Skip to main content
CVE-2023-22726 HIGH POC PATCH This Week

act is a project which allows for local running of github actions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Path Traversal File Upload Privilege Escalation Act
NVD GitHub
CVSS 3.1
8.8
EPSS
1.3%
CVE-2023-23492 HIGH POC THREAT This Week

The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Login With Phone Number
NVD
CVSS 3.1
8.8
EPSS
57.1%
CVE-2023-23490 HIGH POC This Week

The Survey Maker WordPress Plugin, version < 3.1.2, is affected by an authenticated SQL injection vulnerability in the 'surveys_ids' parameter of its 'ays_surveys_export_json' action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Survey Maker
NVD
CVSS 3.1
8.8
EPSS
2.3%
CVE-2023-23596 HIGH POC THREAT This Week

jc21 NGINX Proxy Manager through 2.9.19 allows OS command injection. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Nginx Nginx Proxy Manager
NVD GitHub
CVSS 3.1
8.8
EPSS
15.2%
CVE-2023-23145 HIGH POC PATCH This Week

GPAC version 2.2-rev0-gab012bbfb-master was discovered to contain a memory leak in lsr_read_rare_full function. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-23143 HIGH POC PATCH This Week

Buffer overflow vulnerability in function avc_parse_slice in file media_tools/av_parsers.c. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Gpac
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2023-0052 HIGH This Week

SAUTER Controls Nova 200-220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Nova 220 Eyk220F001 Firmware Nova 230 Eyk230F001 Firmware Nova 106 Eyk300F001 Firmware Modunet300 Ey Am300F001 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-0101 HIGH PATCH This Week

A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Nessus
NVD
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-23691 HIGH This Week

Dell EMC PV ME5, versions ME5.1.0.0.0 and ME5.1.0.1.0, contains a Client-side desync Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Request Smuggling Dell Powervault Me5012 Firmware Powervault Me5024 Firmware +1
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2023-20038 HIGH This Week

A vulnerability in the monitoring application of Cisco Industrial Network Director could allow an authenticated, local attacker to access a static secret key used to store both local data and. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Industrial Network Director
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-20010 HIGH This Week

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco SQLi Unified Communications Manager
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2023-20020 HIGH This Week

A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Broadworks Application Delivery Platform Device Management Broadworks Xtended Services Platform
NVD
CVSS 3.1
8.6
EPSS
0.9%
CVE-2021-37500 HIGH This Week

Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Reprise License Manager
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
1.2%
CVE-2020-25502 HIGH This Week

Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and above has a DLL hijacking vulnerability, which could allow a local attacker to execute code with. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Endpoint Detection And Response
NVD VulDB
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-24025 HIGH This Week

CRYSTALS-DILITHIUM (in Post-Quantum Cryptography Selected Algorithms 2022) in PQClean d03da30 may allow universal forgeries of digital signatures via a template side-channel attack because of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Pqclean
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-24021 HIGH PATCH This Week

Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Modsecurity Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-22339 HIGH PATCH This Week

Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Conprosys Hmi System
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-22331 HIGH PATCH This Week

Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Conprosys Hmi System
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-20044 HIGH This Week

A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Cx Cloud Agent
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2023-20045 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV160 and RV260 Series VPN Routers could allow an authenticated, remote attacker to execute arbitrary commands on the. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv160 Vpn Router Firmware Rv160W Wireless Ac Vpn Router Firmware Rv260 Vpn Router Firmware +1
NVD
CVSS 3.1
7.2
EPSS
1.0%
CVE-2023-20026 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042, RV042G, RV082, RV320 and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco Command Injection Rv016 Firmware Rv042 Firmware Rv042G Firmware +1
NVD
CVSS 3.1
7.2
EPSS
1.3%
CVE-2023-20007 HIGH This Week

A vulnerability in the web-based management interface of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Buffer Overflow Cisco Denial Of Service Rv340 Firmware +3
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2023-20008 HIGH This Week

A vulnerability in the CLI of Cisco TelePresence CE and RoomOS Software could allow an authenticated, local attacker to overwrite arbitrary files on the local system of an affected device. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Cisco Information Disclosure Roomos Telepresence Collaboration Endpoint Telepresence Tc
NVD
CVSS 3.1
7.1
EPSS
0.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy