Skip to main content
CVE-2023-50245 CRITICAL POC PATCH Act Now

OpenEXR-viewer is a viewer for OpenEXR files with detailed metadata probing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Openexr Viewer
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-49418 CRITICAL POC Act Now

TOTOLink A7000R V9.1.0u.6115_B20201022has a stack overflow vulnerability via setIpPortFilterRules. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49417 CRITICAL POC Act Now

TOTOLink A7000R V9.1.0u.6115_B20201022 has a stack overflow vulnerability via setOpModeCfg. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow A7000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49805 HIGH POC PATCH This Week

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Dockge Uptime Kuma
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-6035 HIGH POC This Week

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Eazydocs
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-49355 HIGH POC PATCH This Week

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Jq
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-6659 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6194 HIGH POC This Week

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Memory Analyzer
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-5907 MEDIUM POC This Month

The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory, allowing an administrator to set a root outside of the WordPress root directory, giving access to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure WordPress File Manager
NVD WPScan
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-49494 MEDIUM POC This Month

DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component select_media_post_wangEditor.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Dedecms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2023-49490 MEDIUM POC This Month

XunRuiCMS v4.5.5 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Xunruicms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-49488 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in Openfiler ESA v2.99.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the nic parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Openfiler
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-5750 MEDIUM POC This Month

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape a parameter before outputting it back in the page containing a specific content, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Embedpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-5749 MEDIUM POC This Month

The EmbedPress WordPress plugin before 3.9.2 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Embedpress
NVD WPScan
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6181 CRITICAL Act Now

An oversight in BCB handling of reboot reason that allows for persistent code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Chromecast Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-48425 CRITICAL Act Now

U-Boot vulnerability resulting in persistent Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Chromecast Firmware
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-48424 CRITICAL Act Now

U-Boot shell vulnerability resulting in Privilege escalation in a production device. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Chromecast Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-48417 CRITICAL Act Now

Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Chromecast Firmware
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2023-50465 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability exists in Monica (aka MonicaHQ) 4.0.0 via an SVG document uploaded by an authenticated user. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Monica
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-45292 MEDIUM POC PATCH This Month

When using the default implementation of Verify to check a Captcha, verification can be bypassed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Base64Captcha
NVD GitHub
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-5955 MEDIUM POC This Month

The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Contact Form Email
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-5940 MEDIUM POC This Month

The WP Not Login Hide (WPNLH) WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Not Login Hide
NVD WPScan
CVSS 3.1
4.8
EPSS
0.4%
CVE-2023-5757 MEDIUM POC This Month

The WP Crowdfunding WordPress plugin before 2.1.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Crowdfunding
NVD WPScan
CVSS 3.1
4.8
EPSS
0.5%
CVE-2023-6671 HIGH PATCH This Week

A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Open Journal Systems
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-6186 HIGH This Week

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6185 HIGH This Week

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-49964 HIGH This Week

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Alfresco Content Services
NVD GitHub
CVSS 3.1
8.8
EPSS
34.7%
CVE-2023-5500 HIGH This Week

This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Frauscher Diagnostic System 102
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-49804 HIGH PATCH This Week

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Session Fixation Authentication Bypass Dockge Uptime Kuma
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49803 HIGH PATCH This Week

@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Cross Origin Resource Sharing For Koa
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-6538 MEDIUM POC This Month

SMU versions prior to 14.8.7825.01 are susceptible to unintended information disclosure, through URL manipulation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass System Management Unit Firmware
NVD Exploit-DB
CVSS 3.1
6.5
EPSS
1.6%
CVE-2023-49802 MEDIUM PATCH This Month

The LinkedCustomFields plugin for MantisBT allows users to link values between two custom fields, creating linked drop-downs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Linked Custom Fields
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2023-6679 MEDIUM PATCH This Month

A null pointer dereference vulnerability was found in dpll_pin_parent_pin_set() in drivers/dpll/dpll_netlink.c in the Digital Phase Locked Loop (DPLL) subsystem in the Linux kernel. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Fedora +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-48715 MEDIUM PATCH This Month

Tuleap is an open source suite to improve management of software developments and collaboration. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2023-49796 MEDIUM PATCH This Month

MindsDB connects artificial intelligence models to real time data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Mindsdb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-49795 MEDIUM PATCH This Month

MindsDB connects artificial intelligence models to real time data. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Information Disclosure Mindsdb
NVD GitHub
CVSS 3.1
5.3
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy