Skip to main content
CVE-2023-51812 CRITICAL POC Act Now

Tenda AX3 v16.03.12.11 was discovered to contain a remote code execution (RCE) vulnerability via the list parameter at /goform/SetNetControlList. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Tenda RCE Ax3 Firmware
NVD
CVSS 3.1
9.8
EPSS
2.6%
CVE-2023-51154 CRITICAL POC Act Now

Jizhicms v2.5 was discovered to contain an arbitrary file download vulnerability via the component /admin/c/PluginsController.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Jizhicms
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49666 CRITICAL POC Act Now

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50752 CRITICAL POC Act Now

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Notice Board System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50867 CRITICAL POC Act Now

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Travel Website
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50866 CRITICAL POC Act Now

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Travel Website
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50865 CRITICAL POC Act Now

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Travel Website
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50864 CRITICAL POC Act Now

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Travel Website
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50863 CRITICAL POC Act Now

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Travel Website
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50862 CRITICAL POC Act Now

Travel Website v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Travel Website
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50753 CRITICAL POC Act Now

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Notice Board System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50743 CRITICAL POC Act Now

Online Notice Board System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Notice Board System
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49658 CRITICAL POC Act Now

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49625 CRITICAL POC Act Now

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49665 CRITICAL POC Act Now

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49639 CRITICAL POC Act Now

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49633 CRITICAL POC Act Now

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49624 CRITICAL POC Act Now

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-49622 CRITICAL POC Act Now

Billing Software v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Billing Software
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2023-50760 HIGH POC This Week

Online Notice Board System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'f' parameter of user/update_profile_pic.php page, allowing an authenticated attacker to obtain Remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload RCE PHP Online Notice Board System
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-0241 HIGH POC PATCH This Week

encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Encodedid
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-50082 HIGH POC This Week

Aoyun Technology pbootcms V3.1.2 is vulnerable to Incorrect Access Control, allows remote attackers to gain sensitive information via session leakage allows a user to avoid logging into the backend. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pbootcms
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-22051 CRITICAL PATCH Act Now

CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow RCE Cmark Gfm Commonmarker
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
7.1%
CVE-2023-3726 MEDIUM POC This Month

OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ocsinventory Ocsreports
NVD
CVSS 3.1
6.9
EPSS
0.1%
CVE-2023-29962 MEDIUM POC This Month

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal S Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-50630 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in xiweicheng TMS v.2.28.0 allows a remote attacker to execute arbitrary code via a crafted script to the click here function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS RCE Teamwork Management System
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2024-22049 MEDIUM POC PATCH This Month

httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Debian Linux Fedora Httparty
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
1.2%
CVE-2021-40367 HIGH This Week

A vulnerability has been identified in syngo fastView (All versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Syngo Fastview
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2021-42028 HIGH This Week

A vulnerability has been identified in syngo fastView (All versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Syngo Fastview
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2021-45465 HIGH This Week

A vulnerability has been identified in syngo fastView (All versions). Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Syngo Fastview
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-22050 HIGH PATCH This Week

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Path Traversal Iodine
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-2081 HIGH This Week

A vulnerability exists in the HCI Modbus TCP function included in the product versions listed above. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Rtu520 Firmware Rtu530 Firmware Rtu540 Firmware +1
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-6270 HIGH This Week

A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. Rated high severity (CVSS 7.0). No vendor patch available.

Use After Free Linux Memory Corruption Denial Of Service RCE +3
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2023-41784 MEDIUM This Month

Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro. Rated medium severity (CVSS 6.6). No vendor patch available.

Zte Privilege Escalation Redmagic 8 Pro Firmware
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2023-6733 MEDIUM PATCH This Month

The WP-Members Membership Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.4.8 via the wpmem_field shortcode. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2024-22048 MEDIUM PATCH This Month

govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Govuk Tech Docs
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
2.1%
CVE-2023-7044 MEDIUM PATCH This Month

The Essential Addons for Elementor - Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom ID in all versions up. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Elementor
NVD VulDB
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-52322 MEDIUM PATCH This Month

ecrire/public/assembler.php in SPIP before 4.1.13 and 4.2.x before 4.2.7 allows XSS because input from _request() is not restricted to safe characters such as alphanumerics. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS PHP Spip
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2023-6944 MEDIUM PATCH This Month

A flaw was found in the Red Hat Developer Hub (RHDH). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Gitlab Information Disclosure Red Hat Developer Hub Backstage
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-6551 MEDIUM This Month

As a simple library, class.upload.php does not perform an in-depth check on uploaded files, allowing a stored XSS vulnerability when the default configuration is used. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

File Upload XSS PHP Class Upload Php
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-6738 MEDIUM PATCH This Month

The Page Builder: Pagelayer - Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'pagelayer_header_code', 'pagelayer_body_open_code', and. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD VulDB
CVSS 3.1
5.4
EPSS
0.1%
CVE-2022-3864 MEDIUM This Month

A vulnerability exists in the Relion update package signature validation. Rated medium severity (CVSS 4.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Relion 650 Firmware Relion 670 Firmware Relion Sam600 Io Firmware
NVD
CVSS 3.1
4.5
EPSS
0.0%
CVE-2023-6498 MEDIUM PATCH This Month

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress
NVD VulDB
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-6992 MEDIUM PATCH This Month

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required.

Buffer Overflow Denial Of Service Zlib Cloudflare
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2024-22047 LOW PATCH Monitor

A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable.

Race Condition Information Disclosure Audited
NVD GitHub
CVSS 3.1
3.1
EPSS
0.9%
CVE-2024-21636 MEDIUM POC PATCH This Month

view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS View Component
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2024-21625 HIGH This Month

SideQuest is a place to get virtual reality applications for Oculus Quest. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Sidequest
NVD GitHub
CVSS 3.1
8.8
EPSS
0.9%
CVE-2024-0225 HIGH This Month

Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-0224 HIGH This Month

Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Use After Free Google Denial Of Service Chrome +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2024-0223 HIGH This Month

Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Google Chrome Fedora
NVD
CVSS 3.1
8.8
EPSS
9.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy