Skip to main content
CVE-2023-49805 HIGH POC PATCH This Week

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Dockge Uptime Kuma
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-6035 HIGH POC This Week

The EazyDocs WordPress plugin before 2.3.4 does not properly sanitize and escape "data" parameter before using it in an SQL statement via an AJAX action, which could allow any authenticated users,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Eazydocs
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-49355 HIGH POC PATCH This Week

decToString in decNumber/decNumber.c in jq 88f01a7 has a one-byte out-of-bounds write via the " []-1.2e-1111111111" input. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Memory Corruption Buffer Overflow Jq
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2023-6659 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Web-Based Student Clearance System 1.0.php. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6194 HIGH POC This Week

In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

XXE Memory Analyzer
NVD
CVSS 3.1
7.1
EPSS
0.3%
CVE-2023-6671 HIGH PATCH This Week

A vulnerability has been discovered on OJS, that consists in a CSRF (Cross-Site Request Forgery) attack that forces an end user to execute unwanted actions on a web application in which they're. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

CSRF Open Journal Systems
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-6186 HIGH This Week

Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6185 HIGH This Week

Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Libreoffice Fedora Debian Linux
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-49964 HIGH This Week

An issue was discovered in Hyland Alfresco Community Edition through 7.2.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Alfresco Content Services
NVD GitHub
CVSS 3.1
8.8
EPSS
34.7%
CVE-2023-5500 HIGH This Week

This vulnerability allows an remote attacker with low privileges to misuse Improper Control of Generation of Code ('Code Injection') to gain full control of the affected device. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Code Injection Frauscher Diagnostic System 102
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-49804 HIGH PATCH This Week

Uptime Kuma is an easy-to-use self-hosted monitoring tool. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Session Fixation Authentication Bypass Dockge Uptime Kuma
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-49803 HIGH PATCH This Week

@koa/cors npm provides Cross-Origin Resource Sharing (CORS) for koa, a web framework for Node.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Node.js Information Disclosure Cross Origin Resource Sharing For Koa
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy