Skip to main content
CVE-2022-45365 HIGH POC THREAT Act Now

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Urošević Stock Ticker allows Reflected XSS.23.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 20.1%.

XSS Stock Ticker
NVD
CVSS 3.1
7.1
EPSS
20.1%
CVE-2023-47261 CRITICAL POC Act Now

Dokmee ECM 7.4.6 allows remote code execution because the response to a GettingStarted/SaveSQLConnectionAsync /#/gettingstarted request contains a connection string for privileged SQL Server database. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Enterprise Content Management
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2023-50563 CRITICAL POC Act Now

Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Semcms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-50073 CRITICAL POC Act Now

EmpireCMS v7.5 was discovered to contain a SQL injection vulnerability via the ftppassword parameter at SetEnews.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Empirecms
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-48084 CRITICAL POC THREAT Act Now

Nagios XI before version 5.11.3 was discovered to contain a SQL injection vulnerability via the bulk modification tool. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
33.7%
CVE-2023-44709 CRITICAL POC Act Now

PlutoSVG commit 336c02997277a1888e6ccbbbe674551a0582e5c4 and before was discovered to contain an integer overflow via the component plutosvg_load_from_memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Plutosvg
NVD GitHub
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-31546 CRITICAL POC THREAT Act Now

Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code via the search feature. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Dedebiz
NVD GitHub
CVSS 3.1
9.6
EPSS
49.4%
CVE-2023-50017 HIGH POC This Week

Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/database/backup. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Dreamer Cms
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-42800 HIGH POC PATCH This Week

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Moonlight Common C Moonlight Moonlight Embedded +4
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-42799 HIGH POC PATCH This Week

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow RCE Moonlight Common C Moonlight Moonlight Embedded +4
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2023-50564 HIGH POC THREAT This Week

An arbitrary file upload vulnerability in the component /inc/modules_install.php of Pluck-CMS v4.7.18 allows attackers to execute arbitrary code via uploading a crafted ZIP file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload PHP Pluck
NVD GitHub
CVSS 3.1
8.8
EPSS
29.1%
CVE-2023-6569 HIGH POC PATCH This Week

External Control of File Name or Path in h2oai/h2o-3. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure H2O
NVD
CVSS 3.1
8.2
EPSS
0.7%
CVE-2023-6572 HIGH POC PATCH This Week

Command Injection in GitHub repository gradio-app/gradio prior to main. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Command Injection Gradio
NVD GitHub
CVSS 3.1
8.1
EPSS
1.7%
CVE-2023-6563 HIGH POC PATCH This Week

An unconstrained memory consumption vulnerability was discovered in Keycloak. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Keycloak Single Sign On Openshift Container Platform Openshift Container Platform For Power +1
NVD GitHub
CVSS 3.1
7.7
EPSS
1.2%
CVE-2023-42801 HIGH POC PATCH This Week

Moonlight-common-c contains the core GameStream client code shared between Moonlight clients. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Apple Google Moonlight Common C Moonlight +6
NVD GitHub
CVSS 3.1
7.6
EPSS
0.8%
CVE-2023-50472 HIGH POC This Week

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_SetValuestring at cJSON.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Cjson
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-50471 HIGH POC This Week

cJSON v1.7.16 was discovered to contain a segmentation violation via the function cJSON_InsertItemInArray at cJSON.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Cjson
NVD GitHub
CVSS 3.1
7.5
EPSS
1.5%
CVE-2023-50011 HIGH POC This Week

PopojiCMS version 2.0.1 is vulnerable to remote command execution in the Meta Social field. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Popojicms
NVD
CVSS 3.1
7.2
EPSS
2.0%
CVE-2023-6570 MEDIUM POC This Month

Server-Side Request Forgery (SSRF) in kubeflow/kubeflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Kubeflow
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-6571 MEDIUM POC This Month

Cross-site Scripting (XSS) - Reflected in kubeflow/kubeflow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Kubeflow
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-41618 MEDIUM POC This Month

Emlog Pro v2.1.14 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /admin/article.php?active_savedraft. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Emlog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-45894 CRITICAL Act Now

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Remote Application Server
NVD GitHub
CVSS 3.1
10.0
EPSS
1.2%
CVE-2023-49786 MEDIUM POC PATCH This Month

Asterisk is an open source private branch exchange and telephony toolkit. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Amd Denial Of Service Microsoft Asterisk Certified Asterisk
NVD GitHub
CVSS 3.1
5.9
EPSS
5.3%
CVE-2023-4489 CRITICAL Act Now

The first S0 encryption key is generated with an uninitialized PRNG in Z/IP Gateway products running Silicon Labs Z/IP Gateway SDK v7.18.3 and earlier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Z Ip Gateway Sdk
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-46141 CRITICAL Act Now

Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Automationworx Software Suite Axc 1050 Firmware Axc 1050 Xc Firmware Axc 3050 Firmware +14
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-0757 CRITICAL Act Now

Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Multiprog Proconos Eclr
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-49708 CRITICAL Act Now

SQLi vulnerability in Starshop component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Starshop
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-49707 CRITICAL Act Now

SQLi vulnerability in S5 Register module for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi S5 Register
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-48925 CRITICAL PATCH Act Now

SQL injection vulnerability in Buy Addons bavideotab before version 1.0.6, allows attackers to escalate privileges and obtain sensitive information via the component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Bavideotab
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-46348 CRITICAL PATCH Act Now

SQL njection vulnerability in SunnyToo sturls before version 1.1.13, allows attackers to escalate privileges and obtain sensitive information via StUrls::hookActionDispatcher and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This SQL Injection vulnerability could allow attackers to execute arbitrary SQL commands against the database.

SQLi Sturls
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40630 CRITICAL Act Now

Unauthenticated LFI/SSRF in JCDashboards component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Jcdashboard
NVD
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-40629 CRITICAL Act Now

SQLi vulnerability in LMS Lite component for Joomla. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Lms King Lite
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-48085 CRITICAL Act Now

Nagios XI before version 5.11.3 was discovered to contain a remote code execution (RCE) vulnerability via the component command_test.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection PHP Nagios Xi
NVD
CVSS 3.1
9.8
EPSS
75.8%
CVE-2023-49937 CRITICAL Act Now

An issue was discovered in SchedMD Slurm 22.05.x, 23.02.x, and 23.11.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Denial Of Service Slurm
NVD
CVSS 3.1
9.8
EPSS
1.4%
CVE-2023-49934 CRITICAL Act Now

An issue was discovered in SchedMD Slurm 23.11.x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Slurm
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-40921 CRITICAL PATCH Act Now

SQL Injection vulnerability in functions/point_list.php in Common Services soliberte before v4.3.03 allows attackers to obtain sensitive information via the lat and lng parameters. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP SQLi Soliberte
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-6134 MEDIUM POC PATCH This Month

A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Single Sign On Keycloak Openshift Container Platform Openshift Container Platform For Power +1
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2023-50137 MEDIUM POC This Month

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) in the site management office. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microsoft Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50102 MEDIUM POC This Month

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50101 MEDIUM POC This Month

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via Label management editing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50100 MEDIUM POC This Month

JFinalcms 5.0.0 is vulnerable to Cross Site Scripting (XSS) via carousel image editing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jfinalcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50566 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability in EyouCMS-V1.6.5-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Public Security. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Eyoucms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-50565 MEDIUM POC This Month

A cross-site scripting (XSS) vulnerability in the component /logs/dopost.html in RPCMS v3.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Rpcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-6707 HIGH This Week

Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-6706 HIGH This Week

Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-6705 HIGH This Week

Use after free in WebRTC in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6704 HIGH This Week

Use after free in libavif in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted image file. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-6703 HIGH This Week

Use after free in Blink in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Denial Of Service Memory Corruption Google Chrome
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-6702 HIGH This Week

Type confusion in V8 in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Google Chrome Fedora +1
NVD
CVSS 3.1
8.8
EPSS
43.5%
CVE-2023-46142 HIGH This Week

A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Axc F 1152 Firmware Axc F 2152 Firmware Axc F 3152 Firmware Bpc 9102S Firmware +5
NVD
CVSS 3.1
8.8
EPSS
0.7%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy