Skip to main content
CVE-2023-6765 CRITICAL POC Act Now

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Tours Travels Management System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-6756 CRITICAL POC Act Now

A vulnerability was found in Thecosy IceCMS 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-47322 HIGH POC PATCH This Week

The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation CSRF Silverpeas
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-47326 HIGH POC PATCH This Week

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

CSRF Silverpeas
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-6773 HIGH POC This Week

A vulnerability has been found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pos And Inventory Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6761 HIGH POC This Week

A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Icecms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6753 HIGH POC PATCH This Week

Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Path Traversal Mlflow
NVD GitHub
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-47320 HIGH POC PATCH This Week

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Silverpeas
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-47323 HIGH POC PATCH This Week

The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Silverpeas
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-50262 HIGH POC PATCH This Week

Dompdf is an HTML to PDF converter for PHP. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Dompdf
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-6759 HIGH POC This Week

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-48702 HIGH POC PATCH This Week

Jellyfin is a system for managing and streaming media. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Jellyfin
NVD GitHub
CVSS 3.1
7.2
EPSS
1.2%
CVE-2023-6772 HIGH POC This Week

A vulnerability, which was classified as critical, was found in OTCMS 7.01. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Otcms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.6%
CVE-2023-6755 HIGH POC This Week

A vulnerability was found in DedeBIZ 6.2 and classified as critical.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Dedebiz
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-47624 MEDIUM POC This Month

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Audiobookshelf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.8%
CVE-2023-47619 MEDIUM POC This Month

Audiobookshelf is a self-hosted audiobook and podcast server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Audiobookshelf
NVD GitHub
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6757 MEDIUM POC This Month

A vulnerability was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-41621 MEDIUM POC This Month

A Cross Site Scripting (XSS) vulnerability was discovered in Emlog Pro v2.1.14 via the component /admin/store.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2023-47623 MEDIUM POC This Month

Scrypted is a home video integration and automation platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scrypted
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-47620 MEDIUM POC This Month

Scrypted is a home video integration and automation platform. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Scrypted
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-6775 MEDIUM POC This Month

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pos And Inventory Management System
NVD VulDB
CVSS 3.1
6.1
EPSS
0.6%
CVE-2023-6380 MEDIUM POC This Month

Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Opencms
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2023-6379 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in Alkacon Software Open CMS, affecting versions 14 and 15 of the 'Mercury' template. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Opencms
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2023-6771 CRITICAL Act Now

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0.class.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Simple Student Attendance System
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-46727 CRITICAL PATCH Act Now

GLPI is a free asset and IT management software package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
67.1%
CVE-2023-46726 CRITICAL PATCH Act Now

GLPI is a free asset and IT management software package. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Glpi
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-49363 CRITICAL Act Now

Rockoa <2.3.3 is vulnerable to SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Rockoa
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42495 CRITICAL Act Now

Dasan Networks - W-Web versions 1.22-1.27 - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection W Web
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-6723 CRITICAL Act Now

An unrestricted file upload vulnerability has been identified in Repbox, which allows an attacker to upload malicious files via the transforamationfileupload function, due to the lack of proper file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Repox
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-47577 CRITICAL Act Now

An issue discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 allows for unauthorized password changes due to no check for current password. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-47324 MEDIUM POC PATCH This Month

Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Silverpeas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-50268 MEDIUM POC PATCH This Month

jq is a command-line JSON processor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Jq
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-50246 MEDIUM POC PATCH This Month

jq is a command-line JSON processor. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Buffer Overflow Jq
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2023-47325 MEDIUM POC PATCH This Month

Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Silverpeas
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6774 MEDIUM POC This Month

A vulnerability was found in CodeAstro POS and Inventory Management System 1.0 and classified as problematic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pos And Inventory Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2023-6760 MEDIUM POC This Month

A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
5.4
EPSS
0.6%
CVE-2023-47321 MEDIUM POC PATCH This Month

Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Silverpeas
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.6%
CVE-2023-43586 HIGH This Week

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft Meeting Software Development Kit Video Software Development Kit +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-43813 HIGH PATCH This Week

GLPI is a free asset and IT management software package. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Glpi
NVD GitHub
CVSS 3.1
8.8
EPSS
30.9%
CVE-2023-50778 HIGH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins PaaSLane Estimate Plugin 1.0.4 and earlier allows attackers to connect to an attacker-specified URL using an attacker-specified token. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Paaslane Estimate
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-50768 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Nexus Platform
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-50766 HIGH PATCH This Week

A cross-site request forgery (CSRF) vulnerability in Jenkins Nexus Platform Plugin 3.18.0-03 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jenkins CSRF Nexus Platform
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-44252 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED **An improper authentication vulnerability [CWE-287] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version 5.1.1 through 5.1.2 may allow an authenticated attacker. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiwan
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-44251 HIGH This Week

** UNSUPPORTED WHEN ASSIGNED **A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability [CWE-22] in Fortinet FortiWAN version 5.2.0 through 5.2.1 and version. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Path Traversal Fortiwan
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-48791 HIGH This Week

An improper neutralization of special elements used in a command ('Command Injection') vulnerability [CWE-77] in FortiPortal version 7.2.0, version 7.0.6 and below may allow a remote authenticated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Fortiportal
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-48782 HIGH This Week

A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Command Injection Fortiwlm
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-41678 HIGH This Week

A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortios Fortipam
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-36639 HIGH This Week

A use of externally-controlled format string in Fortinet FortiProxy versions 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, FortiOS versions 7.4.0, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortiproxy Fortios Fortipam
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2023-47578 HIGH This Week

Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices are susceptible to Cross Site Request Forgery (CSRF) attacks due to the absence of CSRF protection in the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-47576 HIGH This Week

An issue was discovered in Relyum RELY-PCIe 22.2.1 and RELY-REC 23.1.0 devices, allowing authenticated command injection through the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Rely Pcie Firmware Rely Rec Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy