contains an improper privilege management security vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Authentication Bypass Poweredge R660 Firmware Poweredge R760 Firmware +124
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-6337 HIGH PATCH This Week

HashiCorp Vault and Vault Enterprise 1.12.0 and newer are vulnerable to a denial of service through memory exhaustion of the host when handling large unauthenticated and authenticated HTTP requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hashicorp Vault
NVD
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-48416 HIGH This Week

In multiple locations, there is a possible null dereference due to a missing null check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Android
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-48410 HIGH This Week

In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-48404 HIGH This Week

In ProtocolMiscCarrierConfigSimInfoIndAdapter of protocolmiscadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-48403 HIGH This Week

In sms_DecodeCodedTpMsg of sms_PduCodec.c, there is a possible out of bounds read due to a heap buffer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-48398 HIGH This Week

In ProtocolNetAcBarringInfo::ProtocolNetAcBarringInfo() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-6245 HIGH PATCH This Week

The Candid library causes a Denial of Service while parsing a specially crafted payload with 'empty' data type. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Candid
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-49788 HIGH This Week

Collabora Online is a collaborative online office suite based on LibreOffice technology. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Microsoft Richdocumentscode
NVD GitHub
CVSS 3.1
7.2
EPSS
0.5%
CVE-2023-32975 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
7.2
EPSS
0.9%
CVE-2023-32968 HIGH This Week

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Qnap Qts Quts Hero
NVD
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-43744 HIGH This Week

An OS command injection vulnerability in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an administrator to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Mx Se Firmware Mx Se Ii Firmware Mx E Firmware Mx Virtual Firmware +2
NVD GitHub
CVSS 3.1
7.2
EPSS
2.0%
CVE-2023-6614 LOW POC Monitor

A vulnerability classified as problematic was found in Typecho 1.2.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Typecho
NVD GitHub VulDB
CVSS 3.1
2.7
EPSS
0.6%
CVE-2023-48414 MEDIUM This Month

In the Pixel Camera Driver, there is a possible use after free due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-48406 MEDIUM This Month

there is a possible permanent DoS or way for the modem to boot unverified firmware due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-48405 MEDIUM This Month

there is a possible way for the secure world to write to NS memory due to a logic error in the code. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy