Skip to main content
CVE-2022-47966 CRITICAL POC KEV PATCH THREAT Act Now

Multiple Zoho ManageEngine on-premise products allow unauthenticated remote code execution through SAML SSO functionality due to use of a vulnerable Apache XML Security library, massively exploited in January 2023.

NVD GitHub
CVSS 3.1
9.8
EPSS
94.4%
Threat
9.8
CVE-2023-22809 HIGH POC THREAT Act Now

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Sudo Debian Linux Fedora macOS
NVD Exploit-DB
CVSS 3.1
7.8
EPSS
55.4%
CVE-2023-21839 HIGH POC KEV PATCH THREAT Act Now

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Oracle Deserialization Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
99.8%
CVE-2023-0164 HIGH POC This Week

OrangeScrum version 2.0.11 allows an authenticated external attacker to execute arbitrary commands on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Orangescrum
NVD GitHub
CVSS 3.1
8.8
EPSS
1.4%
CVE-2021-36630 HIGH POC This Week

DDOS reflection amplification vulnerability in eAut module of Ruckus Wireless SmartZone controller that allows remote attackers to perform DOS attacks via crafted request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Sz 300 Firmware Sz 144 Firmware Sz 100 Firmware Vsz Firmware
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
2.4%
CVE-2023-21608 HIGH POC KEV THREAT This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Use After Free Adobe RCE Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
61.5%
CVE-2023-0358 HIGH POC PATCH This Week

Use After Free in GitHub repository gpac/gpac prior to 2.3.0-DEV. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Use After Free Denial Of Service Memory Corruption Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2020-22007 MEDIUM POC This Month

OS Command Injection vulnerability in OKER G955V1 v1.03.02.20161128, allows physical attackers to interrupt the boot sequence and execute arbitrary commands with root privileges. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Authentication Bypass G955V1 Firmware
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
2.3%
CVE-2023-0214 MEDIUM POC This Month

A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Skyhigh Secure Web Gateway
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.9%
CVE-2023-21890 CRITICAL PATCH Act Now

Vulnerability in the Oracle Communications Converged Application Server product of Oracle Communications (component: Core). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Oracle Code Injection Communications Converged Application Server
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2023-0242 HIGH PATCH This Week

Rapid7 Velociraptor allows users to be created with different privileges on the server. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Velociraptor
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-21848 HIGH PATCH This Week

Vulnerability in the Oracle Communications Convergence product of Oracle Communications Applications (component: Admin Configuration). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Oracle Communications Convergence
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-21846 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-21832 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Security). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2023-21886 HIGH PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Oracle Code Injection Vm Virtualbox
NVD
CVSS 3.1
8.1
EPSS
1.2%
CVE-2023-21862 HIGH PATCH This Week

Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware (component: XML Security component). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This XML External Entity (XXE) vulnerability could allow attackers to read arbitrary files or perform SSRF through XML processing.

Oracle XXE Authentication Bypass Web Services Manager
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2023-21828 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Reporting And Analytics
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-22592 HIGH PATCH This Week

IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Authentication Bypass IBM Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-21612 HIGH This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Acrobat Dc Acrobat Reader Dc Acrobat +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21611 HIGH This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Creation of Temporary File in Directory with Incorrect. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Adobe Acrobat Dc Acrobat Reader Dc Acrobat +1
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-21610 HIGH This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Adobe RCE Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2023-21609 HIGH This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.1%
CVE-2023-21607 HIGH This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Improper Input Validation vulnerability that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Adobe Acrobat Dc Acrobat Reader Dc Acrobat +1
NVD
CVSS 3.1
7.8
EPSS
4.7%
CVE-2023-21606 HIGH This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Adobe RCE Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2023-21605 HIGH This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Adobe Heap Overflow Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2023-21604 HIGH This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Adobe RCE Acrobat Dc +3
NVD
CVSS 3.1
7.8
EPSS
2.6%
CVE-2023-21579 HIGH This Week

Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by an Integer Overflow or Wraparound vulnerability that could result. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Adobe Acrobat Dc Acrobat Reader Dc +2
NVD
CVSS 3.1
7.8
EPSS
4.9%
CVE-2023-21826 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Hospitality Reporting And Analytics
NVD
CVSS 3.1
7.6
EPSS
0.5%
CVE-2023-0040 HIGH This Week

Versions of Async HTTP Client prior to 1.13.2 are vulnerable to a form of targeted request manipulation called CRLF injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection Async Http Client
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21893 HIGH PATCH This Week

Vulnerability in the Oracle Data Provider for .NET component of Oracle Database Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft Oracle Authentication Bypass Database Server
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-21858 HIGH PATCH This Week

Vulnerability in the Oracle Collaborative Planning product of Oracle E-Business Suite (component: Installation). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Collaborative Planning
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21857 HIGH PATCH This Week

Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Auomated Test Suite). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Hcm Common Architecture
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21856 HIGH PATCH This Week

Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Oracle Authentication Bypass Isetup
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21855 HIGH PATCH This Week

Vulnerability in the Oracle Sales for Handhelds product of Oracle E-Business Suite (component: Pocket Outlook Sync(PocketPC)). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Oracle Authentication Bypass Sales For Handhelds
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21854 HIGH PATCH This Week

Vulnerability in the Oracle Sales Offline product of Oracle E-Business Suite (component: Core Components). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Sales Offline
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21853 HIGH PATCH This Week

Vulnerability in the Oracle Mobile Field Service product of Oracle E-Business Suite (component: Synchronization). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Mobile Field Service
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21852 HIGH PATCH This Week

Vulnerability in the Oracle Learning Management product of Oracle E-Business Suite (component: Setup). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Learning Management
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21851 HIGH PATCH This Week

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Marketing
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21850 HIGH PATCH This Week

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Demantra Demand Management
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-21849 HIGH This Week

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite (component: Java utils). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Java Oracle Authentication Bypass E Business Suite
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-21842 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-21841 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-21838 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-21837 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authentication for Critical Function vulnerability could allow attackers to access critical functionality without authentication.

Oracle Authentication Bypass Weblogic Server
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-21894 HIGH PATCH This Week

Vulnerability in the Oracle Global Lifecycle Management NextGen OUI Framework product of Oracle Fusion Middleware (component: NextGen Installer issues). Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Oracle Authentication Bypass Global Lifecycle Management Nextgen Oui Framework
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-21868 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-21860 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: Internal Operations). Rated medium severity (CVSS 6.3).

Oracle Authentication Bypass Mysql Cluster
NVD
CVSS 3.1
6.3
EPSS
0.6%
CVE-2023-21829 MEDIUM PATCH This Month

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Database
NVD
CVSS 3.1
6.3
EPSS
0.4%
CVE-2023-22863 MEDIUM PATCH This Month

IBM Robotic Process Automation 20.12.0 through 21.0.2 defaults to HTTP in some RPA commands when the prefix is not explicitly specified in the URL. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure IBM Robotic Process Automation Robotic Process Automation As A Service Robotic Process Automation For Cloud Pak
NVD
CVSS 3.1
5.9
EPSS
0.4%
CVE-2023-21875 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable.

Oracle Denial Of Service MySQL
NVD
CVSS 3.1
5.9
EPSS
1.5%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy