Skip to main content
CVE-2023-49084 HIGH POC THREAT Act Now

Cacti is a robust performance and fault management framework and a frontend to RRDTool - a Time Series Database (TSDB). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE LFI PHP SQLi Cacti
NVD GitHub
CVSS 3.1
8.8
EPSS
63.8%
CVE-2023-7024 HIGH POC KEV THREAT This Week

Heap buffer overflow in WebRTC in Google Chrome prior to 120.0.6099.129 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Debian Linux +1
NVD
CVSS 3.1
8.8
EPSS
7.4%
CVE-2023-44482 HIGH POC This Week

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Leave Management System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-44481 HIGH POC This Week

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Leave Management System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-7037 HIGH POC This Week

A vulnerability was found in automad up to 1.10.9. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SSRF PHP Automad
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45121 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45120 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-45119 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45118 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45116 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-45115 HIGH POC This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-51442 HIGH POC PATCH This Week

Navidrome is an open source web-based music collection server and streamer. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Navidrome
NVD GitHub
CVSS 3.1
8.6
EPSS
0.7%
CVE-2023-46647 HIGH This Week

Improper privilege management in all versions of GitHub Enterprise Server allows users with authorized access to the management console with an editor role to escalate their privileges by making. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-45117 HIGH This Week

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi Online Examination System
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-5594 HIGH This Week

Improper validation of the server’s certificate chain in secure traffic scanning feature considered intermediate certificate signed using the MD5 or SHA1 algorithm as trusted. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Endpoint Antivirus Endpoint Security File Security Internet Security +5
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2023-49826 HIGH This Week

Deserialization of Untrusted Data vulnerability in PenciDesign Soledad - Multipurpose, Newspaper, Blog & WooCommerce WordPress Theme.4.1. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Deserialization WordPress Soledad
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-2585 HIGH PATCH This Week

Keycloak's device authorization grant does not correctly validate the device code and client ID. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Single Sign On Openshift Container Platform Openshift Container Platform For Ibm Z Openshift Container Platform For Linuxone +1
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-7025 HIGH This Week

A vulnerability was found in KylinSoft hedron-domain-hook up to 3.8.0.12-0k0.5. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Hedron Domain Hook
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-48288 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HM Plugin WordPress Job Board and Recruitment Plugin - JobWP.1. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Information Disclosure Jobwp
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-48298 HIGH PATCH This Week

ClickHouse® is an open-source column-oriented database management system that allows generating analytical data reports in real-time. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Clickhouse Clickhouse Cloud
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-6847 HIGH This Week

An improper authentication vulnerability was identified in GitHub Enterprise Server that allowed a bypass of Private Mode by using a specially crafted API request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Enterprise Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2023-46648 HIGH This Week

An insufficient entropy vulnerability was identified in GitHub Enterprise Server (GHES) that allowed an attacker to brute force a user invitation to the GHES Management Console. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-41097 HIGH This Week

An Observable Timing Discrepancy, Covert Timing Channel vulnerability in Silabs GSDK on ARM potentially allows Padding Oracle Crypto Attack on CBC PKCS7.4.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Information Disclosure Gecko Software Development Kit
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-50481 HIGH This Week

An issue was discovered in blinksocks version 3.3.8, allows remote attackers to obtain sensitive information via weak encryption algorithms in the component /presets/ssr-auth-chain.js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Blinksocks
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-51390 HIGH PATCH This Week

journalpump is a daemon that takes log messages from journald and pumps them to a given output. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Journalpump
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-46131 HIGH PATCH This Week

Grails is a framework used to build web applications with the Groovy programming language. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Grails
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-45703 HIGH This Week

HCL Launch may mishandle input validation of an uploaded archive file leading to a denial of service due to resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Hcl Launch
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-46649 HIGH This Week

A race condition in GitHub Enterprise Server was identified that could allow an attacker administrator access. Rated high severity (CVSS 7.0). No vendor patch available.

Information Disclosure Enterprise Server
NVD GitHub
CVSS 3.1
7.0
EPSS
0.2%
CVE-2023-6546 HIGH PATCH This Week

A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. Rated high severity (CVSS 7.0).

Privilege Escalation Linux Linux Kernel Fedora Enterprise Linux
NVD GitHub
CVSS 3.1
7.0
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy