Skip to main content
CVE-2023-22477 HIGH POC PATCH This Week

Mercurius is a GraphQL adapter for Fastify. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Mercurius
NVD GitHub
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22472 HIGH PATCH This Week

Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Microsoft CSRF Nextcloud Desktop
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-0036 HIGH This Week

platform_callback_stub in misc subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0035 HIGH This Week

softbus_client_stub in communication subsystem within OpenHarmony-v3.0.5 and prior versions has an authentication bypass vulnerability which allows an "SA relay attack".Local attackers can bypass. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Openharmony
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-0125 MEDIUM This Month

A vulnerability was found in Control iD Gerencia Web 1.30. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Control Id Panel
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2023-22473 LOW POC PATCH Monitor

Talk-Android enables users to have video & audio calls through Nextcloud on Android. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Google Authentication Bypass Nextcloud Talk
NVD GitHub
CVSS 3.1
2.1
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy