Skip to main content
CVE-2023-22952 HIGH POC KEV THREAT Act Now

In SugarCRM before 12.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP Sugarcrm
NVD
CVSS 3.1
8.8
EPSS
80.3%
CVE-2023-22959 HIGH POC THREAT This Week

WebChess through 0.9.0 and 1.0.0.rc2 allows SQL injection: mainmenu.php, chess.php, and opponentspassword.php (txtFirstName, txtLastName). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Webchess
NVD GitHub
CVSS 3.1
8.8
EPSS
13.7%
CVE-2023-22947 HIGH POC This Week

Insecure folder permissions in the Windows installation path of Shibboleth Service Provider (SP) before 3.4.1 allow an unprivileged local attacker to escalate privileges to SYSTEM via DLL planting in. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Microsoft Service Provider
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-22958 MEDIUM POC This Month

The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Atlassian Open Redirect Secure Login
NVD GitHub
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-22487 MEDIUM POC PATCH This Month

Flarum is a forum software for building communities. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Authentication Bypass Flarum
NVD GitHub
CVSS 3.1
4.3
EPSS
0.7%
CVE-2023-20531 HIGH This Week

Insufficient bound checks in the SMU may allow an attacker to update the SRAM from/to address space to an invalid value potentially resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware +47
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20530 HIGH This Week

Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Epyc 7003 Firmware Epyc 72F3 Firmware Epyc 7313 Firmware Epyc 7313P Firmware +20
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20529 HIGH This Week

Insufficient bound checks in the SMU may allow an attacker to update the from/to address space to an invalid value potentially resulting in a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware +47
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20522 HIGH This Week

Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Milanpi Firmware Romepi Firmware
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-20527 MEDIUM This Month

Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +60
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-20525 MEDIUM This Month

Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-22492 MEDIUM PATCH This Month

ZITADEL is a combination of Auth0 and Keycloak. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Zitadel
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2023-20523 MEDIUM This Month

TOCTOU in the ASP may allow a physical attacker to write beyond the buffer bounds, potentially leading to a loss of integrity or denial of service. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
5.7
EPSS
0.2%
CVE-2023-20532 MEDIUM This Month

Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2023-22963 MEDIUM This Month

The personnummer implementation before 3.0.3 for Dart mishandles numbers in which the last four digits match the ^000[0-9]$ regular expression. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Personnummer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-22945 MEDIUM PATCH This Month

In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Authentication Bypass Mediawiki Fedora
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2023-20528 LOW Monitor

Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Epyc 7H12 Firmware Epyc 7F72 Firmware Epyc 7F52 Firmware Epyc 7F32 Firmware +46
NVD
CVSS 3.1
2.4
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy