Skip to main content
CVE-2023-50071 HIGH POC THREAT This Week

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Customer Support System
NVD GitHub
CVSS 3.1
8.8
EPSS
13.8%
CVE-2023-50070 HIGH POC This Week

Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_ticket via department_id, customer_id, and subject. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Customer Support System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-52137 HIGH POC PATCH This Week

The [`tj-actions/verify-changed-files`](https://github.com/tj-actions/verify-changed-files) action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

RCE Command Injection Verify Changed Files
NVD GitHub
CVSS 3.1
8.8
EPSS
2.6%
CVE-2023-7155 HIGH POC This Week

A vulnerability, which was classified as critical, was found in SourceCodester Free and Open Source Inventory Management System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Free And Open Source Inventory Management System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-7148 HIGH POC This Week

A vulnerability has been found in ShifuML shifu 0.12.0 and classified as critical. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Java RCE Code Injection Shifu
NVD VulDB
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-50571 HIGH POC This Week

easy-rules-mvel v4.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component MVELRule. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Easy Rules
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-4463 HIGH POC This Week

A vulnerability classified as problematic was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ccx 400 Firmware Ccx 600 Firmware Trio 8800 Firmware Trio C60 Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-7104 HIGH POC PATCH This Week

A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical.c of the component make alltest Handler. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Heap Overflow Sqlite Fedora
NVD VulDB
CVSS 3.1
7.3
EPSS
1.2%
CVE-2023-47804 HIGH PATCH This Week

Apache OpenOffice documents can contain links that call internal macros with arbitrary arguments. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Apache Information Disclosure Openoffice
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2023-7114 HIGH This Week

Mattermost version 2.10.0 and earlier fails to sanitize deeplink paths, which allows an attacker to perform CSRF attacks against the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mattermost CSRF
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-44088 HIGH POC This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pandora FMS on all allows SQL Injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Pandora Fms
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-7150 HIGH This Week

A vulnerability classified as critical was found in Campcodes Chic Beauty Salon 20230703. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload PHP Chic Beauty Salon
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-22677 HIGH This Week

Improper Control of Generation of Code ('Code Injection') vulnerability in BinaryStash WP Booklet.1.8. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Code Injection RCE Wp Booklet
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2022-44589 HIGH This Week

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in miniOrange miniOrange's Google Authenticator - WordPress Two Factor Authentication - 2FA , Two Factor, OTP SMS and Email |. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Google WordPress Google Authenticator
NVD
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-7078 HIGH PATCH This Week

Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Miniflare
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-7080 HIGH PATCH This Week

The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation RCE SSRF Wrangler
NVD GitHub
CVSS 3.1
8.0
EPSS
0.6%
CVE-2023-51434 HIGH This Week

Some Honor products are affected by buffer overflow vulnerability, successful exploitation could cause code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow RCE Magic Ui
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-50837 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WebFactory Ltd Login Lockdown - Protect Login Form.06. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Wp Login Lockdown
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-52135 HIGH This Week

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mark Westguard WS Form LITE ws-form allows Blind SQL Injection.9.170. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-4468 HIGH This Week

A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. Rated high severity (CVSS 7.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Trio 8800 Firmware Trio C60 Lens
NVD GitHub VulDB
CVSS 3.1
7.6
EPSS
0.3%
CVE-2023-31300 HIGH This Week

An issue was discovered in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via transmission of unencrypted, cleartext. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cash Point Transport Optimizer
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-31295 HIGH This Week

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the User Profile field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cash Point Transport Optimizer
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-31294 HIGH This Week

CSV Injection vulnerability in Sesami Cash Point & Transport Optimizer (CPTO) version 6.3.8.6 (#718), allows remote attackers to obtain sensitive information via the Delivery Name field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Cash Point Transport Optimizer
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-23430 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Magichome
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23429 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Magicos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23428 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Magicos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-23427 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Magicos
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-4464 HIGH This Week

A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Ccx 400 Firmware Ccx 600 Firmware Trio 8800 Firmware Trio C60 Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
3.3%
CVE-2023-50893 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UpSolution Impreza - WordPress Website and WooCommerce Builder allows Reflected XSS.17.4. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Impreza
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-50892 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Thegem
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51373 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ian Kennerley Google Photos Gallery with Shortcodes allows Reflected XSS.0.2. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Google Google Photos Gallery With Shortcodes
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-50901 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Mega - Absolute Addons For Elementor allows Reflected XSS.3.8. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ht Mega
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51435 HIGH This Week

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Magic Ui
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51428 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magic Os
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51427 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magic Os
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-51426 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magic Os
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-23443 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magic Os
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-23442 HIGH This Week

Some Honor products are affected by type confusion vulnerability, successful exploitation could cause information leak. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Information Disclosure Magicos
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-23436 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Magicos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23435 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Magicos
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23433 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23432 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2023-23431 HIGH This Week

Some Honor products are affected by signature management vulnerability, successful exploitation could cause the forged system file overwrite the correct system file. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Nth An00 Firmware
NVD
CVSS 3.1
7.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy