Skip to main content
CVE-2023-51066 HIGH POC This Week

An authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Archive Storage Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
9.0%
CVE-2023-33472 HIGH POC This Week

An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Scada Lts
NVD
CVSS 3.1
8.8
EPSS
3.1%
CVE-2023-51063 HIGH POC This Week

QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Archive Storage Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-51065 HIGH POC This Week

Incorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Archive Storage Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-51070 HIGH POC This Week

An access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Archive Storage Manager
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-51804 HIGH POC This Week

An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SSRF Forest
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2023-52288 HIGH This Week

An issue was discovered in the flaskcode package through 0.0.8 for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Flaskcode
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-52289 HIGH This Week

An issue was discovered in the flaskcode package through 0.0.8 for Python. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Python Path Traversal Flaskcode
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-46942 HIGH PATCH This Week

Lack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Node.js Evershop
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-22142 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.10.0. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2024-0510 HIGH This Month

A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF PHP Yiqiniu
NVD VulDB
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-0480 HIGH This Month

A vulnerability was found in Taokeyun up to 1.0.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-0479 HIGH This Month

A vulnerability was found in Taokeyun up to 1.0.5. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Taokeyun
NVD VulDB
CVSS 3.1
7.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy