Skip to main content
CVE-2023-23637 HIGH POC PATCH This Week

IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Impatient
NVD GitHub
CVSS 3.1
7.6
EPSS
0.6%
CVE-2023-22499 HIGH POC PATCH This Week

Deno is a runtime for JavaScript and TypeScript that uses V8 and is built in Rust. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Race Condition Information Disclosure Deno
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-0332 HIGH POC This Week

A vulnerability was found in SourceCodester Online Food Ordering System 2.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Online Food Ordering System
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.3%
CVE-2023-22731 HIGH PATCH This Week

Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection PHP Shopware
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-22286 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft CSRF Maho Pbx Netdevancer Firmware Maho Pbx Netdevancer Vsg Firmware Maho Pbx Netdevancer Mobilegate Firmware
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2023-22304 HIGH This Week

OS command injection vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker who can access product settings to execute an arbitrary OS. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Pix Rt100 Firmware
NVD
CVSS 3.1
8.0
EPSS
0.9%
CVE-2023-22366 HIGH This Week

CX-Motion-MCH v2.32 and earlier contains an access of uninitialized pointer vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Information Disclosure Cx Motion Mch Firmware
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-22734 HIGH PATCH This Week

Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22730 HIGH PATCH This Week

Shopware is an open source commerce platform based on Symfony Framework and Vue js. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Shopware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-0122 HIGH PATCH This Week

A NULL pointer dereference vulnerability in the Linux kernel NVMe functionality, in nvmet_setup_auth(), allows an attacker to perform a Pre-Auth Denial of Service (DoS) attack on a remote machine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-23749 HIGH This Week

The 'LDAP Integration with Active Directory and OpenLDAP - NTLM & Kerberos Login' extension is vulnerable to LDAP Injection since is not properly sanitizing the 'username' POST parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Ldap Integration With Active Directory And Openldap
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22624 HIGH This Week

Zoho ManageEngine Exchange Reporter Plus before 5708 allows attackers to conduct XXE attacks. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Zoho Microsoft Manageengine Exchange Reporter Plus
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2023-22875 HIGH This Week

IBM QRadar SIEM 7.4 and 7.5copies certificate key files used for SSL/TLS in the QRadar web user interface to managed hosts in the deployment that do not require that key. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-0158 HIGH This Week

NLnet Labs Krill supports direct access to the RRDP repository content through its built-in web server at the "/rrdp" endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Krill
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-22280 HIGH This Week

MAHO-PBX NetDevancer Lite/Uni/Pro/Cloud prior to Ver.1.11.00, MAHO-PBX NetDevancer VSG Lite/Uni prior to Ver.1.11.00, and MAHO-PBX NetDevancer MobileGate Home/Office prior to Ver.1.11.00 allow a. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Microsoft Maho Pbx Netdevancer Firmware Maho Pbx Netdevancer Vsg Firmware Maho Pbx Netdevancer Mobilegate Firmware
NVD
CVSS 3.1
7.2
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy