Skip to main content
CVE-2023-50651 CRITICAL POC Act Now

TOTOLINK X6000R v9.4.0cu.852_B20230719 was discovered to contain a remote command execution (RCE) vulnerability via the component /cgi-bin/cstecgi.cgi. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection X6000r Firmware
NVD VulDB
CVSS 3.1
9.8
EPSS
1.7%
CVE-2023-50589 CRITICAL POC Act Now

Grupo Embras GEOSIAP ERP v2.2.167.02 was discovered to contain a SQL injection vulnerability via the codLogin parameter on the login page. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Geosiap Erp
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-50578 CRITICAL POC Act Now

Mingsoft MCMS v5.2.9 was discovered to contain a SQL injection vulnerability via the categoryType parameter at /content/list.do. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Mcms
NVD
CVSS 3.1
9.8
EPSS
2.2%
CVE-2023-7175 CRITICAL POC Act Now

A vulnerability was found in Campcodes Online College Library System 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD VulDB
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-52252 CRITICAL POC Act Now

Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Unified Remote
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
1.1%
CVE-2023-41544 CRITICAL POC Act Now

SSTI injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to execute arbitrary code via crafted HTTP request to the /jmreport/loadTableData component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Jeecg Boot
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2023-41543 CRITICAL POC Act Now

SQL injection vulnerability in jeecg-boot v3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the component /sys/replicate/check. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-41542 CRITICAL POC Act Now

SQL injection vulnerability in jeecg-boot version 3.5.3, allows remote attackers to escalate privileges and obtain sensitive information via the jmreport/qurestSql component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Jeecg Boot
NVD
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-7179 HIGH POC This Week

A vulnerability, which was classified as critical, was found in Campcodes Online College Library System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-7177 HIGH POC This Week

A vulnerability classified as critical was found in Campcodes Online College Library System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-7176 HIGH POC This Week

A vulnerability classified as critical has been found in Campcodes Online College Library System 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD VulDB
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-50110 HIGH POC This Week

TestLink through 1.9.20 allows type juggling for authentication bypass because === is not used. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Testlink
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-7181 HIGH POC This Week

A vulnerability was found in Muyun DedeBIZ up to 6.2.12 and classified as critical. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Dedebiz
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.8%
CVE-2023-7178 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in Campcodes Online College Library System 1.0.php of the component HTTP POST Request Handler. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online College Library System
NVD VulDB
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-7172 HIGH POC This Week

A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Hospital Management System
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
1.5%
CVE-2023-52257 MEDIUM POC This Month

LogoBee 0.2 allows updates.php?id= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Logobee
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-52262 CRITICAL PATCH Act Now

outdoorbits little-backup-box (aka Little Backup Box) before f39f91c allows remote attackers to execute arbitrary code because the PHP extract function is used for untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE PHP Little Backup Box
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-51136 CRITICAL Act Now

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRebootSchedule. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow X2000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-51135 CRITICAL Act Now

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formPasswordSetup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow X2000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-51133 CRITICAL Act Now

TOTOLINK X2000R Gh v1.0.0-B20230221.0948.web was discovered to contain a stack overflow via the function formRoute. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow X2000r Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-52265 MEDIUM POC PATCH This Month

IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Idurar
NVD GitHub
CVSS 3.1
5.4
EPSS
0.4%
CVE-2023-7173 MEDIUM POC This Month

A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Hospital Management System
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
1.5%
CVE-2023-49299 HIGH PATCH This Week

Improper Input Validation vulnerability in Apache DolphinScheduler. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Dolphinscheduler
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2023-7180 MEDIUM POC This Month

A vulnerability has been found in Tongda OA 2017 up to 11.9 and classified as critical. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Office Anywhere
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-6998 HIGH This Week

Improper privilege management vulnerability in CoolKit Technology eWeLink on Android and iOS allows application lockscreen bypass.2.0. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Google Authentication Bypass Ewelink
NVD
CVSS 3.1
7.7
EPSS
0.2%
CVE-2023-52264 MEDIUM PATCH This Month

The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

PHP XSS Bees Blog
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-52263 MEDIUM PATCH This Month

Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.

Open Redirect Browser
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-38023 MEDIUM This Month

An issue was discovered in SCONE Confidential Computing Platform before 5.8.0 for Intel SGX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Intel Scone
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38022 MEDIUM This Month

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.29 for Intel SGX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Confidential Computing Manager
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-38021 MEDIUM This Month

An issue was discovered in Fortanix EnclaveOS Confidential Computing Manager (CCM) Platform before 3.32 for Intel SGX. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Authentication Bypass Confidential Computing Manager
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-50559 MEDIUM This Month

An issue was discovered in XiangShan v2.1, allows local attackers to obtain sensitive information via the L1D cache. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Xiangshan
NVD GitHub
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-50550 MEDIUM PATCH This Month

layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Layui
NVD
CVSS 3.1
5.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy